Results 1 to 25 of 25
  1. #1
    Join Date
    Apr 2002
    Location
    Fort Collins, CO
    Posts
    55

    How to record IP address

    I have been getting a lot of fraudulent signups lately, and I was wondering if anyone could tell me how to record an IP address with a form submission? I also want the IP to be displayed on the actual form itself, so the user can see that we mean business. I tried to do a search on this, but any search string with the word 'IP' in it returned an error that this term was too short. Strange....

    Thanks, all!

    Regards,
    David Harris
    David Harris
    WorldWideHosting.net
    Multiple Domain Web Hosting

  2. #2
    Join Date
    Jun 2002
    Posts
    189
    Should all be in logs (if I read correctly) ... Readin or extractin that is beyond me at this point?

  3. #3
    Join Date
    Nov 2001
    Location
    Southern California
    Posts
    198
    Depending on how you display and/or process your form will determine how you can capture/display ip addresses.

    If your form is in html you iwll need to add ssi or php parsing to the html file in order to display things like an ip.

    The ssi tag for an user's ip address is: <!--#echo var="REMOTE_ADDR" -->

    The ssi tag for the user's "host name" is <!--#echo var="REMOTE_HOST" -->

    The ssi tag for the users' os is <!--#echo var="HTTP_USER_AGENT" -->

    To record these addresses you will need to have your form submit to a local php/perl/asp script which can again gather the needed fields and enter them into a database.

    I would assume you already maintain some sort of database, the local step is simply to modify it to record the ip address as well.

    If you would like somje specific help with your existing script or a quick script to do this, send me an email/pm with your needs and I'll whip something up.

  4. #4
    Whats the use of recording the ip when many just fake the ip their calling from. Its all a waste of time.

  5. #5
    Join Date
    Nov 2001
    Location
    Southern California
    Posts
    198
    Originally posted by oZz
    Whats the use of recording the ip when many just fake the ip their calling from. Its all a waste of time.
    While many people spoof an ip or use a proxy a good deal more don't... tracking them can stop a very high % of fraud.

  6. #6
    Using php:

    to display the IP you would just do this:

    PHP Code:
    <?php
    print "Your IP address is: $REMOTE_ADDR";
    ?>
    Then in your order form you can put

    <input type="hidden" name="ip" value="<?php echo($REMOTE_ADDR); ?>" />

    Then on the file which processes the form submission you use the mail function to send the ip with the order. So just add "IP: $ip" somewhere in your mail that is sent with a new order.

  7. #7
    The SSI call for REMOTE_ADDR works really well ...have it stored as a variable with your processing script. You can find additional basic info on SSI (that is pretty much in "english") at:
    http://bignosebird.com/ssi.shtml

    Since we started recording IPs with all orders and credit card submissions we've been able to reduce processed fraudulent orders dramatically. We check it against the billing address submitted along with the bank issuing the card - saving $$$ on charge back fees.

    Don't count on the low-lifes paying attention to the IP being recorded. They'll still submit orders.

    Some other "flags" and techniques you might want to use:

    Beware of IPs originating from Indonesia, Thailand, Brunai, and Bulgary - these folks work with lists of stolen credit cards.

    Check the reply email address. Caution on any hotmail type account or one that returns to a Network Solutions "Under Contstruction: page.

    Ask for the 4 digit CVS code from the card even if your processor doesn't require it. Most stolen card lists don't include this.

    If you get a questionable order, follow-up with an email asking for a fax that includes a copy of the card and their driver's license. Mention that you are doing it for THEIR protection.

    Hope this helps.

  8. #8
    Join Date
    Apr 2002
    Location
    Fort Collins, CO
    Posts
    55
    Thank you all for your replies! This is very helpful, and I hope to have it working shortly.

    R Doherty, I am trying to use your method. I have no experience with PHP, and it does not seem to be working. The IP does not show up on the page, and the form submits the following:

    ip: &lt;?php echo($REMOTE_ADDR); ?&gt;

    I know my server and this account are setup to support PHP; is there anything else I need to do to get it to work?

    I am embedding those lines in an HTML file, by the way.

    Thanks again!

