• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
users bypassing IP ban

#1
I store in the DB a list of "bad" IPs, and in my controller for the sign up page I redirect users whose IP is found in the list of bad IPs using this code:

Code:
redirect(base_url('xxx'));

But a user was able to bypass it and register with a blocked IP. How is this possible? Even if the HTTP redirect could somehow be ignored, the "redirect" function terminates script execution (as explained here)

I'm using CI 3.0.4 is that helps.
Reply

#2
Do you have separate URLs for the form itself and where the form sends its data?

If so, one could just send their registration data without actually using the form.
Reply

#3
(12-06-2016, 02:57 PM)Narf Wrote: Do you have separate URLs for the form itself and where the form sends its data?

If so, one could just send their registration data without actually using the form.

yeah I have two separate URLs! I'll move the IP check to the URL receiving the data, thanks for the tip!
Reply


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2019 MyBB Group.