CodeGuru Home VC++ / MFC / C++ .NET / C# Visual Basic VB Forums Developer.com
Page 1 of 2 12 LastLast
Results 1 to 15 of 22
  1. #1
    Join Date
    May 2012
    Posts
    8

    how to control pc that access our website

    We want to control certain user pc that can access our website, is there anyway to do it? We are using vb.net and mysql for the website. Thank you.

  2. #2
    Join Date
    Jun 2005
    Location
    JHB South Africa
    Posts
    3,772

    Re: how to control pc that access our website

    When you say control...

    Do you mean ???

    #1 : Prevent the PC/User access to the website.

    OR

    #2 : Gain access to the PC and copy stuff to/from it.
    Articles VB6 : Break the 2G limit - Animation 1, 2 VB.NET : 2005/8 : Moving Images , Animation 1 , 2 , 3 , User Controls
    WPF Articles : 3D Animation 1 , 2 , 3
    Code snips: VB6 Hex Edit, IP Chat, Copy Prot., Crop, Zoom : .NET IP Chat (V4), Adv. ContextMenus, click Hotspot, Scroll Controls
    Find me in ASP.NET., VB6., VB.NET , Writing Articles, My Genealogy, Forum
    All VS.NET: posts refer to VS.NET 2008 (Pro) unless otherwise stated.

  3. #3
    Join Date
    May 2012
    Posts
    8

    Re: how to control pc that access our website

    We mean the first one

    #1 : Prevent the PC/User access to the website.

    Thanks

  4. #4
    Join Date
    Jun 2005
    Location
    JHB South Africa
    Posts
    3,772

    Re: how to control pc that access our website

    Okay I've got some code that works in ASP.NET (Vb code) that will identify the IP of the PC that is accessing the site.. You can then record and compare this IP to a blocked list and then decide what to reply to the user...

    Unfortunately this code is on my Home PC and i'm at work... So i will post it a little later...
    Articles VB6 : Break the 2G limit - Animation 1, 2 VB.NET : 2005/8 : Moving Images , Animation 1 , 2 , 3 , User Controls
    WPF Articles : 3D Animation 1 , 2 , 3
    Code snips: VB6 Hex Edit, IP Chat, Copy Prot., Crop, Zoom : .NET IP Chat (V4), Adv. ContextMenus, click Hotspot, Scroll Controls
    Find me in ASP.NET., VB6., VB.NET , Writing Articles, My Genealogy, Forum
    All VS.NET: posts refer to VS.NET 2008 (Pro) unless otherwise stated.

  5. #5
    Join Date
    Jul 2001
    Location
    Sunny South Africa
    Posts
    11,283

    Re: how to control pc that access our website

    You could use the HTML META tag to achieve this. You just need to set the refresh value. Based on your code, the appropriate page can then be shown.

  6. #6
    Join Date
    May 2012
    Posts
    8

    Re: how to control pc that access our website

    Hello HanneSThEGreaT,

    I dont understand what you said, can you please explain in more detail?
    How is it going to help me?

  7. #7
    Join Date
    Jun 2005
    Location
    JHB South Africa
    Posts
    3,772

    Re: how to control pc that access our website

    sorry it took so long... Been so busy and completely buggered when i get home, I clean forgot..

    Code:
                'get last IP
                LastIp = Request.ServerVariables("HTTP_X_FORWARDED_FOR")
                If Not LastIp Is Nothing Then
                    FIps = Split(LastIp, ",", -1, CompareMethod.Text)
                    LastIp = FIps(FIps.Length - 1)
                Else
                    LastIp = Request.ServerVariables("REMOTE_ADDR")
                End If
    This code will return the IP of the PC connecting to the site...
    There after you can use
    Code:
            BIPs = GetBadIP() ' Return list of blocked IP's from the Database
            For Each ThisBot In BIPs
                If LastIp.ToUpper.Contains(ThisBot.IP.ToUpper) Then
                    Response.StatusCode = 410
                    Response.StatusDescription = "410 Gone"
                    Response.Status = "410 Gone"
                    Response.Write("Your IP has been reported as a source of malicious activity and all access has been revoked")
                    Response.Write(" If you think you are seeing this page in error. Please contact the webmaster")
                    Response.Write(" on {webmaster@domain} and quote '" & ThisBot.Name & "'.")
                    Response.Write(" ")
                    Response.End()
                    Exit Sub ' Stop processing this page..
                End If
            Next
    Hope this helps you..
    Articles VB6 : Break the 2G limit - Animation 1, 2 VB.NET : 2005/8 : Moving Images , Animation 1 , 2 , 3 , User Controls
    WPF Articles : 3D Animation 1 , 2 , 3
    Code snips: VB6 Hex Edit, IP Chat, Copy Prot., Crop, Zoom : .NET IP Chat (V4), Adv. ContextMenus, click Hotspot, Scroll Controls
    Find me in ASP.NET., VB6., VB.NET , Writing Articles, My Genealogy, Forum
    All VS.NET: posts refer to VS.NET 2008 (Pro) unless otherwise stated.

