How C9 should record IPs -

Follow
Oops, something didn't work.

Try again?

Sign In to be begin to follow this thread

What does this mean?
Following an item on Channel 9 allows you to watch for new content and comments that you are interested in. You need to be signed in to Channel 9 to use this feature.

Getting "follow" information

Stop following this thread

Start following this thread

What does this mean?
Following an item on Channel 9 allows you to watch for new content and comments that you are interested in and view them all on your notifications page.

Removing your "follow"

Setting up your "follow"

Did you know you can
sign up for email notifications?
- Subscribe to this feed

reddit

Tweet

Manip

Feb 23, 2005 at 2:51 AM

I am using a 'transparent cache service' which is a
proxy forced on me by my ISP (so they can save
bandwidth). So if you check my IP by the normal
method you will get the cache server (thus multiple
users appear to come from the same IP). However if
you check the HTTP_X_FORWARDED_FOR var in the header
you will see my true IP and thus can limit things
such as polls to one IP.

string ispIPAddress;

if(Request.ServerVariables["HTTP_X_FORWARDED_FOR"] != null || Request.ServerVariables["HTTP_CLIENT_IP"] != null)
ispIPAddress = Request.ServerVariables["HTTP_X_FORWARDED_FOR"];
else
ispIPAddress = Request.ServerVariables["REMOTE_ADDR"];

Taken from here (I am not an ASP.Net coder).
AndyC

Feb 23, 2005 at 2:59 AM

Manip wrote:

and thus can limit things
such as polls to one IP.

Wouldn't it be about a squillion times easier just to log the username that has voted in a poll rather than their IP?

Okay, so people could register until multiple names but is that any less likely than them disconnecting and then re-connecting to get a new IP number if they're so desperate to vote again?
Manip

Feb 23, 2005 at 3:11 AM

At the moment they are not doing either. Just setting something in the cookie, thus making it a client side thing.
Arran

Feb 23, 2005 at 7:44 AM

Checking the IP is easy...but what about all those connections using dynamic assigned IP's?

IMHO its a waste of time.
Manip

Feb 23, 2005 at 7:50 AM

'All those connections'? You mean you? ... My IP is dynamic, but hasn't changed in over a year and I could be IDed registering another account if I tried.

I am not suggesting it as a full proof defence but it will stop the casual abuser and spammers (trolls) who might register multiple accounts to, for example, post religious propaganda.
Maurits AKA Matthew van Eerde

Feb 23, 2005 at 8:00 AM

Smilies gone bad...
Sven Groot Don't worry... I'm a doctor.

Feb 23, 2005 at 8:04 AM

My IP is dynamic, and seems to change every time I boot into Linux.
Maurits AKA Matthew van Eerde

Feb 23, 2005 at 10:07 AM

I should note that there are many ways to spoof mere headers in HTTP (X-Forwarded-For). Spoofing the connection IP is considerably more difficult.

On the other hand if you have multiple users behind the same proxy (or proxy bank) then restricting connection IP isn't fair.

On the whole, one-vote-per-username seems to be the fairest method of restricting polling... though it does require registration to vote...
Charles Welcome Change

Feb 23, 2005 at 10:41 AM

There is no guarantee that the x-forwarded-for request header data will be present just like there is no guarantee that client-ip data will actually represent the originating client as opposed to the proxy making the request on the client's behalf. As I've said, we do track IPs and IP data is not guaranteed to ensure that we know who you are. This is a hard problem that pretty much no web-based (client web browser-web server technology) has nailed.

Yes, the poll is super easy to eploit. The question is, why exploit it? This is a social problem as much as it is a technological problem. "Gee. Other forums do this. And other forums do that...".

This is Channel 9. We like to think that a community can be responsible for and by itself. If you must exploit simple web features to make yourself happy, well, go do it somewhere else.

Charles
AT

Feb 25, 2005 at 12:28 PM

LOL... Are you kidding ?

Never trust your headers. Some evil people can fake it.

As well - in HTTP_X_FORWARDED_FOR can be more that one IP or in some rare cases - total garbage.

Thread Closed

This thread is kinda stale and has been closed but if you'd like to continue the conversation, please create a new thread in our Forums,
or Contact Us and let us know.

How C9 should record IPs -

What does this mean?

What does this mean?

Thread Closed