Detect Visitor's Town and Country

[Victor]

I've been to a few websites where it displays the town, state (if USA),
country I'm browsing from. Now, I know that detecting country is easy, but
how do you determine the town?

What ASP components do this?

Thanks,

Bill.

 

[Aaron [SQL Server MVP]]

http://www.countryhawk.com/

 

[Evertjan.]

Victor wrote on 11 apr 2005 in microsoft.public.inetserver.asp.general:

I've been to a few websites where it displays the town, state (if
USA), country I'm browsing from. Now, I know that detecting country is
easy, but how do you determine the town?

What ASP components do this?

You do not need a component,
just ask the user,
all other methods being incorrect more often than not.

Millions of users will vouch this code as being correct:

<%
a=7

if a<8 then
%>You live in the New York, NY<%
else
%>You are dead<%
end if

%>

 

[Victor]

http://www.countryhawk.com/

This does not detect town.

 

[Victor]

Victor wrote on 11 apr 2005 in microsoft.public.inetserver.asp.general:


You do not need a component,
just ask the user,
all other methods being incorrect more often than not.

This is for a password security system, to prevent re-use of passwords
issued to corporate accounts. So, asking the user kinda defeats the
security, don't you think?

 

[Victor]

there is no guaranteed way of doing this...
Best you can do it get the users IP and do some geo-lookups but even these
aren't accurate, they will only get you a location for the users ISP at
best.....

That's the old way.

Most reverse DNSs now give you the domain not of the ISP, but of the user's
internet connection location to the ISP, which then needs to be decoded
(which is what I'm asking for) to give you the town.

 

[Evertjan.]

Victor wrote on 11 apr 2005 in microsoft.public.inetserver.asp.general:

This is for a password security system, to prevent re-use of passwords
issued to corporate accounts. So, asking the user kinda defeats the
security, don't you think?

You seem to have a strange sense of security,
trusting a virtual component like that.

 

[Aaron [SQL Server MVP]]

This is for a password security system, to prevent re-use of passwords

issued to corporate accounts.

So if I sign on using AOL, and it says I am from Reston, VA instead of my
real hometown, suddenly I'm not allowed in? I'll have to echo Evertjan
here... that's a very peculiar security system. And I'll also echo Curt's
comments, that there is no reliable way to guarantee that the town reported
by geo-lookups is the town the user is really in. Even high-speed cable and
DSL services (Cox, SBC, RoadRunner, Verizon) can rotate your connection out
and unwittingly place you in a different town, even though you haven't gone
anywhere. With multiple data centers your connection could be routed
anywhere... especially with the bigger ISPs.

A

 

[Victor]

Victor wrote on 11 apr 2005 in microsoft.public.inetserver.asp.general:


You seem to have a strange sense of security,
trusting a virtual component like that.

you seemd to be pretty narrow minded, thinking that I don't have other
methods of security.

 

[Victor]

So if I sign on using AOL, and it says I am from Reston, VA instead of my
real hometown, suddenly I'm not allowed in?

Again, you are thinking two years ago. More and more ISPs are giving you the
exact town in the reverse DNS. For example, Comcast Cable used to report
back only the location of network access. Now, it gives back the exact town
you're accessing the internet from. DSL lines, that two years ago used to
only show the location of the CO, now give you the town. Many dialups, like
AT&T will also give you a reverse DNS of your access phone number, which can
tell you the location. More and more ISPs are adopting this.

For example, I just found a component called Geobytes, which reports back
the user town and location. It also reports back any proxy types. So, if you
are using something like AOL dialup, then you are accessing thru a type of
proxy, and Geobytes reports this, so that I know the location data isn't
accurate, and I can hand-code the security properly.

 

[Evertjan.]

Victor wrote on 11 apr 2005 in microsoft.public.inetserver.asp.general:

Victor wrote on 11 apr 2005 in [..]

Victor wrote on 11 apr 2005 in
This is for a password security system, to prevent re-use of
passwords issued to corporate accounts. So, asking the user kinda
defeats the security, don't you think?

You seem to have a strange sense of security,
trusting a virtual component like that.

you seemd to be pretty narrow minded, thinking that I don't have other
methods of security.

Narrow minded??

This is neither here nor there.

It was YOU that came up with this as a means of security.
It was you that wanted our help.

So you too don't trust such component? Then why use it?

 

[Victor]

Victor wrote on 11 apr 2005 in microsoft.public.inetserver.asp.general:

Victor wrote on 11 apr 2005 in [..]
Victor wrote on 11 apr 2005 in
This is for a password security system, to prevent re-use of
passwords issued to corporate accounts. So, asking the user kinda
defeats the security, don't you think?

You seem to have a strange sense of security,
trusting a virtual component like that.

you seemd to be pretty narrow minded, thinking that I don't have other
methods of security.

Narrow minded??

