Stop remote posting

Discussion in 'ASP General' started by Don Grover, Jan 13, 2004.

  1. Don Grover

    Don Grover Guest

    How can I stop some one from trying to post my form from a remote site.
    I am getting some one cycling through usernames trying fpr passwords on a
    web site.
    Don
    Don Grover, Jan 13, 2004
    #1
    1. Advertising

  2. You can block a range of IP addresses using the IIS administrator. For as
    page level access goes, retrieve the user's IP address, and see if the IP
    falls within the range, only then let the user through.

    Request.ServerVariables("REMOTE_ADDR")

    will give your the IP address of the client.

    --
    Manohar Kamath
    Editor, .netBooks
    www.dotnetbooks.com


    "Don Grover" <> wrote in message
    news:...
    > How can I stop some one from trying to post my form from a remote site.
    > I am getting some one cycling through usernames trying fpr passwords on a
    > web site.
    > Don
    >
    >
    Manohar Kamath [MVP], Jan 13, 2004
    #2
    1. Advertising

  3. Don Grover

    Bill Guest

    "Don Grover" <> wrote in message
    news:...
    > How can I stop some one from trying to post my form from a remote site.
    > I am getting some one cycling through usernames trying fpr passwords on a
    > web site.
    > Don
    >
    >


    do an HTTP Referrer check from your login, to make sure the source of the
    login attempt is from your website. If the source is not from your website,
    it IS an intrusion, do not allow the login and ban their IP address for one
    day.
    Bill, Jan 13, 2004
    #3
  4. Don Grover

    Brynn Guest

    <%
    Dim yourDomain, theReferer
    yourDomain = "http://www.yourdomain.com/"
    theReferer = Request.ServerVariables("HTTP_REFERER")
    theReferer = left(theReferer, len(yourDomain))

    If Not yourDomain = theReferer Then
    Response.Redirect("/niceTryBuddy.asp")
    %>


    the reason for left in the referer instead of using somthing like
    instr() is an instr statement could still be beat with an entry in the
    querystring to satisfy it.

    Brynn
    www.coolpier.com

    On Tue, 13 Jan 2004 16:02:22 -0500, "Bill" <>
    wrote:

    >"Don Grover" <> wrote in message
    >news:...
    >> How can I stop some one from trying to post my form from a remote site.
    >> I am getting some one cycling through usernames trying fpr passwords on a
    >> web site.
    >> Don
    >>
    >>

    >
    >do an HTTP Referrer check from your login, to make sure the source of the
    >login attempt is from your website. If the source is not from your website,
    >it IS an intrusion, do not allow the login and ban their IP address for one
    >day.
    >
    >
    >
    >


    I participate in the group to help give examples of code. I do not guarantee the effects of any code posted. Test all code before use!

    Brynn
    www.coolpier.com
    Brynn, Jan 14, 2004
    #4
  5. Don Grover

    Brynn Guest

    On your post page ... even easier than my other post

    <%
    Dim yourDomain, theReferer
    yourDomain = "http://" & Request.ServerVariables("HTTP_HOST")
    theReferer = Request.ServerVariables("HTTP_REFERER")
    theReferer = left(theReferer, len(yourDomain))

    If Not yourDomain = theReferer Then
    Response.Redirect("/niceTryBuddy.asp")
    %>

    put this at the top of any page that you want to protect from remote
    submit ... no changes required in above.

    Brynn
    www.coolpier.com





    On Wed, 14 Jan 2004 07:51:25 +1100, "Don Grover"
    <> wrote:

    >How can I stop some one from trying to post my form from a remote site.
    >I am getting some one cycling through usernames trying fpr passwords on a
    >web site.
    >Don
    >
    >


    I participate in the group to help give examples of code. I do not guarantee the effects of any code posted. Test all code before use!

    Brynn
    www.coolpier.com
    Brynn, Jan 14, 2004
    #5
  6. Don Grover

    Brynn Guest

    Except for the change of the /niceTryBuddy.asp page ... lol.

    I just redirect them to my home page ... or off the site completely.

    I suggest the follwing url

    http://www.fun-greetings-jokes.com/g/hkr.htm





    On Wed, 14 Jan 2004 03:44:06 GMT, (Brynn) wrote:

    >
    >On your post page ... even easier than my other post
    >
    ><%
    >Dim yourDomain, theReferer
    > yourDomain = "http://" & Request.ServerVariables("HTTP_HOST")
    > theReferer = Request.ServerVariables("HTTP_REFERER")
    > theReferer = left(theReferer, len(yourDomain))
    >
    >If Not yourDomain = theReferer Then
    >Response.Redirect("/niceTryBuddy.asp")
    >%>
    >
    >put this at the top of any page that you want to protect from remote
    >submit ... no changes required in above.
    >
    >Brynn
    >www.coolpier.com
    >
    >
    >
    >
    >
    >On Wed, 14 Jan 2004 07:51:25 +1100, "Don Grover"
    ><> wrote:
    >
    >>How can I stop some one from trying to post my form from a remote site.
    >>I am getting some one cycling through usernames trying fpr passwords on a
    >>web site.
    >>Don
    >>
    >>

    >
    >I participate in the group to help give examples of code. I do not guarantee the effects of any code posted. Test all code before use!
    >
    >Brynn
    >www.coolpier.com


    I participate in the group to help give examples of code. I do not guarantee the effects of any code posted. Test all code before use!

