| Author |
Message |
kibosh
New Member
Joined: Jul 23, 2007
Posts: 9
|
 Posted:
Sat Aug 04, 2007 8:15 am |
 
|
Hey,
Is it possible to track and create a ban for MAC adresses?
Now Sentinel tracks all IP adresses, but most IP adresses change all the time. So blocking one user from my site is not possible because the next day his IP is changed. I'm looking for the ultimate way to block someone from my site. Yes, I'm a n00b at this but it's important to me.
All help is welcome,
Thx
Kibosh |
|
|
|
|
fkelly
Moderator
Joined: Aug 30, 2005
Posts: 3186
Location: near Albany NY
|
| Posted:
Sat Aug 04, 2007 8:41 am |
|
I don't think the MAC address comes over in the HTTP Header. |
|
|
|
|
Gremmie
Former Moderator in Good Standing
Joined: Apr 06, 2006
Posts: 2415
Location: Iowa, USA
|
| Posted:
Sat Aug 04, 2007 9:27 am |
|
What fkelly said. MAC addresses are too far down in the protocol stack for http. http doesn't need or wants to know anything about them. |
|
|
|
|
|
kibosh
New Member
Joined: Jul 23, 2007
Posts: 9
|
| Posted:
Sat Aug 04, 2007 5:10 pm |
|
I was afraid of that. Guess there is no way then to block a user from your site except with the ip ... that changes all the time.  |
|
|
|
|
|
fkelly
Moderator
Joined: Aug 30, 2005
Posts: 3186
Location: near Albany NY
|
| Posted:
Sat Aug 04, 2007 6:09 pm |
|
If you can find a string in their header ... like mail.ru ... you can use the string blocker. Look at what they are doing in IP tracking and see what you can find. |
|
|
|
|
|
kibosh
New Member
Joined: Jul 23, 2007
Posts: 9
|
| Posted:
Sun Aug 05, 2007 3:52 am |
|
| fkelly wrote: | | If you can find a string in their header ... like mail.ru ... you can use the string blocker. Look at what they are doing in IP tracking and see what you can find. |
hmm, you have my attention. Can you give some more details what you mean?
Thx in advance |
|
|
|
|
|
fkelly
Moderator
Joined: Aug 30, 2005
Posts: 3186
Location: near Albany NY
|
| Posted:
Sun Aug 05, 2007 7:31 am |
|
Just go into blocker configuration, string blockers and put something like mail.ru in to block. Activate the string blocker if it's not.
Turn IP tracking on and look at what's going on on your system. It's kind of like an accesslog on steroids. If you see patterns of "suspicious" activity look for common strings in them (that don't occur in normal activity) and use string blocker to block them. Or just block the individual IP's who are doing the hacking, though they will find another IP to use probably. |
|
|
|
|
|
kibosh
New Member
Joined: Jul 23, 2007
Posts: 9
|
| Posted:
Sun Aug 05, 2007 9:27 am |
|
Ah, well I looked in what you said but the thing is: That one guy that I want to block is just some ***** stealing our posts from our forums.
So it's just him I want to block. He doesn't know anything about hacking so... Just his IP changes. There won't be any strange activity...
But thanx already. I learned something more. |
|
|
|
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9136
Location: Arizona
|
| Posted:
Mon Aug 06, 2007 5:45 am |
|
kibosh, depending upon how he is doing this "stealing", if you can determine what his User Agent is you can ban him using the Harvester blocker, or, better yet, use .htaccess directly to deny his user agent (without worrying about the IP address) using something like this:
RewriteCond %{HTTP_USER_AGENT} ^Yahoo!\ Slurp\ China [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus
RewriteRule ^.*$ [R,L]
I included two examples to show you how you can use an "OR" condition to add additional user agents.
