如何确定访客的IP？ [英] How to make sure about the ip of the visitor?

问题描述

我有一个博客聚合网站

故事按访问次数排序

我认为我正面临访问垃圾邮件

I think I am facing a spam of visits

因为一些博客的故事在同一秒内收到了大量的访问，其中有传出的IP地址

because some blogs' stories receive a lot of visits in the same second with efferent ip address

我的网站不允许来自同一个ip的访问;然而，我的访问者以某种方式改变了他们的ips。

my website does not allow visits from the same ip; however, my visitors somehow changing their ips.

他们是否能够检测到这种垃圾邮件访问？我想知道Google adSense如何解决这样的问题？

is their any solution to detect this spam visits?, I wonder how Google adSense solves such a problem?

谢谢

推荐答案

简短的回答是，不可能停止如果一次未经验证的访问是改变故事顺序所需的唯一内容，那就是坚定的攻击者。
您可能想考虑实施注册用户投票系统。

The short answer is that it's impossible to stop a determined attacker if a single unverified visit is the only thing required to alter the order of your story. You may want to think about implementing a registered user voting system.

但是，您可以收集多条信息并将所有信息组合在一起：

However, You can collect several pieces of information and combine all of them:

1）用户代理

2）IP地址

3）X-Forwarded-For标题（如果有）

1) User Agent
2) IP Address
3) X-Forwarded-For header (if available)

攻击者经常会懒惰，而不是通过不同的用户代理循环。如果您将系统设置为以特定间隔（而非实时）处理访问信息，则可能会使用相同的用户代理过滤掉同时发生的大量访问。

Often times attackers will be lazy and not cycle through different user agents. If you setup your system to process visit information at a certain interval (and not in real-time), you could potentially filter out large collections of visits occuring at the same time with the same exact user agent.

您可以随时从antiproxy.com等网站下载代理数据库，但事实是，今天大多数精心策划的攻击都来自尚未记录的僵尸网络节点。您的网站完全有可能成为针对异构流量的攻击的目标，这种攻击与普通访问者无法区分。

You could always download databases of proxies from websites such as antiproxy.com, but the truth is that most well planned attacks today come from botnet nodes which have yet to be documented. It is fully possible for your website to be targeted by an attack with heterogeneous traffic which is indistinguishable from normal visitors.

至少，我建议更改您的实施，以便用户可以对故事进行投票并需要验证码。

At the very least, I would suggest changing your implementation so that users can vote on stories and require a captcha.

这篇关于如何确定访客的IP？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！