How do I detect when a new computer has logged into my website?
The public IP address can be the same since you can share more than 1 computer via 1 internet connection.
I could use cookies but this will only detect a new browser not a new computer! 1 computer can have IE, firefox, chrome! Etc.
I expect (and hope) that this is impossible. If my browser is transmitting information that identifies my machine, then I want a new browser. Likewise, you should probably not be expecting to be able to receive such information.
Update
Seems like I have to update my expectations: https://panopticlick.eff.org/
You can use browser finger printing to do a pretty darn good job of distinguishing between computers that visit your site. It won't be 100% perfect but not far short.
There is no unique way to identify visitors to your website. All types of cookies get deleted at some point. You might be tempted to use flash cookies, since they don't depend on the browser but I strongly recommend against it since there is a huge legal debate on them.
Your only solution is to use a heuristic based on all the information you can gather on your visitor. This is called browser fingerprinting. Check out http://panopticlick.eff.org/ for the latest research on this topic.
You can check for the HTTP_X_FORWARDED_FOR header which should contain the machines Class C address (eg: 192.168.0.10) provided it was forwarded by a proxy.
you can set a cookie on client and check it in session_start ,its not 100% solution but can be a solution
Related
I want to make a program which detects if some website was opened/visited by the user, for example, facebook.com. It has to work regardless of the used web browser.
I thought about checking records in DNS Cache, it would work, but there is a problem - it will generate false positives. Why, because some pages contain facebook widgets. In this case, I don't need to visit fb to make facebook.com appears in my DNS cache, it will appear all the time I visit the website that contains fb widgets.
The second idea was looking for active TCP connections, but it doesn't work too.
The last idea was to sniff traffic. I made simple test in Wireshark and there is the same problem as in checking DNS cache records, more precisely false positives. Also, fb uses https protocol, so I can't see that simple their address, I have to obtain their IPs from DNS and then try to find them out in the sniffed traffic.
I have no more ideas how to solve this problem.
Have you thought about banning or tracking the IP address for facebook?
I did a nslookup for facebook.com and got:
nslookup facebook.com
Non-authoritative answer:
Name: facebook.com
Addresses: 2a03:2880:f001:1f:face:b00c:0:25de
31.13.76.68
My suggestion would to be using the Titanium Web Proxy, and utilize the OnRequest event in order to track calls to certain domains (stored in the SessionEventArgs.ProxySession.Request.Url) property in the OnRequest call. You can even modify the results / requests before they go out. However, be aware that this library does overwrite your current system proxy settings.
there is an online testing website for students.
i want to prevent users to login from one device.
i mean if one person logged in from device A and even logged out, then other users can not logged in from device A, until a specific time. half hour for example.
what is the best and most simple method for this?
how to use device's IP to do this?
I'm using asp.net 4 C#
thank you very much.
I don't think IP is a good way to identify the device, since there are many people don't accessing internet directly but through a shared local router. And every web browser restricts websites accessing to local resources due to security consideration. So we can't get hardware information to identify a device, except using some techniques such as ActiveX. If you don't like ActiveX, you can PARTLY solve the problem using cookies. For every page a user requests during he/she logged in, you can write some cookies remember the time, and denies the log in operation in log in page's code, if the time in cookies was not fit. But if a user switches to another local account, or a different browser, it won't work.
Get the MAC address of the device to make sure the same device is not connecting from a different IP. Here there are several hints about how to get MAC address.
Then store the addresses and the time in your db and apply your logic.
I do not think you can count on the IP address because most of them are dynamic and especially with mobile devices it is very easy to connect from different networks.
Is it possible to detect whether a website has a dedicated or shared ip address from it's url using C# (Windows Forms application) ? I want to implement a functionality in my application to let write a web address in a TextBox than i click on the Test button. and then show ( Success ) MessageBox if the site has a Dedicated ip address or show a ( Failure ) MessageBox otherwise.
How can i detect whether a website has a Shared or Dedicated IP Address using C#.NET?
You can try, but you'll never have a good result. The best I think you could do is to check the PTR records of the IP, and then check if there are associated A records from different websites. This would still suck however, since a website could have two seemingly different domains that pertain to the same organization (googlemail.com/gmail.com for example).
Also, this assumes the existence of PTR records, multiple ones. I don't think I've seen such a setup supported by most VPS/sharing hosting.
Well, the way I would do it is:
Send HTTP GET to the URL and save the result.
Resolve the URL to an IP.
Send HTTP GET to the IP and save the result.
Compare the two results. (You can do sample checks between the two result)
If the results are the same, then this is dedicated hosting, if the result is different then this is a shared hosting.
Limitations for this method that I can think of now:
Will take you time to figure our a proper comparing method for the
two results.
If shared hosting is configured to default route to the site which you are checking.
Functions to resolve URLs, and do web requests for different programming languages are scattered across the Internet.
From a technical standpoint, there's no such thing as a "shared" or "dedicated" IP address; the protocol makes no distinction. Those are terms used to describe how an IP is used.
As such, there's no programmatic method to answer "is this shared or dedicated?" Some of the other answers to this question suggest some ways to guess whether a particular domain is on a shared IP, but those methods are at best guesses.
If you really want to go down this road, you could crawl the web and store resolved IPs for every domain. (Simple, right?) Then you could query your massive database for all the domains hosted on a given IP. (There are tools that seem to do this already, although only the first one was able to identify the multiple domains I have hosted on my server.)
Of course, this is all for naught with VPS (or things like Amazon EC2) where the server hardware itself is shared, but every customer (domain) gets one or more dedicated IPs. From the outside, there's no way to know how such servers are set up.
TL;DR: This can't be done in a reliable manner.
Is there a way to check if flash is installed in Firefox from C# code on the server? For instance when the client browser is IE, you can check
Request.Headers["accept"].Contains ("application/x-shockwave-flash")
but a Firefox request doesnt contain the same header.
Given you've tagged this as "server-side" and talk about the client's machine, then you may well be disappointed.
The only way to check this is with code running on the host you're checking (i.e. the client) - of course, you could do this and transmit the answer to the server (to store in the session, for example)
Edit: It's also worth remembering that any headers you receive (or rely on receiving) may be removed by intermediate proxies, or just plain lying (could be a bot)
On the client machine I need to be able to somehow detect which sites the current user are looking at right now.
I know the base URL of the sharepoint app, say sharepoint.thecompany.net but how the hack do I get the last requested url from the server?
I have hit a dead stop when trying to iterate the current processes and the casting the iexplorer process to something I can work with, I just don't know which kind of object to cast the process to :-(
I hope to implement this logic in a C# assembly what should run on the client box.
Any other approach that might work?
Thanks in advance
WatiN will allow you to attach to IE instances and get the current url from them. It will also allow you to do the same with Firefox instances.
It might be more efficient however to try to get requested urls at the network level using a wireshark type concept where you are just listening to http traffic on the computer and keeping track of the urls but a solution like that is a bit over my head.
EDIT: I came across this while looking for a solution: http://www.codeproject.com/KB/IP/networkmonitor.aspx
From what I can see I would think you could adapt the monitoring code to monitor and look for http request packets and parse the headers for the url information you need.