MAC Adress

New Member Joined: Jul 23, 2007 Posts: 9

Hey,

Is it possible to track and create a ban for MAC adresses?

Now Sentinel tracks all IP adresses, but most IP adresses change all the time. So blocking one user from my site is not possible because the next day his IP is changed. I'm looking for the ultimate way to block someone from my site. Yes, I'm a n00b at this but it's important to me.

All help is welcome,

Thx

Kibosh

Posted: Sat Aug 04, 2007 8:41 am

I don't think the MAC address comes over in the HTTP Header.

Posted: Sat Aug 04, 2007 9:27 am

What fkelly said. MAC addresses are too far down in the protocol stack for http. http doesn't need or wants to know anything about them.

Posted: Sat Aug 04, 2007 5:10 pm

I was afraid of that. Guess there is no way then to block a user from your site except with the ip ... that changes all the time. Crying or Very sad

Posted: Sat Aug 04, 2007 6:09 pm

If you can find a string in their header ... like mail.ru ... you can use the string blocker. Look at what they are doing in IP tracking and see what you can find.

Posted: Sun Aug 05, 2007 3:52 am

fkelly wrote:

If you can find a string in their header ... like mail.ru ... you can use the string blocker. Look at what they are doing in IP tracking and see what you can find.

hmm, you have my attention. Can you give some more details what you mean?

Thx in advance

Posted: Sun Aug 05, 2007 7:31 am

Just go into blocker configuration, string blockers and put something like mail.ru in to block. Activate the string blocker if it's not.

Turn IP tracking on and look at what's going on on your system. It's kind of like an accesslog on steroids. If you see patterns of "suspicious" activity look for common strings in them (that don't occur in normal activity) and use string blocker to block them. Or just block the individual IP's who are doing the hacking, though they will find another IP to use probably.

Posted: Sun Aug 05, 2007 9:27 am

Ah, well I looked in what you said but the thing is: That one guy that I want to block is just some ***** stealing our posts from our forums.

So it's just him I want to block. He doesn't know anything about hacking so... Just his IP changes. There won't be any strange activity...

But thanx already. I learned something more.

Posted: Mon Aug 06, 2007 5:45 am

kibosh, depending upon how he is doing this "stealing", if you can determine what his User Agent is you can ban him using the Harvester blocker, or, better yet, use .htaccess directly to deny his user agent (without worrying about the IP address) using something like this:

RewriteCond %{HTTP_USER_AGENT} ^Yahoo!\ Slurp\ China [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus
RewriteRule ^.*$ [ Only registered users can see links on this board! Get registered or login! ] [R,L]

I included two examples to show you how you can use an "OR" condition to add additional user agents.

You will have to track him down via your access logs to find the user agent to trap on.

Posted: Mon Aug 06, 2007 10:47 am

montego wrote:

kibosh, depending upon how he is doing this "stealing", if you can determine what his User Agent is you can ban him using the Harvester blocker, or, better yet, use .htaccess directly to deny his user agent (without worrying about the IP address) using something like this:

RewriteCond %{HTTP_USER_AGENT} ^Yahoo!\ Slurp\ China [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus
RewriteRule ^.*$ [ Only registered users can see links on this board! Get registered or login! ] [R,L]

I included two examples to show you how you can use an "OR" condition to add additional user agents.

You will have to track him down via your access logs to find the user agent to trap on.

Ok, lost you completely there. I'm a n00b at all this Shocked

What do you exactly mean with a user agent? As far as I know he just uses IE (like me) and he has the same provider as me (telenet in Belgium). Don't know exactly what you mean with the user agent??? Or if there is gonna be a difference with what I'm using or all other members. I don't want to block out all others. Just him

About the stealing. It's just annoying. He search our forums for new info and then copy paste it to his.
My mate and me spend a lot of time searching the net for all kinds of info. New games, hardware etc... We also want to keep the forum open, even for non members, to share the info that we found. (And only could find because others wanted to share it also).

So it's a dillemma we are facing. Close the forums for visitors, or keep it open but seeing that annoying ***** stealing. (Yep, it's also kinda personnal to be able to block him Wink

)

Posted: Mon Aug 06, 2007 6:33 pm

Well, if he is doing this manually, then, don't both with the User Agent. I was thinking he was stealing the whole site (trying to anyways) or forums. I would try banning his IP address in NukeSentinel at a higher node level. For example, instead of banning 199.199.199.2 you could try 199.199.199.* or 199.199.*.

Now, granted, you could end up banning more people than you want, but you have to weigh the pros/cons and make the "call".

Posted: Mon Aug 06, 2007 8:28 pm

You see though, he's on the same network Smile

Sadly there's little you can do about it.

Either don't make it public, or don't post it at all. Because a determined thief will certainly find it and steal it. Really the only path is a legal route, and that's a long shot too. Unless you can claim real damages, you probably won't get anything.

Posted: Mon Aug 06, 2007 8:45 pm

evaders99 wrote:

You see though, he's on the same network.

Sorry Evaders, but I could not find any indication in the above posts as such, unless I am just blind (which isn't too far fetched). So, sorry if I misled at all. I was just giving an example of how it could be done. However, as you say, if he's on the same subnet(s), I guess its a moot point.

Posted: Mon Aug 06, 2007 9:34 pm

Quote:

As far as I know he just uses IE (like me) and he has the same provider as me (telenet in Belgium).

Could not be the same subnet, but maybe it is. I wouldn't go blocking an entire range unless you're sure you have no other users in that range

Posted: Mon Aug 06, 2007 10:21 pm

Ah, the younger set of eyes and clearer head. Thanks Evaders!

Posted: Tue Aug 07, 2007 11:40 am

Hey guy's, thx for the replies. I also think the only option would be to block a range, but then I'll be blocking more people then I want. I guess I'll have to life with it.

Thanx for trying anyway. Cheers

Maybe I run into him on the streets boxingself