  8. #8
    Join Date
    May 2012
    Posts
    8

    Re: how to control pc that access our website

    Hello GremlinSA,

    Thank you for your reply, but I not really understand.

    What is Request.ServerVariables("HTTP_X_FORWARDED_FOR") and Request.ServerVariables("REMOTE_ADDR")?

    Can you please explain more on it?

  9. #9
    Join Date
    Jun 2005
    Location
    JHB South Africa
    Posts
    3,772

    Re: how to control pc that access our website

    Every request for a webpage has a list of 'Server Variables' that is passed with the Page name request.. (Basic HTML Stuff)

    REMOTE_ADDR will contain the IP of the Remote system requesting the page, and in the case of a Proxy Server we use
    HTTP_X_FORWARDED_FOR which will contain the originating IP address, and if the request was Via multiple Proxy's we take the last IP in there...

    see this wiki for more
    Articles VB6 : Break the 2G limit - Animation 1, 2 VB.NET : 2005/8 : Moving Images , Animation 1 , 2 , 3 , User Controls
    WPF Articles : 3D Animation 1 , 2 , 3
    Code snips: VB6 Hex Edit, IP Chat, Copy Prot., Crop, Zoom : .NET IP Chat (V4), Adv. ContextMenus, click Hotspot, Scroll Controls
    Find me in ASP.NET., VB6., VB.NET , Writing Articles, My Genealogy, Forum
    All VS.NET: posts refer to VS.NET 2008 (Pro) unless otherwise stated.

  10. #10
    Ejaz's Avatar
    Ejaz is offline Elite Member Power Poster
    Join Date
    Jul 2002
    Location
    Lahore, Pakistan
    Posts
    4,211

    Re: how to control pc that access our website

    I'm just curious to know that why not to restrict the user through username/password?

    With reference to IP based restriction, what about if the same user come from some other IP? like by using any open proxy that gives anonymity to the actual user?

  11. #11
    Join Date
    Jun 2005
    Location
    JHB South Africa
    Posts
    3,772

    Re: how to control pc that access our website

    Quote Originally Posted by Ejaz View Post
    I'm just curious to know that why not to restrict the user through username/password?
    Only works if you have a site where you hand out logins..

    Else user can also just reregister with a different username.. With access to Gmail and Yahoomail, one can register 100's of accounts..
    Articles VB6 : Break the 2G limit - Animation 1, 2 VB.NET : 2005/8 : Moving Images , Animation 1 , 2 , 3 , User Controls
    WPF Articles : 3D Animation 1 , 2 , 3
    Code snips: VB6 Hex Edit, IP Chat, Copy Prot., Crop, Zoom : .NET IP Chat (V4), Adv. ContextMenus, click Hotspot, Scroll Controls
    Find me in ASP.NET., VB6., VB.NET , Writing Articles, My Genealogy, Forum
    All VS.NET: posts refer to VS.NET 2008 (Pro) unless otherwise stated.

  12. #12
    Join Date
    May 2012
    Posts
    8

    Re: how to control pc that access our website

    Hello GremlinSA,

    I have some friend suggest to me to use RSA encryption function to do authentication. Each key(Public & Private key) will store in different side. Server will hold public key & client side will hold private key.

    Will this method workable for my situation?

  13. #13
    Ejaz's Avatar
    Ejaz is offline Elite Member Power Poster
    Join Date
    Jul 2002
    Location
    Lahore, Pakistan
    Posts
    4,211

    Re: how to control pc that access our website

    Quote Originally Posted by GremlinSA View Post
    Only works if you have a site where you hand out logins..