You will have to track him down via your access logs to find the user agent to trap on. |
|
|
|
|
|
kibosh
New Member
Joined: Jul 23, 2007
Posts: 9
|
| Posted:
Mon Aug 06, 2007 10:47 am |
|
| montego wrote: | kibosh, depending upon how he is doing this "stealing", if you can determine what his User Agent is you can ban him using the Harvester blocker, or, better yet, use .htaccess directly to deny his user agent (without worrying about the IP address) using something like this:
RewriteCond %{HTTP_USER_AGENT} ^Yahoo!\ Slurp\ China [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus
RewriteRule ^.*$ [R,L]
I included two examples to show you how you can use an "OR" condition to add additional user agents.
You will have to track him down via your access logs to find the user agent to trap on. |
Ok, lost you completely there. I'm a n00b at all this 
What do you exactly mean with a user agent? As far as I know he just uses IE (like me) and he has the same provider as me (telenet in Belgium). Don't know exactly what you mean with the user agent??? Or if there is gonna be a difference with what I'm using or all other members. I don't want to block out all others. Just him
About the stealing. It's just annoying. He search our forums for new info and then copy paste it to his.
My mate and me spend a lot of time searching the net for all kinds of info. New games, hardware etc... We also want to keep the forum open, even for non members, to share the info that we found. (And only could find because others wanted to share it also).
So it's a dillemma we are facing. Close the forums for visitors, or keep it open but seeing that annoying ***** stealing. (Yep, it's also kinda personnal to be able to block him  ) |
|
|
|
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9136
Location: Arizona
|
| Posted:
Mon Aug 06, 2007 6:33 pm |
|
Well, if he is doing this manually, then, don't both with the User Agent. I was thinking he was stealing the whole site (trying to anyways) or forums. I would try banning his IP address in NukeSentinel at a higher node level. For example, instead of banning 199.199.199.2 you could try 199.199.199.* or 199.199.*.
Now, granted, you could end up banning more people than you want, but you have to weigh the pros/cons and make the "call". |
|
|
|
|
|
evaders99
Former Moderator in Good Standing
Joined: Apr 30, 2004
Posts: 3221
|
| Posted:
Mon Aug 06, 2007 8:28 pm |
|
You see though, he's on the same network 
Sadly there's little you can do about it.
Either don't make it public, or don't post it at all. Because a determined thief will certainly find it and steal it. Really the only path is a legal route, and that's a long shot too. Unless you can claim real damages, you probably won't get anything. |
|
|
|
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9136
Location: Arizona
|
| Posted:
Mon Aug 06, 2007 8:45 pm |
|
| evaders99 wrote: | | You see though, he's on the same network. |
Sorry Evaders, but I could not find any indication in the above posts as such, unless I am just blind (which isn't too far fetched). So, sorry if I misled at all. I was just giving an example of how it could be done. However, as you say, if he's on the same subnet(s), I guess its a moot point. |
|
|
|
|
|
evaders99
Former Moderator in Good Standing
Joined: Apr 30, 2004
Posts: 3221
|
| Posted:
Mon Aug 06, 2007 9:34 pm |
|
| Quote: |
As far as I know he just uses IE (like me) and he has the same provider as me (telenet in Belgium).
|
Could not be the same subnet, but maybe it is. I wouldn't go blocking an entire range unless you're sure you have no other users in that range |
|
|
|
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9136
Location: Arizona
|
| Posted:
Mon Aug 06, 2007 10:21 pm |
|
Ah, the younger set of eyes and clearer head. Thanks Evaders! |
|
|
|
|
|
kibosh
New Member
Joined: Jul 23, 2007
Posts: 9
|
| Posted:
Tue Aug 07, 2007 11:40 am |
|
Hey guy's, thx for the replies. I also think the only option would be to block a range, but then I'll be blocking more people then I want. I guess I'll have to life with it.
Thanx for trying anyway. 
Maybe I run into him on the streets  |
|
|
|
|
|
|
|
|
|
![[Valid RSS]](http://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
:: 
::
