I have a hosted web application, I would like to prevent signup from proxy/VPN/VPS ip address. How do i check whether the users ip address is proxy/vpn/vps syste.
For example clixsense.com site, users can't create account, it shows cannot access from proxy/vpn/vps ip address.
Thanks in advance.
Clixsense.com may pay someone who knows that certain sites are proxy/vpn/vps sites and are then able to block those sites. Short of that, there is nothing special about an IP address that would tell you that one is a proxy address vs. an actual endpoint address.
For example, network address translation (NAT) is a common form of "proxying". Your typical cable/DSL router makes it possible for more than one person to connect to the internet from your house. You're all sharing the same ISP IP address. The router stores a table of IP address to port numbers that it uses to establish outgoing communications. When a reply from the internet is received, the router performs a lookup and routes the traffic appropriately. From the viewpoint of the server on the internet, it came from that one single IP address that your router is "connected" to from your house, even though your computer has one IP address and your spouse's computer has a different IP address.
HTH.
Related
Hope someone can enlighten me. I have been wondering if the mac address visible to other sites using javascript is the mac address of router or the adapter in my pc or laptop? I am aware that the router strips my adapter's mac address and just sends the info to and fro the web. Thanks
Not sure what you mean, so I'll make a larger answer.
You can not get MAC addresses from Javascript in a browser. You can refer this thread.
If you meant IP address, then you can get all the computer IP addresses (usually referred as "private IP addresses" when you are behind a router) using WebRTC. You can check this thread and this site.
You can also get a visible IP address (usually referred as public IP in most cases) by querying a remote server, as this one.
I'm wondering whether it's technically possible to detect IPv6 clients that are on my website?
I'm currently running Classic ASP using Request.ServerVariables("remote_addr") to detect my visitors IP addresses but some of my mobile users (which I think are Telstra customers here in Australia) are now using IPv6. This function only seems to give me an IPv4 address.
Is there an easy/free solution to detect IPv6 addresses of my visitors?
PS - I don't believe IPv6 is enabled on the server, so am I wasting my time?
Your website can only be reached over IPv6 if your webserver and ISP support it. When your server doesn't have IPv6 there is usually a translation mechanism in the user's ISP's network (NAT64) that translates the user's IPv6 packets to IPv4 packets that can reach your server. Because of that you will only see IPv4 connections coming in. Some of those will be real IPv4 users, some will be IPv6 users that got translated into IPv4.
If you want to be optimally reachable for all users then relying on someone else's translation mechanism is a hack that you'd want to avoid. Asking your ISP/hoster/sysadmin/etc to make your server reachable over IPv6 as well as over IPv4 is the best solution. That way all users can directly contact your server, no matter what their ISP offers.
If the clients are IPv6-only and do not have access to any transition mechanism they will never be able to reach your IPv4-only service in the first place.
In that case it will appear to those users as if your server is down and you will have no way of knowing they even tried reaching your server.
However IPv6-only clients with no access to a transition mechanism are still very rare. More likely the clients will have access to some transition mechanism such as NAT64.
There are a few ways to know if a client accessed your site through a NAT64.
The IPv4 address of the NAT64 may have information in reverse DNS or whois which will tell you that it is a NAT64 device. Additionally clients relying on NAT64 will often be unable to access literal IPv4 addresses. Only access through hostnames work as they rely on DNS64 to find the IPv6 address.
Another way of telling the difference is that the MSS value advertised in SYN packets tend to have different values for native IPv4 clients and NAT64 translated clients.
None of these are 100% reliable ways of telling the difference, but as long as the clients don't have any incentive to mess with your results they can provide a good estimate.
Notice that though the DNS64/NAT64 combo will allow IPv6-only clients to access IPv4-only servers it will not work with servers that have bad or misconfigured IPv6 access. So before you add an AAAA record on your domain make sure that the IPv6 address actually works. And once you have set up the AAAA record you can use a service such as https://nat64check.org/ to verify that it actually works.
Appreciate both responses above, it's made things significantly clearer for me.
After some further reading/investigation, it's apparent that IPv6 packets are being translated to IPv4 (or they are dual-stacking). If the former, I'm now trying to see if I can convert them at my end.