    Else user can also just reregister with a different username.. With access to Gmail and Yahoomail, one can register 100's of accounts..
    Unless the requirements specifically states to go with IP based security mechanism, I don't think that this is any form of security at all, due to following reasons

    1. IP cannot be classified as user credential.
    2. IP is not a persistent identification mechanism. For example, that IP that is assigned to me (by my internet service provider), was in use by someone else before it was assigned to me and I don't know who'll have it when I'll disconnect.
    3. With reference to above point, if someone else is assigned the IP that I'm using right now (after I disconnect), then that someone will also not be able to access the site.
    4. Even if IP based user detection mechanism is implemented (which will certainly use some database at the back with the list of banned IP), then how will this database be filled with banned IP at the first place? Which means that someone has to wait for the particular user to come and banned him, which already push this mechanism at back foot.
    5. If you ban a series of IP (i.e. for a particular user group from some specific region), then all the people from the particular region will go down.
    6. All I need to change my IP is re-connect my connection, which is just a matter of simple 2 clicks. Unless I'm using some application with state oriented connections, I don't have any problem doing that.


    Now the standard username/password mechanism doesn't provide you 100% fool proof security system either, as you mentioned (which is pretty common) that a user can sign up multiple accounts, however

    1. This approach push the user to go beyond simple 2 clicks, which means
      • The user has to create another email id.
      • The user has to sign up another account with you

      This way, the particular user has to do some efforts to hook up with the particular site.
    2. You are still in better position that its up to you that whether you want to allow the user or not(at the first place, i.e. at sign up)
    3. You'll not face user collision issue (i.e. two users sharing the same IP at different time)
    4. You can ask the user to accept some AUP, which gives you legal coverage.
    5. In order to create thousands of different user accounts with *you*, the user has to equally misuse GMail/Yahoo as well. The particular user is not only fiddling with you, but with other parties too. Therefore, its not only *your* AUP that he is violating, he has to do more then that.
    6. Not all users want to spam your system. For serious users, its very important that their identities remain valid. Such as, I don't want my particular user id at CG gets banned here or I have to change my e-mail just for CG, as I've been using the same ID for more then 10 years and everyone else users the same ID to reach me, it would be really hard if I've to change it.


    This is more or less exactly what we do here as well. Any user violates AUP, is banned (i.e. his user account), not his IP. Additionally, if a stronger security level is required, then I would suggest to use something like digital certificates.
    Last edited by Ejaz; May 16th, 2012 at 08:44 PM.

  14. #14
    Ejaz's Avatar
    Ejaz is offline Elite Member Power Poster
    Join Date
    Jul 2002
    Location
    Lahore, Pakistan
    Posts
    4,211

    Re: how to control pc that access our website

    Quote Originally Posted by xpossupport View Post
    Will this method workable for my situation?
    Security comes at cost. The question is what level of security is good enough for you. The more sophisticated mechanisms you'll include, the higher will be the cost (up front and on going basis), so you have to measure the cost/benefit ratio for yourself.

  15. #15
    Join Date
    Jun 2005
    Location
    JHB South Africa
    Posts
    3,772

    Re: how to control pc that access our website

    Quote Originally Posted by Ejaz View Post
    This is more or less exactly what we do here as well. Any user violates AUP, is banned (i.e. his user account), not his IP. Additionally, if a stronger security level is required, then I would suggest to use something like digital certificates.
    Are You Sure?? check this thread..

    If there is excessive Spam, Etc coming from a Specific IP, CG admin do block the IP..

    Also on my Forum site i use several methods to block out Spammers and Bandwidth wasters..

    But I always do some homework on the IP's before i block them .. Like this one IP i eventually blocked that had a different UserAgent with every visit (even within the same tracking cookie).. Then I also block according to UserAgents ...

    Once Your Running and Monitoring your Own WebSite/ WebServer, You'd be surprised by the Amount of Crap out there that tries to Hack, Copy or Crash a website...

    And with Public Access Sites (Like CG) you can't simply rely on user access blocking, because they still have 100% access to the site(maybe with out been able to post/ comment), and this still allows people to be malicious on the site.. SQL injection attacks don't require the user to be registered, just that the site accepts his requests..
    Articles VB6 : Break the 2G limit - Animation 1, 2 VB.NET : 2005/8 : Moving Images , Animation 1 , 2 , 3 , User Controls
    WPF Articles : 3D Animation 1 , 2 , 3
    Code snips: VB6 Hex Edit, IP Chat, Copy Prot., Crop, Zoom : .NET IP Chat (V4), Adv. ContextMenus, click Hotspot, Scroll Controls
    Find me in ASP.NET., VB6., VB.NET , Writing Articles, My Genealogy, Forum
    All VS.NET: posts refer to VS.NET 2008 (Pro) unless otherwise stated.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  





Click Here to Expand Forum to Full Width

Featured