Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ Enhancement Requests
Author Message
kibosh
New Member
New Member


Joined: Jul 23, 2007
Posts: 9

PostPosted: Sat Aug 04, 2007 8:15 am Reply with quote

Hey,

Is it possible to track and create a ban for MAC adresses?

Now Sentinel tracks all IP adresses, but most IP adresses change all the time. So blocking one user from my site is not possible because the next day his IP is changed. I'm looking for the ultimate way to block someone from my site. Yes, I'm a n00b at this but it's important to me.

All help is welcome,

Thx

Kibosh
 
View user's profile Send private message
fkelly
Former Moderator in Good Standing


Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY

PostPosted: Sat Aug 04, 2007 8:41 am Reply with quote

I don't think the MAC address comes over in the HTTP Header.
 
View user's profile Send private message Visit poster's website
Gremmie
Former Moderator in Good Standing


Joined: Apr 06, 2006
Posts: 2415
Location: Iowa, USA

PostPosted: Sat Aug 04, 2007 9:27 am Reply with quote

What fkelly said. MAC addresses are too far down in the protocol stack for http. http doesn't need or wants to know anything about them.

_________________
Only registered users can see links on this board! Get registered or login! - An Event Calendar for PHP-Nuke
Only registered users can see links on this board! Get registered or login! - A Google Maps Nuke Module 
View user's profile Send private message
kibosh
PostPosted: Sat Aug 04, 2007 5:10 pm Reply with quote

I was afraid of that. Guess there is no way then to block a user from your site except with the ip ... that changes all the time. Crying or Very sad
 
fkelly
PostPosted: Sat Aug 04, 2007 6:09 pm Reply with quote

If you can find a string in their header ... like mail.ru ... you can use the string blocker. Look at what they are doing in IP tracking and see what you can find.
 
kibosh
PostPosted: Sun Aug 05, 2007 3:52 am Reply with quote

fkelly wrote:
If you can find a string in their header ... like mail.ru ... you can use the string blocker. Look at what they are doing in IP tracking and see what you can find.


hmm, you have my attention. Can you give some more details what you mean?

Thx in advance
 
fkelly
PostPosted: Sun Aug 05, 2007 7:31 am Reply with quote

Just go into blocker configuration, string blockers and put something like mail.ru in to block. Activate the string blocker if it's not.

Turn IP tracking on and look at what's going on on your system. It's kind of like an accesslog on steroids. If you see patterns of "suspicious" activity look for common strings in them (that don't occur in normal activity) and use string blocker to block them. Or just block the individual IP's who are doing the hacking, though they will find another IP to use probably.
 
kibosh
PostPosted: Sun Aug 05, 2007 9:27 am Reply with quote

Ah, well I looked in what you said but the thing is: That one guy that I want to block is just some ***** stealing our posts from our forums.

So it's just him I want to block. He doesn't know anything about hacking so... Just his IP changes. There won't be any strange activity...

But thanx already. I learned something more.
 
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9449
Location: Arizona

PostPosted: Mon Aug 06, 2007 5:45 am Reply with quote

kibosh, depending upon how he is doing this "stealing", if you can determine what his User Agent is you can ban him using the Harvester blocker, or, better yet, use .htaccess directly to deny his user agent (without worrying about the IP address) using something like this:

RewriteCond %{HTTP_USER_AGENT} ^Yahoo!\ Slurp\ China [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus
RewriteRule ^.*$ Only registered users can see links on this board! Get registered or login! [R,L]

I included two examples to show you how you can use an "OR" condition to add additional user agents.

You will have to track him down via your access logs to find the user agent to trap on.

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
kibosh
PostPosted: Mon Aug 06, 2007 10:47 am Reply with quote

montego wrote:
kibosh, depending upon how he is doing this "stealing", if you can determine what his User Agent is you can ban him using the Harvester blocker, or, better yet, use .htaccess directly to deny his user agent (without worrying about the IP address) using something like this:

RewriteCond %{HTTP_USER_AGENT} ^Yahoo!\ Slurp\ China [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus
RewriteRule ^.*$ Only registered users can see links on this board! Get registered or login! [R,L]

I included two examples to show you how you can use an "OR" condition to add additional user agents.

You will have to track him down via your access logs to find the user agent to trap on.


Ok, lost you completely there. I'm a n00b at all this Shocked

What do you exactly mean with a user agent? As far as I know he just uses IE (like me) and he has the same provider as me (telenet in Belgium). Don't know exactly what you mean with the user agent??? Or if there is gonna be a difference with what I'm using or all other members. I don't want to block out all others. Just him

About the stealing. It's just annoying. He search our forums for new info and then copy paste it to his.
My mate and me spend a lot of time searching the net for all kinds of info. New games, hardware etc... We also want to keep the forum open, even for non members, to share the info that we found. (And only could find because others wanted to share it also).

So it's a dillemma we are facing. Close the forums for visitors, or keep it open but seeing that annoying ***** stealing. (Yep, it's also kinda personnal to be able to block him Wink )
 
montego
PostPosted: Mon Aug 06, 2007 6:33 pm Reply with quote

Well, if he is doing this manually, then, don't both with the User Agent. I was thinking he was stealing the whole site (trying to anyways) or forums. I would try banning his IP address in NukeSentinel at a higher node level. For example, instead of banning 199.199.199.2 you could try 199.199.199.* or 199.199.*.

Now, granted, you could end up banning more people than you want, but you have to weigh the pros/cons and make the "call".
 
evaders99
Former Moderator in Good Standing


Joined: Apr 30, 2004
Posts: 3221

PostPosted: Mon Aug 06, 2007 8:28 pm Reply with quote

You see though, he's on the same network Smile
Sadly there's little you can do about it.

Either don't make it public, or don't post it at all. Because a determined thief will certainly find it and steal it. Really the only path is a legal route, and that's a long shot too. Unless you can claim real damages, you probably won't get anything.

_________________
- Only registered users can see links on this board! Get registered or login! -

Need help? Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
montego
PostPosted: Mon Aug 06, 2007 8:45 pm Reply with quote

evaders99 wrote:
You see though, he's on the same network.


Sorry Evaders, but I could not find any indication in the above posts as such, unless I am just blind (which isn't too far fetched). So, sorry if I misled at all. I was just giving an example of how it could be done. However, as you say, if he's on the same subnet(s), I guess its a moot point.
 
evaders99
PostPosted: Mon Aug 06, 2007 9:34 pm Reply with quote

Quote:

As far as I know he just uses IE (like me) and he has the same provider as me (telenet in Belgium).


Could not be the same subnet, but maybe it is. I wouldn't go blocking an entire range unless you're sure you have no other users in that range
 
montego
PostPosted: Mon Aug 06, 2007 10:21 pm Reply with quote

Ah, the younger set of eyes and clearer head. Thanks Evaders!
 
kibosh
PostPosted: Tue Aug 07, 2007 11:40 am Reply with quote

Hey guy's, thx for the replies. I also think the only option would be to block a range, but then I'll be blocking more people then I want. I guess I'll have to life with it.

Thanx for trying anyway. Cheers

Maybe I run into him on the streets boxingself
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> NukeSentinel™ Enhancement Requests

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©