Stop remote posting

[Don Grover]

How can I stop some one from trying to post my form from a remote site.
I am getting some one cycling through usernames trying fpr passwords on a
web site.
Don

 

[Manohar Kamath [MVP]]

You can block a range of IP addresses using the IIS administrator. For as
page level access goes, retrieve the user's IP address, and see if the IP
falls within the range, only then let the user through.

Request.ServerVariables("REMOTE_ADDR")

will give your the IP address of the client.

 

[Bill]

How can I stop some one from trying to post my form from a remote site.
I am getting some one cycling through usernames trying fpr passwords on a
web site.
Don

do an HTTP Referrer check from your login, to make sure the source of the
login attempt is from your website. If the source is not from your website,
it IS an intrusion, do not allow the login and ban their IP address for one
day.

 

[Brynn]

<%
Dim yourDomain, theReferer
yourDomain = "http://www.yourdomain.com/"
theReferer = Request.ServerVariables("HTTP_REFERER")
theReferer = left(theReferer, len(yourDomain))

If Not yourDomain = theReferer Then
Response.Redirect("/niceTryBuddy.asp")
%>


the reason for left in the referer instead of using somthing like
instr() is an instr statement could still be beat with an entry in the
querystring to satisfy it.

Brynn
www.coolpier.com

do an HTTP Referrer check from your login, to make sure the source of the
login attempt is from your website. If the source is not from your website,
it IS an intrusion, do not allow the login and ban their IP address for one
day.

I participate in the group to help give examples of code. I do not guarantee the effects of any code posted. Test all code before use!

Brynn
www.coolpier.com

 

[Brynn]

On your post page ... even easier than my other post

<%
Dim yourDomain, theReferer
yourDomain = "http://" & Request.ServerVariables("HTTP_HOST")
theReferer = Request.ServerVariables("HTTP_REFERER")
theReferer = left(theReferer, len(yourDomain))

If Not yourDomain = theReferer Then
Response.Redirect("/niceTryBuddy.asp")
%>

put this at the top of any page that you want to protect from remote
submit ... no changes required in above.

Brynn
www.coolpier.com

How can I stop some one from trying to post my form from a remote site.
I am getting some one cycling through usernames trying fpr passwords on a
web site.
Don

I participate in the group to help give examples of code. I do not guarantee the effects of any code posted. Test all code before use!

Brynn
www.coolpier.com

 

[Brynn]

Except for the change of the /niceTryBuddy.asp page ... lol.

I just redirect them to my home page ... or off the site completely.

I suggest the follwing url

http://www.fun-greetings-jokes.com/g/hkr.htm

On your post page ... even easier than my other post

<%
Dim yourDomain, theReferer
yourDomain = "http://" & Request.ServerVariables("HTTP_HOST")
theReferer = Request.ServerVariables("HTTP_REFERER")
theReferer = left(theReferer, len(yourDomain))

If Not yourDomain = theReferer Then
Response.Redirect("/niceTryBuddy.asp")
%>

put this at the top of any page that you want to protect from remote
submit ... no changes required in above.

Brynn
www.coolpier.com







I participate in the group to help give examples of code. I do not guarantee the effects of any code posted. Test all code before use!

Brynn
www.coolpier.com

I participate in the group to help give examples of code. I do not guarantee the effects of any code posted. Test all code before use!

Brynn
www.coolpier.com

 

[Bill]

There's one problem with that - what if they access your site from
http://yourdomain.com ?

I suggest the following:

<%
Dim yourDomain, theReferer, theLen
yourDomain = "http://www.yourdomain.com"
theLen = len(yourDomain) - len("http://www.")
theReferer = Request.ServerVariables("HTTP_REFERER")
theReferer = RIGHT( left(theReferer, len(yourDomain)) , theLen )
....etc...

<%
Dim yourDomain, theReferer
yourDomain = "http://www.yourdomain.com/"
theReferer = Request.ServerVariables("HTTP_REFERER")
theReferer = left(theReferer, len(yourDomain))

If Not yourDomain = theReferer Then
Response.Redirect("/niceTryBuddy.asp")
%>


the reason for left in the referer instead of using somthing like
instr() is an instr statement could still be beat with an entry in the
querystring to satisfy it.

Brynn
www.coolpier.com



I participate in the group to help give examples of code. I do not

guarantee the effects of any code posted. Test all code before use!

 

[Brynn]

Checkout my other post on in this thread ... I placed some code that
won't care what site, etc ...

There's one problem with that - what if they access your site from
http://yourdomain.com ?

I suggest the following:

<%
Dim yourDomain, theReferer, theLen
yourDomain = "http://www.yourdomain.com"
theLen = len(yourDomain) - len("http://www.")
theReferer = Request.ServerVariables("HTTP_REFERER")
theReferer = RIGHT( left(theReferer, len(yourDomain)) , theLen )
...etc...







guarantee the effects of any code posted. Test all code before use!

I participate in the group to help give examples of code. I do not guarantee the effects of any code posted. Test all code before use!

Brynn
www.coolpier.com