One example is this IPv6 address: 2001:8003:1909:2700:3c97:38e7:9c98:bb5b
It's being translated to IPv4 as: 101.177.229.36
There are many online calculators but none seem to give me the above conversion so I'm thinking their ISP is using their own translation mechanism.
I'm using Twilio to send and respond to messages. It was working normally, but since we moved to bay area the responding function doesn't work now.
So what happens is when the user send message to us(the IP address of our own computers) from their phones, our server can't receive anything. When we check our Twilio account, we know that the msg was indeed sent to the Twilio server. So we think it's the problem of linking between Twilio server and our IP address. We are suspecting that the IP address is virtual IP address here, which makes Twilio server can't find us. Is our suspection correct? if yes, what should we do? If not, what would be the possible problems?
Apologize for having a description not very clear, but it's pretty much everything of the problem. Please tell me if you need any additional information.
You probably need to use a dynamic dns service. Then you need to find what port Twilio sends the SMSs to the client(your computer), and make sure your firewall is forwarding that port to your computer. Odds are this is a firewall issue, especially since you say everything worked before you moved. Has there been a change in your network setup? You need to be aware of both hardware and software firewalls in your setup.
How is the firewall configured on your router? You need to forward requests to your router to your local IP address. Example: My local ip is 192.168.1.5 my external ip is 245.932.4.3 (This is the value you get from myipaddress.com) Thus you need to set your router (which has ip 245.932.4.3) to forward requests on port x (where x= the twilio outgoing port) to 192.168.1.5
I've been trying to find the correct situtation when to use GetHostAddresses or GetHostEntry. I understand by reading this article (http://msdn.microsoft.com/en-us/library/ms143998(v=vs.110).aspx) that GetHostEntry will do the reverse dns lookup and GetHostAddresses does not..
However under what exact scenario you need to use GetHostEntry rather than GetHostAddresses? also, what is the primary reason for GetHostEntry method to perform reverse DNS lookup?
GetHostEntry(hostNameOrAddress)
The GetHostEntry method queries a DNS server for the IP address that is associated with a host name or IP address.The method assumes that if an IP literal string is passed in the hostNameOrAddress parameter that the application wants an IPHostEntry instance returned with all of the properties set. These properties include the AddressList, Aliases, and HostName.
This method can be used if you want to find the hostname associated with an IP address.
Reverse DNS is mostly for such things as tracking where a web-site visitor came from, or where an e-mail message originated etc. It is typically not as critical in as forward DNS - visitors will still reach your web-site just fine without any reverse DNS for your web-server IP or the visitor's IP. Reverse DNS is important for one particular application.Many e-mail servers on the Internet are configured to reject incoming e-mails from any IP address which does not have reverse DNS.
GetHostAddresses(hostNameOrAddress)
But the GetHostAddresses method queries a DNS server for the IP addresses associated with a host name. If hostNameOrAddress is an IP address, this address is returned without querying the DNS server. This query will return all the IP addresses related to the hostname you provide.
The difference between GetHostEntry and GetHostAddresses is that whenever you give an IP address to GetHostEntry it will query the DNS server and try to get the hostname for that IP address and then get all the addresses associated with it.If the data for a successfull reverse resolve is not in your DNS server, this will fail.
One scenario where I see it useful as opposed to GetHostAddresses would be if you already know one IP address of a host and want to find the other IP Addresses. If an IP is specified as parameter, GetHostEntry would return all addresses while the GetHostAddresses will return only one (when IP is specified as parameter).
If I have a UDP server repeatedly receiving requests from the same client machine, when might the client's incoming IP address change even though the user is actually still on the same machine and has not done anything deliberate to change her IP address?
I can think of two cases: (1) packets are coming in via proxy servers that use a pool of different IP addresses, and (2) the client machine is using a dynamically assigned IP address that has expired and been reassigned to a new IP address.
Are there any other cases?
Is it a mobile client? If so, it could change networks. For example -
A phone switching b/w 3G and wi-fi
A laptop changes wi-fi networks (this is infrequent though)