Yes, because you are looking at the problem from a very narrow minded
perspective. Like all components, and all programming, there needs to be
error-checking in case the component doesn't provide the required
functionality.

Do you understand the concept of error-checking?

 

[Evertjan.]

Victor wrote on 12 apr 2005 in microsoft.public.inetserver.asp.general:

Victor wrote on 11 apr 2005 in
microsoft.public.inetserver.asp.general:

Victor wrote on 11 apr 2005 in [..]
Victor wrote on 11 apr 2005 in

This is for a password security system, to prevent re-use of
passwords issued to corporate accounts. So, asking the user
kinda defeats the security, don't you think?

You seem to have a strange sense of security,
trusting a virtual component like that.

you seemd to be pretty narrow minded, thinking that I don't have
other methods of security.

Narrow minded??

Yes, because you are looking at the problem from a very narrow minded
perspective. Like all components, and all programming, there needs to
be error-checking in case the component doesn't provide the required
functionality.

Do you understand the concept of error-checking?

You are both insulting and bringning in new unmentioned points that have
nothing to do with your OQ.

You were asking about localisation by IP, which we answered.
Then you said you you wanted it for security, which we answered.
Then you said I was narrow minded,
because I did not know that you would not depend on that security, which
I answered. Now you say we should not warn you because we schould know
you would depend on error checking anyway, which concwept I would have
to know, but that you did not introduce before.

You better not be my programmer.

I have had enough of this.

 

[Aaron [SQL Server MVP]]

Again, you are thinking two years ago.

Oh brother. All right, let us know how you make out. You asked for our
help, we tried to offer it, it wasn't good enough for you, so I suggest you
try elsewhere before you alienate all of the regulars with your attitude.

 

[Jeff Cochran]

That's the old way.

Most reverse DNSs now give you the domain not of the ISP, but of the user's
internet connection location to the ISP, which then needs to be decoded
(which is what I'm asking for) to give you the town.

Reverse DNS gets you whatever is entered in the in-addr.arpa reverse
domain for the zone. It may be an indicator of location, it may not.

Now, how do you get my country and town when I dial into a Canadian
ISP from here in the US?

Jeff

 

[Jeff Cochran]

This is for a password security system, to prevent re-use of passwords
issued to corporate accounts. So, asking the user kinda defeats the
security, don't you think?

I'm at a loss as to why the town/country would be involved, or even
make a valid indicator for security purposes.

Jeff

 

[Jeff Cochran]

Again, you are thinking two years ago. More and more ISPs are giving you the
exact town in the reverse DNS. For example, Comcast Cable used to report
back only the location of network access. Now, it gives back the exact town
you're accessing the internet from. DSL lines, that two years ago used to
only show the location of the CO, now give you the town. Many dialups, like
AT&T will also give you a reverse DNS of your access phone number, which can
tell you the location. More and more ISPs are adopting this.

Okay, so now your security relies on an ISP entering information into
a PTR record that you can refer to, then possibly adapt in some other
manner if it isn't directly what you're looking for, then if all fails
you'll still do it a different way. When you could skip all the
checking, do it faster and more accurately by forgetting the idea
altogether.

For example, I just found a component called Geobytes, which reports back
the user town and location. It also reports back any proxy types. So, if you
are using something like AOL dialup, then you are accessing thru a type of
proxy, and Geobytes reports this, so that I know the location data isn't
accurate, and I can hand-code the security properly.

Just checked it. Bummer, it shows I have a four hour drive home now.
Funny it took me 58 seconds to drive it on the way in, how did I
suddenly move 190 miles north? Oh well, if it had moved me the same
distance due south I'd need a visa to get home. Oh, and a home-made
raft that would be missed by the Cuban gunboats.

Guess maybe I really should configure a PTR record for the NAT address
so your security will work.

Jeff

 

[Pat Phelan]

I find this discussion amusing, since my desktop would be an abomination
for this kind of security checking. Right now I have five publically
available IP addresses on three continents, none of which appears to be
within 200 kilometers of where I'm actually located!

-PatP

========================================
Please post DDL at the very least, and DML when possible to make it
easier for people to help you.

Please reply only via newsgroups, as I rarely reply to email. The
letters BAM should actually be AOL throughout my whole email address.

 

[Aaron [SQL Server MVP]]

Geez Pat, you must be living two years ago. Did you write to us using a
time machine?

 

[Pat Phelan]

Geez Pat, you must be living two years ago. Did you write to us using
a

time machine?

Time has no meaning on the Internet. Where else do you find fourty
people waiting to play games at 02:00 (well, besides a college campus
anyway)???

-PatP

========================================
Please post DDL at the very least, and DML when possible to make it
easier for people to help you.

Please reply only via newsgroups, as I rarely reply to email. The
letters BAM should actually be AOL throughout my whole email address.