Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask

Re: Identifying clients

by serf (Chaplain)
on Dec 07, 2006 at 10:58 UTC ( #588290=note: print w/replies, xml ) Need Help??

in reply to Identifying clients

Hi ruzam,

In Re^6: Identifying clients you asked "So is my only option to literally forget the whole ip blocking strategy?" - I think the answer to this is yes.

If your application is trying to protect against unauthorised access from Internet users (as opposed to Intranet access) then the client IP is not a valid criteria to identify them by anyway.

At the moment I accessing the Net via tor. Every time I hit a page my request arrives at the server via a different route.

You can check this by installing Tor & going to a site like - each time your IP will be different.

This has interesting effects when for example go to Google - instead of bringing up my normal start page, it bounces me to the country that it thinks I'm coming from.

Yesterday I got a number of times, and once I even got the Bulgarian Google homepage - "What's this??? Google in Cyrillic!" :o)

DigitalKitty has a bit more on tor on her home node.

If someone is using tor then they have immediately rendered all your hard work and logic for blocking/penalising IPs irrelevant.

A white list *is* a possiblity, but even valid IPs can be hijacked or spoofed, so it's never 100% reliable as an identification method.

I would think a form of challenge-response type encrypted token passed between the server and the client and back to the server would be a more reliable way to go.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://588290]
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others contemplating the Monastery: (12)
As of 2018-01-23 14:15 GMT
Find Nodes?
    Voting Booth?
    How did you see in the new year?

    Results (247 votes). Check out past polls.