[Talk-GB] liam123's latest

David Earl david at frankieandshadow.com
Fri Sep 18 12:13:12 BST 2009


On 18/09/2009 11:52, Tom Hughes wrote:
>> Re IP addresses, it depends on how he is connected - mine for example
>> never changes so long as I am using the same Mac address to connect. It
>> is cited on the DWG page as one course of action, and I think it would
>> be more effective than banning the account, as we'll likely lose track
>> of him.
> 
> Well bully for you. Now if the entire world is using the same ISP as you 
> then everything will be fine.

Well, it seems a reasonable assumption to me that if my ISP does it this 
way it might be quite a common practice. But apparently not, so I stand 
corrected. Doesn't mean it's not worth looking at though - Virgin Media 
is widely used.

>> It is trivial to get hold of the IP address - every HTTP request carries
>> it, though a serious hacker would forge or suppress it, I doubt he's
>> doing that - if he was not just playing, he'd be using multiple accounts.
> 
> I'm not a complete muppet thank you. I know full well that every HTTP 
> request has an IP address associated with it.

I didn't think you didn't, but you were the one who said it was hard.

> The problem is working out which HTTP requests are his! The web server 
> access logs do not record the authenticated user for each request for 
> the very simple reason that the web server has no idea as that is a 
> rails level issue.
> 
> The rails logs also do not log the user details, although they probably 
> could be made to. It would be on a separate line to the IP address 
> however which makes pulling them out much harder.

I was thinking more along the lines of recording the IP address along 
with the other changeset information (but not, presumably, exposing it 
in the API) - after all, that's what the information is wanted in 
relation to, and it would allow us to see how the address is changing 
for any particular user.

I'm sorry if I seem frustrated by this, but it is because I am. We've 
all spent thousands of hours each on this, and this guy is undermining 
everything we've all done. Even though it's not my area (though close), 
it completely destroys any confidence anyone might have in what they see 
everywhere.

David





More information about the Talk-GB mailing list