 | View Full Version : Security Help DWood 04-21-2002, 10:18 PM I want to put a system in place where users who visit our members' area get their IP stored along with the username they are using, in order to prevent account fraud (password sharing). Can someone help me out with this, I have never done something like this before. Does anyone know of any scripts or how I would get started? Thanks, DWood rfxn 04-21-2002, 10:27 PM Offhand you could look at http://www.hostscripts.com and see if you find anything there. As for the best language to do this in, id recommend you take a crack at it with PHP/MySQL. priyadi 04-21-2002, 10:58 PM Originally posted by DWood I want to put a system in place where users who visit our members' area get their IP stored along with the username they are using, in order to prevent account fraud (password sharing). Can someone help me out with this, I have never done something like this before. Does anyone know of any scripts or how I would get started? Thanks, DWood That depends on how your member are is built. If it uses HTTP authentication, then your access logs already have the required information, you only need a script to extract data from it. If it uses some other way, like php pages to form session based authentication, then you need to modify your php scripts. DWood 04-21-2002, 11:01 PM I use php usernames/passwords taken from a mysql database and cookies to store the information. I know I should use sessions, but when I tried it just didn't work out and this is working pretty good. The protection page is included on all member pages cperciva 04-21-2002, 11:07 PM Originally posted by DWood I want to put a system in place where users who visit our members' area get their IP stored along with the username they are using, in order to prevent account fraud (password sharing). Please don't do that. There are a large number of people behind transparent proxies (aka man-in-the-middle attacks, aka content routers) which will cause them to appear to come from a number of different addresses. Come to think of it, I think AOL might do that. erapid 04-22-2002, 09:47 AM Hi DWood, Would you like to explain what do you want more accurately. more full Regards bacid 04-22-2002, 02:35 PM there are lots of adult sites that use scripts like this.. they record the login username and IP and if the same username logs in more than XX number of times within XX number of minutes with a different IP then the username is locked. You can setup the program to clear the log every XX number of mins.. THe program that i have used for clients is Password Nazi . http://www.superscripts.com/scripts/nazi.html |