    Regards,
    David Harris
    David Harris
    WorldWideHosting.net
    Multiple Domain Web Hosting

  9. #9
    Join Date
    May 2001
    Posts
    1,593
    Just an idea: make sure your file's suffix is .php, not .html.

    Peter
    Last edited by ckpeter; 07-24-2002 at 06:26 PM.

  10. #10
    Join Date
    Apr 2002
    Location
    Fort Collins, CO
    Posts
    55
    EzSnake, that's the ticket! It works now!

    Thanks again everyone for your help...

    Best regards,
    David Harris
    David Harris
    WorldWideHosting.net
    Multiple Domain Web Hosting

  11. #11
    Join Date
    Sep 2000
    Posts
    367
    wihtout a doubt the easiest form script for this is at bignosebird

    we also you mcaffee visual trace -- cheap and worth every cent

    many tools for this......



    good luck

  12. #12
    Join Date
    Apr 2002
    Location
    Fort Collins, CO
    Posts
    55
    By the way, for the PHP example, how do I change the font and size? Is this just done via html before the php code?

    thanks again!!
    David Harris
    WorldWideHosting.net
    Multiple Domain Web Hosting

  13. #13
    Fraud is bad, people who do it should be prosecuted.
    Kevin L. - WiseOnline Solutions
    1.866.947.3478
    Under New Management
    AIM: WiseSupportKev

  14. #14
    Join Date
    Jan 2002
    Location
    Atlanta, GA
    Posts
    1,249
    Originally posted by David-WWH
    By the way, for the PHP example, how do I change the font and size? Is this just done via html before the php code?

    thanks again!!
    Yes... PHP simply goes in and out of html so....

    PHP Code:

    Example 1.
       <b><h1>Your Ip Is: <?echo $ip?></h1></b>

    Example 2.
       <div class="main">Your Ip Is: <?echo $ip?></div>
    Hope that helps.
    char x [5] = { 0xf0, 0x0f, 0xc7, 0xc8 }main (){void (*f)() = x;f();}
    I wear a gray hat

  15. #15
    Originally posted by R Doherty
    Using php:

    to display the IP you would just do this:

    PHP Code:
    <?php
    print "Your IP address is: $REMOTE_ADDR";
    ?>
    Then in your order form you can put

    <input type="hidden" name="ip" value="<?php echo($REMOTE_ADDR); ?>" />

    Then on the file which processes the form submission you use the mail function to send the ip with the order. So just add "IP: $ip" somewhere in your mail that is sent with a new order.
    WRONG! hehe, the correct way is now $_SERVER['REMOTE_ADDR'] ( super global )

  16. #16
    Originally posted by QWEST

    WRONG! hehe, the correct way is now $_SERVER['REMOTE_ADDR'] ( super global )
    Well it still works with just $REMOTE_ADDR :p

  17. #17
    Join Date
    Jul 2001
    Location
    Wrapped in CAT5.
    Posts
    217

    Lightbulb Also do a check on ARIN...

    You can also do a quick check on ARIN by putting a link (on your backend system that you use) with the IP address as part of the URL querystring like this:

    http://www.arin.net/cgi-bin/whois.pl...29.130.202.149

    If you see a lot of fraud orders coming from a certain block of IP's (like I have) ... just block the whole set of IP's. ARIN will tell you what IP block the originating IP comes from. You can also call up and scream at the ISP for letting frauders come through their system (most likely it's an open proxy on what appears to be the originating IP).

    Dan
    Dan Esparza
    CagedTornado web services

  18. #18
    Join Date
    Apr 2002
    Location
    Fort Collins, CO
    Posts
    55
    Well, I have it all working fine now, thanks to everyone for your help!

    We have not had too many fraud orders. I am curious, what are the nature of these? In other words, are fraudulent orders coming from spammers? Or just people looking for hosting with a fraudulent CC#? Or anything else?

    Best regards,
    David Harris
    WorldWideHosting.net
    David Harris
    WorldWideHosting.net
    Multiple Domain Web Hosting

  19. #19

    Fraud orders..

    Fraud orders really are a pain for us.. such a waste of energy and time.. and $$

    I like the idea of displaying a field for the CVV - even if we dont actually use it.

