Discussion:
Stealing users IP address
(too old to reply)
Mohammad
2006-04-27 02:49:05 UTC
Permalink
Is there a functiaon to take the IP address of person who submits to a
form
example:
<input id="user_ip" name="user[ip]" type="hidden" value="<%=
some_ip_call %>" />
--
Posted via http://www.ruby-forum.com/.
Wilson Bilkovich
2006-04-27 02:52:07 UTC
Permalink
Post by Mohammad
Is there a functiaon to take the IP address of person who submits to a
form
<input id="user_ip" name="user[ip]" type="hidden" value="<%=
some_ip_call %>" />
In your controller action, you can invoke:
request.remote_ip

You don't need a field on the form.
Mohammad
2006-04-27 03:50:07 UTC
Permalink
Post by Wilson Bilkovich
Post by Mohammad
Is there a functiaon to take the IP address of person who submits to a
form
<input id="user_ip" name="user[ip]" type="hidden" value="<%=
some_ip_call %>" />
request.remote_ip
You don't need a field on the form.
I got this error
undefined local variable or method `request' for
ApplicationController:Class
--
Posted via http://www.ruby-forum.com/.
Robby Russell
2006-04-27 04:18:35 UTC
Permalink
Post by Mohammad
Post by Wilson Bilkovich
Post by Mohammad
Is there a functiaon to take the IP address of person who submits to a
form
<input id="user_ip" name="user[ip]" type="hidden" value="<%=
some_ip_call %>" />
request.remote_ip
You don't need a field on the form.
I got this error
undefined local variable or method `request' for
ApplicationController:Class
What version of Rails are you running?

Robby

Robby Russell
Founder & Executive Director

PLANET ARGON, LLC
Ruby on Rails Development, Consulting & Hosting

www.planetargon.com
www.robbyonrails.com

+1 503 445 2457
+1 877 55 ARGON [toll free]
+1 815 642 4968 [fax]
Mohammad
2006-04-27 04:26:41 UTC
Permalink
Post by Robby Russell
Post by Mohammad
Post by Wilson Bilkovich
request.remote_ip
You don't need a field on the form.
I got this error
undefined local variable or method `request' for
ApplicationController:Class
What version of Rails are you running?
Robby
Robby Russell
Founder & Executive Director
PLANET ARGON, LLC
Ruby on Rails Development, Consulting & Hosting
www.planetargon.com
www.robbyonrails.com
+1 503 445 2457
+1 877 55 ARGON [toll free]
+1 815 642 4968 [fax]
Ruby version 1.8.4 (i386-mswin32)
RubyGems version 0.8.11
Rails version 1.1.2
Active Record version 1.14.2
Action Pack version 1.12.1
Action Web Service version 1.1.2
Action Mailer version 1.2.1
Active Support version 1.3.1
--
Posted via http://www.ruby-forum.com/.
n***@public.gmane.org
2006-04-27 07:52:04 UTC
Permalink
Just making sure you know... the IP address is a very unreliable piece
of information. It changes all the time for most users. AOL users have
a different IP address for every request, for example, and for dial-up
and most DSL users, it changes every time they connect. It can be
useful sometimes for trying to spot trends in usage, or, to an extent,
finding out where someone is from
Post by Robby Russell
Post by Mohammad
Post by Wilson Bilkovich
request.remote_ip
You don't need a field on the form.
I got this error
undefined local variable or method `request' for
ApplicationController:Class
What version of Rails are you running?
Robby
Robby Russell
Founder & Executive Director
PLANET ARGON, LLC
Ruby on Rails Development, Consulting & Hosting
www.planetargon.com
www.robbyonrails.com
+1 503 445 2457
+1 877 55 ARGON [toll free]
+1 815 642 4968 [fax]
Ruby version 1.8.4 (i386-mswin32)
RubyGems version 0.8.11
Rails version 1.1.2
Active Record version 1.14.2
Action Pack version 1.12.1
Action Web Service version 1.1.2
Action Mailer version 1.2.1
Active Support version 1.3.1
--
Posted via http://www.ruby-forum.com/.
_______________________________________________
Rails mailing list
http://lists.rubyonrails.org/mailman/listinfo/rails
Mohammad
2006-04-27 12:02:12 UTC
Permalink
Post by n***@public.gmane.org
Just making sure you know... the IP address is a very unreliable piece
of information. It changes all the time for most users. AOL users have
a different IP address for every request, for example, and for dial-up
and most DSL users, it changes every time they connect. It can be
useful sometimes for trying to spot trends in usage, or, to an extent,
finding out where someone is from
So is there an efficent way to ban someone from my site?
--
Posted via http://www.ruby-forum.com/.
n***@public.gmane.org
2006-04-27 12:23:20 UTC
Permalink
The best way I've found, although still reasonably easy to get around,
is to use a combination of a cookie and an IP address. If either is
matched to a banned list, they don't get in.

Also, depending on the nature of the site, it can be possible to have
fake site features for banned users to hide the fact that they have
been banned. It will fool some, believe me.

