News:

SMF 2.1.6 has been released! Take it for a spin! Read more.

Main Menu

IP Address logging; where & how?

Started by forgottenmichigan.com, April 20, 2008, 09:27:33 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

forgottenmichigan.com

April 20, 2008, 09:27:33 PM
Hello, I was wondering if anyone can tell me how and where smf logs IP addresses for user tracking, failed login & forgotten password requests.

See we're having a big problem with a banned ex-member, we've banned his IP address, and now he's just using different proxy services in attempts to guess the secret question of existing users to gain access. We figured that he would've given up after failing, but it's going on 2 months since he's been banned and users are still complaining that they continue to receive forgotten password reset attempt notification e-mails and I don't know how to make it stop. Upon searching for hours I found a suggested script that I'd like to try to see if maybe we can pull the referrer IP and maybe even ban by IP on the referrer level (if that's possible).

Code Select
<?if (getenv(HTTP_X_FORWARDED_FOR)) {
$ipaddress = getenv(HTTP_X_FORWARDED_FOR);
} else {
$ipaddress = getenv(REMOTE_ADDR); }
?>

Problem is, I'm not skilled enough to know where to place this code for detection and then for the banned IP check. Can anyone advise? Any help would be much appreciated.

Pip2andahalf

#1
April 20, 2008, 09:57:33 PM Last Edit: April 20, 2008, 10:01:02 PM by Pip2andahalf
Go to a user profile, and on the left column of links you will find, under Profile info, the following:

Profile Info:
Summary
Show Stats
Show Posts
Track User   <--
Track IP     <--
Show Permissions

If he's using a proxy though, I don't know even if that script will work, since the point of a proxy is to clean the referrer.

Failed login attempts are recorded in the error log, found in your admin control panel (scroll all the way down):

Maintenance
Forum Maintenance
Generate Reports
Forum Error Log   <--
Moderation Log

Forgotten password requests aren't logged, but you can set the threshold, so you will know if the prompt is shown if the incorrect password error is shown that number of times.

Good luck.

forgottenmichigan.com

#2
April 21, 2008, 11:28:03 AM
Thanks for the response.

Pardon my poor question asking skills, what I meant to ask is; where can I find the code that smf uses to log IPs. I'd like to try making a few modifications to get referrer information when available. I'm aware that a lot of proxies will not provide that information, but I thinking that maybe some will?

Pip2andahalf

#3
April 22, 2008, 05:22:00 PM
Ah, I'm sorry I misunderstood you. I actually don't know where that file is. I'm sure one of the support specialists knows, but even so I'll go look and see if I can't find which one it is.

Rumbaar

#4
May 04, 2008, 03:33:00 AM
Have you tried to turn on host lookups and then use various proxy hostname to ban them via wildcards?
"An important reward for a job well done is a personal sense of worthwhile achievement."

[ Themes ]
Print
Go Up Pages1
User actions
Advertisement: