I have such a big problem, and i've been thinking about it for 2 days. I wrote a small class about catching unregistered (guest) users who can try SQL injection attack throught the URL and after 2 experiments their IP is blocked in my DB (so in array i store some signs),
$blockSigns = array ("'", "/", "\", ":", "//", "and so on");
but:
- IP is not good solution (PHP cannot see LAN IP_s if server is under proxy), and even it can I cannot block it. I cannot block 192.168.1.10 :)
- I don't need WAN IP because, i cannot block site for a company because of one n00b.
- PHP cannot catch Mac address (mac isnot included in header)
- I want to block users that are guests also, so i don't know their usernames or mail or something
if (isset($_SESSION["user"])) { $user = $_SESSION["user"]; } else { $user = "unknown"; }
-
I read that perl has some API called NET::MAC,
I decided to find user mac address by perl and integrate it in PHP. Is it possible? if is, please how? I cannot understand. if not:
how can I fix that problem? how can i identify user, if he/she isnot registered? is there any chance? please share your experience if you already had that kind of problem. thanks in advance...