-Nathan
Post by Mohammad
Post by n***@public.gmane.org
Just making sure you know... the IP address is a very unreliable piece
of information. It changes all the time for most users. AOL users have
a different IP address for every request, for example, and for dial-up
and most DSL users, it changes every time they connect. It can be
useful sometimes for trying to spot trends in usage, or, to an extent,
finding out where someone is from
So is there an efficent way to ban someone from my site?
--
Posted via http://www.ruby-forum.com/.
_______________________________________________
Rails mailing list
http://lists.rubyonrails.org/mailman/listinfo/rails
n***@public.gmane.org
2006-04-27 12:26:39 UTC
Permalink
Oh, and just to clarify, the point of hiding from users that they've
been banned is so that they deliberately don't try to get around your
banning method.
Post by n***@public.gmane.org
The best way I've found, although still reasonably easy to get around,
is to use a combination of a cookie and an IP address. If either is
matched to a banned list, they don't get in.
Also, depending on the nature of the site, it can be possible to have
fake site features for banned users to hide the fact that they have
been banned. It will fool some, believe me.
-Nathan
Post by Mohammad
Post by n***@public.gmane.org
Just making sure you know... the IP address is a very unreliable piece
of information. It changes all the time for most users. AOL users have
a different IP address for every request, for example, and for dial-up
and most DSL users, it changes every time they connect. It can be
useful sometimes for trying to spot trends in usage, or, to an extent,
finding out where someone is from
So is there an efficent way to ban someone from my site?
--
Posted via http://www.ruby-forum.com/.
_______________________________________________
Rails mailing list
http://lists.rubyonrails.org/mailman/listinfo/rails
Brian Hogan
2006-04-27 13:14:53 UTC
Permalink
Hey, I really like that idea :)
Post by n***@public.gmane.org
Oh, and just to clarify, the point of hiding from users that they've
been banned is so that they deliberately don't try to get around your
banning method.
Post by n***@public.gmane.org
The best way I've found, although still reasonably easy to get around,
is to use a combination of a cookie and an IP address. If either is
matched to a banned list, they don't get in.
Also, depending on the nature of the site, it can be possible to have
fake site features for banned users to hide the fact that they have
been banned. It will fool some, believe me.
-Nathan
Post by Mohammad
Post by n***@public.gmane.org
Just making sure you know... the IP address is a very unreliable
piece
Post by n***@public.gmane.org
Post by Mohammad
Post by n***@public.gmane.org
of information. It changes all the time for most users. AOL users
have
Post by n***@public.gmane.org
Post by Mohammad
Post by n***@public.gmane.org
a different IP address for every request, for example, and for
dial-up
Post by n***@public.gmane.org
Post by Mohammad
Post by n***@public.gmane.org
and most DSL users, it changes every time they connect. It can be
useful sometimes for trying to spot trends in usage, or, to an
extent,
Post by n***@public.gmane.org
Post by Mohammad
Post by n***@public.gmane.org
finding out where someone is from
So is there an efficent way to ban someone from my site?
--
Posted via http://www.ruby-forum.com/.
_______________________________________________
Rails mailing list
http://lists.rubyonrails.org/mailman/listinfo/rails
_______________________________________________
Rails mailing list
http://lists.rubyonrails.org/mailman/listinfo/rails
n***@public.gmane.org
2006-04-27 14:16:17 UTC
Permalink
It's good isn't it. There are parts of my site which anyone can edit,
and I'm working out how to set it up so that when a blocked user edits
something, their changes come up for them once they submit (using
ajax) just as if they were a normal user. If they were to refresh the
page, however, they would notice that their changes haven't actually
had any effect at all. Cool, huh?
-Nathan
Post by Brian Hogan
Hey, I really like that idea :)
Post by n***@public.gmane.org
Oh, and just to clarify, the point of hiding from users that they've
been banned is so that they deliberately don't try to get around your
banning method.
Post by n***@public.gmane.org
The best way I've found, although still reasonably easy to get around,
is to use a combination of a cookie and an IP address. If either is
matched to a banned list, they don't get in.
Also, depending on the nature of the site, it can be possible to have
fake site features for banned users to hide the fact that they have
been banned. It will fool some, believe me.
-Nathan
Post by Mohammad
Post by n***@public.gmane.org
Just making sure you know... the IP address is a very unreliable
piece
Post by n***@public.gmane.org
Post by n***@public.gmane.org
Post by Mohammad
Post by n***@public.gmane.org
of information. It changes all the time for most users. AOL users
have
Post by n***@public.gmane.org
Post by n***@public.gmane.org
Post by Mohammad
Post by n***@public.gmane.org
a different IP address for every request, for example, and for
dial-up
Post by n***@public.gmane.org
Post by n***@public.gmane.org
Post by Mohammad
Post by n***@public.gmane.org
and most DSL users, it changes every time they connect. It can be
useful sometimes for trying to spot trends in usage, or, to an
extent,
Post by n***@public.gmane.org
Post by n***@public.gmane.org
Post by Mohammad
Post by n***@public.gmane.org
finding out where someone is from
So is there an efficent way to ban someone from my site?
--
Posted via http://www.ruby-forum.com/.
_______________________________________________
Rails mailing list
http://lists.rubyonrails.org/mailman/listinfo/rails
_______________________________________________
Rails mailing list
http://lists.rubyonrails.org/mailman/listinfo/rails
_______________________________________________
Rails mailing list
http://lists.rubyonrails.org/mailman/listinfo/rails
Jason Stewart
2006-04-28 18:57:54 UTC
Permalink
Post by n***@public.gmane.org
It's good isn't it. There are parts of my site which anyone can edit,
and I'm working out how to set it up so that when a blocked user edits
something, their changes come up for them once they submit (using
ajax) just as if they were a normal user. If they were to refresh the
page, however, they would notice that their changes haven't actually
had any effect at all. Cool, huh?
-Nathan
That's a really neat idea. Sounds like a good candidate for a plugin or
generator.

Jason
Joe Van Dyk
2006-04-28 19:17:49 UTC
Permalink
Post by Mohammad
Post by Wilson Bilkovich
Post by Mohammad
Is there a functiaon to take the IP address of person who submits to a
form
<input id="user_ip" name="user[ip]" type="hidden" value="<%=
some_ip_call %>" />
request.remote_ip
You don't need a field on the form.
I got this error
undefined local variable or method `request' for
ApplicationController:Class
Could you paste the function that you're using the request in?

Continue reading on narkive:
Loading...