httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Mearns <mearn...@gmail.com>
Subject Re: [users@httpd]
Date Tue, 10 Nov 2009 15:52:18 GMT
On Tue, Nov 10, 2009 at 8:28 AM, Eric Covener <covener@gmail.com> wrote:
> On Tue, Nov 10, 2009 at 8:19 AM, Stephen Love <stephenlove@juno.com> wrote:
>> I have set up a routine in my server that logs all incoming IP addresses and
>> parses for duplicates in the same list. HOWEVER...a person posting almost
>> NEVER has the same address. I believe I am not using the actual IP Address
>> at all. What I WANT is the actual SERIAL NUMBER (If you could call it that!)
>> of the HARDWARE (Network Adapter) actually sending the message, or its REPLY
>> TO address... the address it is COMMUNICATING FROMĀ in order to actually send
>> the message. I am SURE if it is to establish a 2-way link to send and
>> confirmĀ  the message, the receiving end HAS that info, buried deep within
>> what it receives. HOW can I get that, so that the route steps inbetween do
>> not matter?
>
> You don't have access to their MAC address or any other universal
> identifier, no matter how much you use the shift key.
>
> --
> Eric Covener
> covener@gmail.com
>
[clip]

As Eric says, what you're looking for is a MAC address which is a
universally unique identifier that every network device has (though I
think even here, "universally unique" might have some qualifying
conditions). MAC addresses are used in very low level protocols (link
layer protocols, I believe) to send packets to specific devices. MAC
addresses are for point-to-point communications, not end-to-end. You
could set up a packet sniffer, like Wireshark, and capture the source
MAC addresses of incoming packets, but that would probably just give
you the MAC address of your router or modem.

As you've discovered, IP addresses are not valid ways to identify end
users. Most residential internet access is done through a dynamic IP
address, meaning their ISP can change their IP address whenever it
wants. Further, a lot of people access the web through proxy servers,
so that a large number of end users are seen as the same IP address,
and others access through proxy pools or networks like Tor so that the
same person may have a different IP address for every request they
make.

It sounds like what you're looking for is a way to track your
visitors. Google Analytics is a pretty good free service for doing
exactly that, or you can set up your own similar system. The way these
things work is by using cookies to track individual browsers. But of
course, a lot of people don't use cookies. Further, if you're worried
about active menace, cookies are terribly insecure unless you're using
secure connections (and even then through various types of attack), so
a malicious user could snoop other people's cookies and submit it with
their own request, making it look like the request came from the other
user.

If you want to do more strict tracking, something along the lines of
"sorry, you already voted, and you can only vote once.", you'll need
to get much more sophisticated. Some sort of user-authentication
(i.e., "log in") is a must for this, and you'll need to be very
careful about people snooping cookies and log-in date (like, only use
secure HTTPS connections).

-Brian

-- 
Feel free to contact me using PGP Encryption:
Key Id: 0x3AA70848
Available from: http://keys.gnupg.net

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message