How to determine someone's IP address?

**kuau** · 02-02-2011, 04:58 PM

1) Script Title: .htaccess Banning

2) Script URL (on DD): http://tools.dynamicdrive.com/userban/

3) Describe problem: There is a particular person I wish to ban from my website. How do I find out what their IP address is in order to ban it? Thanks.

**Nile** · 02-02-2011, 05:25 PM

There are a number of ways you can get this information. One is simply using $_SERVER['REMOTE_ADDR'] with PHP and inserting there IP into the database. Just redirect the person to a page with something like:

PHP Code:


<?php
file_put_contents('banned.txt', $_SERVER['REMOTE_ADDR']);
?>

**kuau** · 02-02-2011, 05:31 PM

Hi Nile, nice to see you are still here.

Thanks for how to store the IP's, but how do I tell it is them in the first place? I might be able to tell by frequency of visits, but is there any way to know for sure who is at a particular IP address?

**Nile** · 02-02-2011, 05:34 PM

:/ Not really - is the site you're talking about a register-type site(where you have to register and become a user)?

**kuau** · 02-02-2011, 05:36 PM

I might do that eventually, but right now the site is open to anyone who goes there.

**djr33** · 02-02-2011, 05:54 PM

You will need to make that person access your page in a way that you can identify it as that person. Your server logs might help with this (if you can access them).
If you can somehow make them load that page, it's easy. But otherwise, it will be difficult.

By "particular person", how do you identify them? If they have a user account, it often includes a stored IP address. If not, you could add one to the account in the database (a field, updated each time they load a page) in order to identify them. Once you have the IP, just ban using .htaccess.

If you don't have user accounts, then you could create pseudo user accounts by creating "users" based on IP address. The username will be the IP and each time they load a page you can update the table, including information like how many pages they've loaded. If this info could help you identify the problematic IP then that will work.

You could also eliminate those accounts you trust by telling them a password, if this is for a close group of friends. If it's meant to be public that won't work. Then find those that don't enter the password and eliminate them.

However, banning without accounts is a messy process and probably not reliable. Banning by IP is especially bad because you might be blocking a library or other shared IP, and the user can just access your account some other way-- and IPs rotate every once in a while.

But most importantly, how do you know you want to ban this individual? There is likely some trace available to you that can point to the IP.

Finally, you can attempt to understand what the IP means by looking up a "who-is" query (just google that) and you will find their approximate location and service provider. A service like MaxMind GeoIP will give you a more specific guess about exact location. Of course that won't prove anything, but if you have many visitors from the US and one visitor from Australia (just a random example), that might be enough to give you a hint that that user is the spammer (or whatever the problem is), since they don't match the other demographics. But be careful with that of course.

**kuau** · 02-02-2011, 07:13 PM

I do know this person's website and where their hosting account is but not their ISP. Even if I knew the ISP, they are always set for DHCP by default. Would that help?

Most visitors would arrive at the home page so would I put Nile's code on the home page but load the variable into a database with the date or something?

<?php

file_put_contents('banned.txt', $_SERVER['REMOTE_ADDR']);

?>

**djr33** · 02-02-2011, 07:40 PM

The IP address is only visible to you when they view a page on your server. It's not something you can determine in other ways (like from their site). Again, you need to determine how you know (some behavior), then use that to find the IP.

Nile's code will not help to differentiate users. You can use $_SERVER['REMOTE_ADDR'] and store that in a database, correlated to page views, but you're going to need to make the connection in some way that can be translated into numbers your server can see.

Why do you want to ban them? Are they taking too many resources? That's something you can track.

**kuau** · 02-02-2011, 08:09 PM

I spent several years creating the content for my site and the last time I had the site up, this person stole all my content and put up her version of my site. She would daily watch my site and as soon as I added something, she would put it on her site. I just don't want to even think about this creepy person.

**djr33** · 02-02-2011, 08:59 PM

That's unfortunately very difficult to track. Most likely they took content by cutting and pasting and while it might be (theoretically) possible to have some Javascript on the page to catch this, it would be difficult and they might be stealing the content another way (such as just viewing the pages and choosing "save as..."). Since there is no specific event and their traffic will appear identical to other visitors, I'm not sure if there's a way you can find the IP address.

However, there is another way to approach the situation. What they are doing is illegal and you can report the copyright infringement to their host. In fact, you might be able to identify them personally by looking at the registration information for the domain name, or if they have a shared address (like at the hosting company) you can ask the host. That won't stop them from trying this again in the future, but if you make their job stealing your content more difficult, it might be enough to stop them from doing it.

You could block hotlinking to your pages if they are using images or other files directly from your site. That's probably a minor issue though.

In this case, even making user accounts (and making login required) would not solve the problem because you wouldn't know which user is responsible. If your site gets a very small number of visitors you might be able to deduce who is not a legitimate visitor by verifying the others, but that's a lot of work for you.

The only way I can think of to figure out this IP would be to actually temporarily compromise your site and create some sort of trap. For example, somehow include a reference to the IP address in the page's content. Of course you'd want to make it subtle and hope they don't manually remove that while stealing your content. Once the content is stolen, find it, identify the IP and go from there.
Actually, the one way that would likely work would be to rotate the content often. Keep logs on a rotating basis. Then when the stolen content appears, keep that log because you know that among those logged IPs is the thief. Then repeat this until you have a few lists of IPs that visited your site during the time the content was stolen. Cross reference these lists until you have only a few overlapping IPs-- eventually you'll find it.

But unfortunately none of that is easy or even guaranteed to work. I'd really suggest contacting the host for the website. Usually they will remove something like that.