Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Using CodeIgniter General Help users bypassing IP ban
users bypassing IP ban
  • Offline ronaldv
    Junior Member
  • **
  • Posts: 13
    Threads: 6
    Joined: Nov 2015
    Reputation: 0
#1
12-06-2016, 01:01 PM

I store in the DB a list of "bad" IPs, and in my controller for the sign up page I redirect users whose IP is found in the list of bad IPs using this code:

Code:
redirect(base_url('xxx'));

But a user was able to bypass it and register with a blocked IP. How is this possible? Even if the HTTP redirect could somehow be ignored, the "redirect" function terminates script execution (as explained here)

I'm using CI 3.0.4 is that helps.
Reply
  • Offline Narf
    Me
  • *******
  • Posts: 1,589
    Threads: 1
    Joined: Oct 2014
    Reputation: 121
#2
12-06-2016, 02:57 PM

Do you have separate URLs for the form itself and where the form sends its data?

If so, one could just send their registration data without actually using the form.
Reply
  • Offline ronaldv
    Junior Member
  • **
  • Posts: 13
    Threads: 6
    Joined: Nov 2015
    Reputation: 0
#3
12-07-2016, 01:25 PM

(12-06-2016, 02:57 PM)Narf Wrote: Do you have separate URLs for the form itself and where the form sends its data?

If so, one could just send their registration data without actually using the form.

yeah I have two separate URLs! I'll move the IP check to the URL receiving the data, thanks for the tip!
Reply




Theme © iAndrew 2016 - Forum software by © MyBB