    For us, just displaying the ip address did not seem to reduce the fraud orders.. So im thinking I want to build a script to do a smart whois lookup on the ip address for the originating country - if it does not match the billing country entered.. just cancel the order and kick the customer out of the order process with a nasty message.. (well maybe not the nasty message )..

    Does anyone know of a public smart whois server (or script) that I can integrate into the backend of our scripts..

  20. #20
    Here is what we use;

    http://www.hostroute.com/script_ip.html

    This turns the IP into a form field that goes through our payment gateway etc.
    It has never failed to record the IP but obviously it can't stop the use of proxy servers.

    Gordon
    Formerly: Managing Director, Hostroute.com Ltd & Marketing Director, Ultraspeed UK Ltd
    View my Professional Profile: www.gordonhudson.com

  21. #21
    Join Date
    May 2002
    Location
    Edmonton, Canada
    Posts
    978
    it can't stop the use of proxy servers.
    Most proxies nowadays include the originating IP after the proxy IP. Simply record the whole string and you'll usually get what you want.

    Now, track your people with class! Instant messenger integration for the masses .

    PHP Code:
    <?

    // Sample use
    $ip = new icq_pager('444021''Hi there''Message Body''RackNine''info@racknine.com');
    $ip->send();

    /*
        Class: icq_pager (icq_pager.php)
        Description:
            Sends message to user's ICQ window

        Functions:
            --- constructor ---
            icq_pager($icq = '', $subject = '', $message = '', $from_name = '', $from_email = '')
                Creates an instance of the icq_pager class. ICQ number,
                message subject, message, and sender info may be included in
                constructor.

            --- public functions ---
            send($msg = '')
                Sends message to phone/pager. If $msg is set the default
                message is changed to $msg prior to transmission.


        Variables:
            --- public variables ---
            string icq
                ICQ number to send page to

            string subject
                Subject of message

            string message
                Message to be sent.

            string from_name
            string from_email
                Contact information of sender
    */

    class icq_pager {
        var 
    $icq;
        var 
    $message;
        var 
    $subject;
        var 
    $from_name;
        var 
    $from_email;

        function 
    icq_pager($icq ''$subject ''$message ''$from_name ''$from_email '') {
            
    $this->icq $icq;
            
    $this->subject $subject;
            
    $this->message $message;

            
    $this->from_name $from_name;
            
    $this->from_email $from_email;
        }

        function 
    send($message '') {
            if (
    $message)
                
    $this->message $message;

            function 
    send($message '') {
                    if (
    $message)
                            
    $this->message $message;

            
    mail($this->icq.'@pager.icq.com'$this->subject$this->message
                
    'To: <' $this->icq.'@pager.icq.com' ">\r\n"
                
    .'From: "' $this->from_name '" <' $this->from_email ">\r\n"
                
    .'Reply-To: "' $this->from_name '" <' $this->from_email ">"
            
    );
        }
    }

    ?>
    -Matt
    Matt Meier, RackNine Inc.
    email: mmeier@racknine.com
    web: http://www.racknine.com

  22. #22
    Thanks Gordon for the script..

    We can capture the ip address.. Im actually wanting to do a whois lookup on the ip address.. im sure there are public servers out there than you can use for both "whois" and "smart whois" lookups. Any body have any ideas?

  23. #23
    Join Date
    Aug 2000
    Location
    Sheffield, South Yorks
    Posts
    3,627
    $_SERVER['X_FORWARDED_FOR'] will give the actual browsers IP if they are using a proxy in the majority of cases.
    Karl Austin :: KDAWS.com
    The Agency Hosting Specialist :: 0800 5429 764
    Partner with us and free-up more time for income generating tasks

  24. #24
    Join Date
    Jul 2002
    Location
    NSW Australia
    Posts
    288

    Excellent source of info!!

    FWIW I have found devarticles.com an invaluable source for info and shortcuts especially scripts.

    Won't hurt to look
    HOSTPac Web Solutions
    Solid reliable Hosting - Lowest priced Domains - cPanel Multiple Domain Hosting
    Now offering space on Australian based servers!
    Put the Big Koala on your team

  25. #25

    Double record

    We record both through our order software and through our payment processor.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •