can we trace the user geographical location in asp.net ,
I know we can get the user IP address or ServerVariables("REMOTE_ADDR")
but my need is to check the visitors by city name so can my client use this data for his business
As I said in my comment:
I am not .net guy, I am actually a PHP dev but this is quite universal
across board. Yes, you can get A country and A city, but as to whether
it is your users COUNTRY and CITY....well it is unlikely to be your
users city since most ISPs do not hold their exchanges in the same
city as the user...but you have a good chance with country.
But I thought I would elaborate a bit.
The country, especially if they are like me and using an encrypted proxy, won't be of any help to you, however services like cloudflare will give you the users IP country in HTTP headers, and it's free. Better than spending £200 a month on getting nothing but false positives from dedicated services.
A similar question was asked on asp.net forum and it was answered using a good example.
Reference : Link
How do you expect to do that? My IP is assigned by an ISP located 300
miles from me. My web host is in North Carolina, a 16 hour drive
away. My cellular link in my notebook has an IP issued from New
Jersey. It's been two decades since the last time I was in New
Jersey. 1: http://forums.asp.net/post/3072924.aspx
I am probably really late answering this, but I recently worked on this project because I needed it myself. so maybe it might help someone out there.
http://iplookup.tk/service/iplookup/{YOUR IP ADDRESS}
NB: depending on the content-type of your request the result can either be in Json or XML. by default its xml
Related
I operate a private (login required) Wordpress site for a client who recently had an employee move to the UK.
Their ISP there, Virgin Media, is blocking the website. I realize the employee could simply edit their Virgin Media user settings as suggested in the screenshot below, but is there anything I can do as the administrator/developer to whitelist the site?
Edit: I should add that i've done the preliminary check on google and looked for documentation for developers on Virgin's site, but couldn't find a thing.
I have checked the site with Google's Safe Browsing checker and Qualys' SSL Labs and both came out clean.
What the employee sees:
You may want to start by seeing what your site report looks like using a tool like Blocked.org.uk, which will give you a rough idea on if it's a single ISP in the UK that's filtering your site, or the entire gamut. For a single one, you may be able to get an exemption. If your site is blocked by a majority of ISPs, it may be that there is a court order or similar compelling UK ISPs to filter your site for one reason or another (unlikely, but possible).
Next, Virgin's FAQs state you can try to get in touch with someone knowledgable on the subject by posting in their Help forum; search "whitelist" for a few samples of folks with similar issues to yours to get an idea on how to get a helpful response.
Finally, you may have to acknowledge an uphill battle in answering the "why" - it's a fact that these companies make money (directly or otherwise) by providing a service in which they use some form of proprietary data collection and/or heuristic analysis to determine what should be filtered versus what should be allowed to be passed through. Revealing the "secret sauce" of this filtering to answer your "why" is probably not at all beneficial to them in any way. As such you may find the effort of chasing this answer down quite futile (speaking anecdotally from my own experience with similar issues: it is).
I am looking for as reliable and accurate / quick means possible to add in some htaccess code to block visits to a website from countries / IPs which are not in the white listed list of countries I want to allow access for. I have looked at https://www.ip2location.com/free/visitor-blocker which seems to offer a solution - for the 4 allowed countries I want to allow access - it has created a 4.1MB htaccess file! Will this mean slow access when someone attempts to view the site? I guess using a free service like this means the data is likely nowhere near comprehensive?
Does anyone have any suggestions on a good way to allow just visitors from a few countries access to a website?
It sounds like the service you used basically tried tried to brute force the blacklist. If you look into the htaccess file I'm sure you will be a long list of hard coded IP blocks.
In my opinion this is a terrible way to handle a geographic blacklist. To your original question - there is no "most reliable, most accurate, and quickest" method. Those are separate categories and you will need to preference one over the next.
For performance you could consider blacklisting at the routing level / dns server / proxy. This obviously isn't going to be the quickest way in terms of performance. There are Apache Modules that exist that allow you to use a local database to compare the incoming IP address with a list of known IP blocks from the blacklisted country. One of the main issues with this is that you need to constantly update your database to take in new IP blocks.
In my opinion the "best" method to do this is a simple redirect at the application layer using server side code. There exists several geographic API's where you can send in the IP or Hostname and get back a country of origin. An example:
$xml= new SimpleXMLElement(file_get_contents('http://www.freegeoip.net/xml/{IP_or_hostname}'));
if($xml->CountryCode == "US") {
header('Location: http://www.google.com');
}
There are two ways to block a visitor in web server. One is using firewall (.htaccess etc) and another one is using server-side scripting (PHP etc).
If you are concern of the performance of the firewall option, then you can download the IP2Location LITE database from http://lite.ip2location.com and implement the database in your local server. For every connection, you query the visitor IP address and find their country. You can redirect or block them using the PHP codes. Please find the complete steps in https://www.ip2location.com/tutorials/redirect-web-visitors-by-country-using-php-and-mysql-database
There is also another option to use remote geolocation API. However, we do not suggest this method because of network latency. It will slow down all user experience due to API queries.
Recently, I began playing with GA Measurement protocol, it has huge potential for custom-made apps, especially for event tracking of webapps.
The problem I'm facing is;
GA is always using the requester's IP as the source IP!
even GA docs says;
"IP Address – Is implicitly sent in the HTTP request and is used to
compute all the geo / network dimensions in Google Analytics."
That's a big problem! Why?
As in my case;
I'm proxying different tracking calls thru one backend hosted in Heroku.
And funny enough, all tracked calls appears to be from US (Heroku) in that case....
There should be a better solution!
Has anyone dealt with similar problem and any suggested solution to tackle this problem?
