Saturday 18 May 2013
How To Know Whether You Have Dynamic IP?
Open a DOS window, and type the command:
ipconfig /all
Look at the results. If the line Dhcp Enabled has a Yes beside it, you have a dynamic IP address.
You'll also see at the bottom of the output when the lease was obtained and when it expires. This is when your machine got the IP address, and when it will be getting a new one from the DHCP server.
If the line Dhcp Enabled has a No beside it, you have a static IP address.
Tips on Dynamic IP
1. Flamers and trolls often resign up using the same password they always use. Have a system whereby on signup, a query is run checking against all flagged members for a similar password. There might be variations. They might append several numbers or prepend something but the premise is to check for similarity.
You can either invalidate with a generic message that leaves no clue as to why registration wasn't completed i.e. 'There was an error processing the request' etc, or you can simply leave that flag against their member record so that you can spot a potential abuser from the second they make a post or response.
2. Sometimes users might be on dynamic IPs that either have a small scope that flushes the last set of digits, connecting to another node for example:
212.190.12.130 > 212.190.12.150 > 212.190.12.3
Or a large scope that will change the last two accordingly. It's very unlikely a dynamic IP will iterate through the last three or indeed, the entire IP.
If you have a pervasive spammer who just keeps returning, you can easily determine if they are on a dynamic Ip by checking your banned IP history and making an allowance for an entire set of IP ranges, something along the lines of
212.190.*.*
That will temporarily invalidate all connections coming from those nodes. The downside is it might potentially affect other users trying to connect, particularly if they are in a large city using mobile broadband or behind a large VPN. You have to make allowances. It's a temporary measure to combat massive flooding.
3. Ban your user's PHP session AND their IP. That way, they'll have to close their browser or refresh their cookies to re-register even if they change their IP. This will definitely slow down spammers.
4. I like this one. It's served me well. Place a cookie on registration that positively identifies an original member. Make sure it never refreshes, never changes and has a long duration. Every time a user registers, check for the presence of that cookie. If it exists, return a generic error message (like above), but also ban the IP. I know that seems extremely invasive, but it works wonders particularly with flamers who aren't technically clued up.
