Stealing users IP address


#1

Is there a functiaon to take the IP address of person who submits to a
form
example:


#2

On 4/26/06, Mohammad removed_email_address@domain.invalid wrote:

Is there a functiaon to take the IP address of person who submits to a
form
example:

In your controller action, you can invoke:
request.remote_ip

You don’t need a field on the form.


#3

Wilson B. wrote:

On 4/26/06, Mohammad removed_email_address@domain.invalid wrote:

Is there a functiaon to take the IP address of person who submits to a
form
example:

In your controller action, you can invoke:
request.remote_ip

You don’t need a field on the form.
I got this error
undefined local variable or method `request’ for
ApplicationController:Class


#4

On Apr 26, 2006, at 8:50 PM, Mohammad wrote:

In your controller action, you can invoke:
request.remote_ip

You don’t need a field on the form.
I got this error
undefined local variable or method `request’ for
ApplicationController:Class

What version of Rails are you running?

Robby

Robby R.
Founder & Executive Director

PLANET ARGON, LLC
Ruby on Rails Development, Consulting & Hosting


www.robbyonrails.com

+1 503 445 2457
+1 877 55 ARGON [toll free]
+1 815 642 4968 [fax]


#5

Robby R. wrote:

On Apr 26, 2006, at 8:50 PM, Mohammad wrote:

In your controller action, you can invoke:
request.remote_ip

You don’t need a field on the form.
I got this error
undefined local variable or method `request’ for
ApplicationController:Class

What version of Rails are you running?

Robby

Robby R.
Founder & Executive Director

PLANET ARGON, LLC
Ruby on Rails Development, Consulting & Hosting

www.planetargon.com
www.robbyonrails.com

+1 503 445 2457
+1 877 55 ARGON [toll free]
+1 815 642 4968 [fax]

Ruby version 1.8.4 (i386-mswin32)
RubyGems version 0.8.11
Rails version 1.1.2
Active Record version 1.14.2
Action Pack version 1.12.1
Action Web Service version 1.1.2
Action Mailer version 1.2.1
Active Support version 1.3.1


#6

Just making sure you know… the IP address is a very unreliable piece
of information. It changes all the time for most users. AOL users have
a different IP address for every request, for example, and for dial-up
and most DSL users, it changes every time they connect. It can be
useful sometimes for trying to spot trends in usage, or, to an extent,
finding out where someone is from


#7

unknown wrote:

Just making sure you know… the IP address is a very unreliable piece
of information. It changes all the time for most users. AOL users have
a different IP address for every request, for example, and for dial-up
and most DSL users, it changes every time they connect. It can be
useful sometimes for trying to spot trends in usage, or, to an extent,
finding out where someone is from

So is there an efficent way to ban someone from my site?


#8

The best way I’ve found, although still reasonably easy to get around,
is to use a combination of a cookie and an IP address. If either is
matched to a banned list, they don’t get in.

Also, depending on the nature of the site, it can be possible to have
fake site features for banned users to hide the fact that they have
been banned. It will fool some, believe me.

-Nathan


#9

Oh, and just to clarify, the point of hiding from users that they’ve
been banned is so that they deliberately don’t try to get around your
banning method.


#10

Hey, I really like that idea :slight_smile:


#11

It’s good isn’t it. There are parts of my site which anyone can edit,
and I’m working out how to set it up so that when a blocked user edits
something, their changes come up for them once they submit (using
ajax) just as if they were a normal user. If they were to refresh the
page, however, they would notice that their changes haven’t actually
had any effect at all. Cool, huh?
-Nathan


#12

On 27/04/06 15:16 +0100, removed_email_address@domain.invalid wrote:

It’s good isn’t it. There are parts of my site which anyone can edit,
and I’m working out how to set it up so that when a blocked user edits
something, their changes come up for them once they submit (using
ajax) just as if they were a normal user. If they were to refresh the
page, however, they would notice that their changes haven’t actually
had any effect at all. Cool, huh?
-Nathan

That’s a really neat idea. Sounds like a good candidate for a plugin or
generator.

Jason


#13

On 4/26/06, Mohammad removed_email_address@domain.invalid wrote:

request.remote_ip

You don’t need a field on the form.
I got this error
undefined local variable or method `request’ for
ApplicationController:Class

Could you paste the function that you’re using the request in?