Hello "Dan Hardiker" <[EMAIL PROTECTED]>, Then, it is not safe to do IP-based blocking, right? Any alternative?
On Thu, 16 May 2002 10:10:44 +0100 (BST) "Dan Hardiker" <[EMAIL PROTECTED]> wrote: > > Craig Vincent wrote: > > The best thing you can do is temporarily record the > > IPs of connections to your script, and then block IPs that connect to > > the script too often directly from your routing table. It doesn't > > necessarily stop those using proxies but definately is more reliable > > than an HTTP_REFERER protection scheme. > > If you are expecting to have a wide (uncontrolled) audience for the data > you are outputting I would strongly suggest against doing this as the > majority of major ISPs operate transparent web proxies - where everyone > from that ISP will appear to be coming from the same IP. > If I was a malitious user, I would get a block of 50 IPs, place them on a > unix box and then bind randomly to the IPs when making the calls... making > the work around for this security measure trivial. > Im not saying you shouldnt implement any method of security, as some > security is far better than none! Just making sure that everyone is aware > of the consequences and implications. > > -- > Dan Hardiker [[EMAIL PROTECTED]] > ADAM Software & Systems Engineer > > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php -- Patrick Hsieh <[EMAIL PROTECTED]> GPG public key http://pahud.net/pubkeys/pahudatpahud.gpg -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