This isnt supported yet (as of Sept 2013). There is a Google Group thread that is tracking this feature request. I Google team member has said they are considering it.
https://groups.google.com/forum/#!topic/google-analytics-measurement-protocol/8TAp7_I1uTk
Update on Feb 24, 2014
This feature has been added to Google Universal Analytics. The parameter name is 'uip'. It should be a valid IP address. It will always be anonymized just as though aip (anonymize IP) had been used.
I'm working on the same issue. Here is a possible solution I've come up with to track geolocalisation: When making the call to GA, add the requester IP to a custom variable[1]. Now you can export all your GA data and translate this IP (from your custom variable) to a location (MaxMind[2]'s databases seem good, and are under CC) and display it yourself.
1: https://developers.google.com/analytics/devguides/collection/gajs/gaTrackingCustomVariables
2: http://dev.maxmind.com/geoip/geolite#IP_Geolocation-1
What I really want is to limit 1 vote per person but the next best thing i can think of is limit 1 vote per IP address to prevent malicious users/hackers from severely tempering with my company's voting system. I was thinking of using a database to keep track of the IP addresses.
Update:
Sorry about not being clear in the first time aruond. What i wanted to know if limiting 1 vote per IP address was a good strategy to limiting 1 vote per person. Basically, i wanted to know if 1 unique IP address is roughly equal to 1 person. People have already mentioned that proxies and routers re-use ip addresses so unfortunately, many people can be using the same ip address.
Thanks. I think, for my case, it'll be best to NOT limit 1 vote per ip address.
I would suggest not going with the IP approach. When I looked at this before some of your large ISPs reuse IPs a lot (AOL...), but if you do use IP addresses, use a database to track them. A fast way to do it is to make it a unique key and to catch the exception as "already voted".
One good thing to add is not to show a user that their vote was not counted, just show the results, or thank them for voting. By not giving that specific error, it is harder and sometimes not even noticed by your problem users.
If you use IP addresses then you'll be limiting most companies to only one vote because they route all outbound internet traffic through a firewall or proxy server. We did this a couple of years ago and found that all AOL traffic came from only 5 ip addresses.
Generally, yes, what you would do is have a database table for the votes, and simply store choice+ip address - then when inserting, do a DB query to see if an entry already exists with the given IP.
The ideal solution would be to tie votes to user accounts which are in turn linked to more concrete presence (such as a credit card, cell phone, or other less-easily-multiplied identity source).
What exactly is the question you're asking?
The way I have always done it is to concat the user agent and ip address into an MD5 hash (in some cases this will allow people from the same IP to vote, long as they are using different browsers), and store that as a "fingerprint" for the vote the the database and add a unique key to it. As IPX Ares said, from there you can catch the duplicate key exception, and you should be good.
If you wanted to allow people to vote once a day, you could also append the Ymd to that "fingerprint", or other variations to allow x amount an hour or x amount per day.
Yes, use database. Don't rely on cookies, they can be easily deleted.
IMO, so far, IP based voiting limitation is the best option.
IP address has its limitations as we have noted from above, but there are many other characteristics a browser has which can damper mischeivious voters. BrowserID, for example, is different for just about every browser. You could use a combination of BrowserID and IP address to create a unique ID.
Another way to 'help' avoid cheating is to provide a 1 time use hash into the form then check if that's is valid before you count the vote.
For example:
When you create the voting form you make a random hash and store it in the database and put it in the form as a hidden field.
(might want to add a date field to the hash database to you can clean up the unused hashes)
Then when you get a vote POST request you can check if the supplied hash is in the database and remove it from the database so it cant be used again.
CONS:
Might load the database with high IO if the voting page has high traffic.
Can't cache the page as plan html so it puts more stress on the web app.
This is the first time I have been faced with someone trying to penetrate a website I have created. What can I do to put a stop to the attempts?
As a side note, their sql injection stands no chance of ever working and there isn't any data that we have that isn't already available by anyone using this site normally.
Appended:
I think the code part is covered for most XSS and sql injection but I am definitely considering a security audit. I was just curious about the response. Am I really only limited to blocking ip addresses?
If you already are protected against SQL injections, you've got a major attack covered. The next biggest threat (in my opinion) would be Cross-Site Scripting (XSS) since it would allow an attacker to have another user do something malicious, making it hard to track that activity.
You should also be aware of Cross-Site Request Forgeries (CSRF), since that is one that many people seem to miss a lot of times.
I would take a look at OWASP's Top 10 Web Security Vulnerabilities and make sure you protect against all 10 them as best as possible. Any one of them could seriously open yourself up to attackers if you aren't careful.
Unless this is your first public website, all of the websites you have worked on were under attack roughly 3 minutes in to being accessible whether you knew it or not.
A couple things you can start doing are:
Start blocking the IPs that attacks are coming from. This isn't always feasible as IP addresses frequently change and some types of attacks can work with a spoofed address.
Put an intrusion detection system (IDS) in place and start monitoring everything.
Verify your firewalls are working correctly and monitor the attack vectors. Make sure everything they are going after is pretty well secured.
This answer comes from another one that I answered about IIS getting hacked:
Hopefully you've had your IIS logfiles
turned on and hopefully the hacker
didn't erase them. By default they're
located here:
c:\winnt\system32\LogFiles\W3SVC1 and
will generally be named after the
date.
Then it's probably helpful to figure
out how to use log parser (from
Microsoft), which is free. Then use
this guide to help you with
looking forensically at your logfiles.
Do you have a firewall because it's
syslogs might be helpful.
Another decent tool to help you find
sql injection issues is to go
here and download HP's Scrawlr.
If you have any more questions about
what you've found, come back and ask.
Is it many sources or just a few IP's? We've had a few IP's do shadowy things and have used IIS to block them specifically. If it's a coordinated attack from multiple sources this won't help.