    Brynn
    www.coolpier.com
    Brynn, Jan 14, 2004
    #6
  7. Don Grover

    Bill Guest

    There's one problem with that - what if they access your site from
    http://yourdomain.com ?

    I suggest the following:

    <%
    Dim yourDomain, theReferer, theLen
    yourDomain = "http://www.yourdomain.com"
    theLen = len(yourDomain) - len("http://www.")
    theReferer = Request.ServerVariables("HTTP_REFERER")
    theReferer = RIGHT( left(theReferer, len(yourDomain)) , theLen )
    ....etc...






    "Brynn" <> wrote in message
    news:...
    >
    > <%
    > Dim yourDomain, theReferer
    > yourDomain = "http://www.yourdomain.com/"
    > theReferer = Request.ServerVariables("HTTP_REFERER")
    > theReferer = left(theReferer, len(yourDomain))
    >
    > If Not yourDomain = theReferer Then
    > Response.Redirect("/niceTryBuddy.asp")
    > %>
    >
    >
    > the reason for left in the referer instead of using somthing like
    > instr() is an instr statement could still be beat with an entry in the
    > querystring to satisfy it.
    >
    > Brynn
    > www.coolpier.com
    >
    > On Tue, 13 Jan 2004 16:02:22 -0500, "Bill" <>
    > wrote:
    >
    > >"Don Grover" <> wrote in message
    > >news:...
    > >> How can I stop some one from trying to post my form from a remote site.
    > >> I am getting some one cycling through usernames trying fpr passwords on

    a
    > >> web site.
    > >> Don
    > >>
    > >>

    > >
    > >do an HTTP Referrer check from your login, to make sure the source of the
    > >login attempt is from your website. If the source is not from your

    website,
    > >it IS an intrusion, do not allow the login and ban their IP address for

    one
    > >day.
    > >
    > >
    > >
    > >

    >
    > I participate in the group to help give examples of code. I do not

    guarantee the effects of any code posted. Test all code before use!
    >
    > Brynn
    > www.coolpier.com
    Bill, Jan 15, 2004
    #7
  8. Don Grover

    Brynn Guest

    Checkout my other post on in this thread ... I placed some code that
    won't care what site, etc ... :)


    On Wed, 14 Jan 2004 22:26:47 -0500, "Bill" <>
    wrote:

    >There's one problem with that - what if they access your site from
    >http://yourdomain.com ?
    >
    >I suggest the following:
    >
    ><%
    >Dim yourDomain, theReferer, theLen
    >yourDomain = "http://www.yourdomain.com"
    >theLen = len(yourDomain) - len("http://www.")
    >theReferer = Request.ServerVariables("HTTP_REFERER")
    >theReferer = RIGHT( left(theReferer, len(yourDomain)) , theLen )
    >...etc...
    >
    >
    >
    >
    >
    >
    >"Brynn" <> wrote in message
    >news:...
    >>
    >> <%
    >> Dim yourDomain, theReferer
    >> yourDomain = "http://www.yourdomain.com/"
    >> theReferer = Request.ServerVariables("HTTP_REFERER")
    >> theReferer = left(theReferer, len(yourDomain))
    >>
    >> If Not yourDomain = theReferer Then
    >> Response.Redirect("/niceTryBuddy.asp")
    >> %>
    >>
    >>
    >> the reason for left in the referer instead of using somthing like
    >> instr() is an instr statement could still be beat with an entry in the
    >> querystring to satisfy it.
    >>
    >> Brynn
    >> www.coolpier.com
    >>
    >> On Tue, 13 Jan 2004 16:02:22 -0500, "Bill" <>
    >> wrote:
    >>
    >> >"Don Grover" <> wrote in message
    >> >news:...
    >> >> How can I stop some one from trying to post my form from a remote site.
    >> >> I am getting some one cycling through usernames trying fpr passwords on

    >a
    >> >> web site.
    >> >> Don
    >> >>
    >> >>
    >> >
    >> >do an HTTP Referrer check from your login, to make sure the source of the
    >> >login attempt is from your website. If the source is not from your

    >website,
    >> >it IS an intrusion, do not allow the login and ban their IP address for

    >one
    >> >day.
    >> >
    >> >
    >> >
    >> >

    >>
    >> I participate in the group to help give examples of code. I do not

    >guarantee the effects of any code posted. Test all code before use!
    >>
    >> Brynn
    >> www.coolpier.com

    >
    >


    I participate in the group to help give examples of code. I do not guarantee the effects of any code posted. Test all code before use!

    Brynn
    www.coolpier.com
    Brynn, Jan 16, 2004
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. alanb
    Replies:
    2
    Views:
    520
    alanb
    Apr 23, 2004
  2. JezB

    Stop a button posting back

    JezB, Jun 22, 2004, in forum: ASP .Net
    Replies:
    9
    Views:
    3,392
    Eliyahu Goldin
    Jun 23, 2004
  3. Charlie
    Replies:
    1
    Views:
    2,693
    Steve C. Orr [MVP, MCSD]
    Oct 25, 2004
  4. bill
    Replies:
    1
    Views:
    384
    Ken Cox [Microsoft MVP]
    Dec 25, 2004
  5. AmitKu
    Replies:
    7
    Views:
    499
    John Timney \(MVP\)
    Jan 8, 2007
Loading...

Share This Page