How to make sure about the ip of the visitor?

2019-05-25 21:39发布

问题:

I have a blog aggregation website

the stories are ordered by the number of visits

I think I am facing a spam of visits

because some blogs' stories receive a lot of visits in the same second with efferent ip address

my website does not allow visits from the same ip; however, my visitors somehow changing their ips.

is their any solution to detect this spam visits?, I wonder how Google adSense solves such a problem?

Thanks

回答1:

The short answer is that it's impossible to stop a determined attacker if a single unverified visit is the only thing required to alter the order of your story. You may want to think about implementing a registered user voting system.

However, You can collect several pieces of information and combine all of them:

1) User Agent
2) IP Address
3) X-Forwarded-For header (if available)

Often times attackers will be lazy and not cycle through different user agents. If you setup your system to process visit information at a certain interval (and not in real-time), you could potentially filter out large collections of visits occuring at the same time with the same exact user agent.

You could always download databases of proxies from websites such as antiproxy.com, but the truth is that most well planned attacks today come from botnet nodes which have yet to be documented. It is fully possible for your website to be targeted by an attack with heterogeneous traffic which is indistinguishable from normal visitors.

At the very least, I would suggest changing your implementation so that users can vote on stories and require a captcha.



回答2:

With PHP you can check the $_SERVER ["HTTP_X_FORWARDED_FOR"] variable against the IP adress for a little more assurance that the client is who he says he is. This will help identify people through some proxies.



回答3:

I use this function sometimes. But as others have said, it can be tough to get the correct IP 100 per cent of the time.

I can't remember where I got the function from, but it seems to be fairly common on the internet.

function getRealIpAddr()
{
    if (!empty($_SERVER['HTTP_CLIENT_IP']))   
    {
      $ip=$_SERVER['HTTP_CLIENT_IP'];
    }
    elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
    {
      $ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
    }
    else
    {
      $ip=$_SERVER['REMOTE_ADDR'];
    }
    return $ip;
}


回答4:

You cannot reliably detect an IP.

It may be coming through a proxy or it may be spoofed.