使用动态 dns 阻止某人的 IP

发布于 2024-10-23 00:43:07 字数 145 浏览 3 评论 0原文

所以我正在尝试考虑一个 ip 阻止系统,我想我可以在数据库中存储禁止的 ip 列表,然后阻止具有这些 ip 的人使用 php 或其他东西访问该网站...

但是我该怎么办有效处理那些具有动态 dns 的动态 ip 地址的情况?

有什么好的建议吗?

so I'm trying to think of an ip blocking system, and i figure i could store a list of forbidden ips in a database and then prevent people with those ips from accessing the site using php or something...

but then how do i effectively handle those with dynamic ip addresses from dynamic dns?

any good suggestions?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

眼眸印温柔 2024-10-30 00:43:07

动态 DNS (fakepc.dyndns.org) 是每台计算机自愿在其数字 IP 地址 (127.127.127.127) 每次更改时注册其数字 IP 地址 (127.127.127.127) 的能力,并使用特定的自愿恒定 DNS“友好名称”。它允许您在特定计算机移动时查找其数字 IP 地址,前提是 DNS“友好名称”不变。

动态 DNS 可能与您对任何传统功能的 Web 浏览器的阻止系统的目标无关。大多数人没有启用动态 DNS。如果他们这样做,他们可能会使用具有相同 DNS 地址的多台计算机/IP 地址......或者反之亦然。 DNS 并不能真正帮助您建立用户身份。即使某人拥有一致应用的动态 DNS 名称,Web 服务器通常也无法确定它是什么。我的意思是,您的服务器无法轻松地从 IP 地址转换为动态 DNS 地址,只能反过来。

IP 地址本身也可能会随着时间的推移而发生变化,但这通常较少由用户选择(相反,例如,在其 ISP 长达一个月不活动后发生)。当然,普通用户每个月都会看到与家中所有 PC 相关的相当一致的 IP 地址。然而,我可以带着我的笔记本电脑去星巴克,我会得到一个不同的IP,如果我清除了所有浏览器cookie等,如果没有个人身份证明,你就无法看出是我。

动态提供IP地址的网络服务是“DHCP”。

归根结底,IP 地址并不是一个好的每用户阻止策略,但只有您可以判断任何自动 IP 地址阻止系统的误报和漏报频率是否适合您的解决方案。

如果您的目标是减少用户随着时间的推移证明善意的工作量,那么您可能会从使用 IP 地址的自动白名单系统而不是黑名单系统中获得更大的好处。

Dynamic DNS (fakepc.dyndns.org) is the per-computer-voluntary ability to register its numeric IP address (127.127.127.127) each time it changes, under a specific voluntarily-constant DNS 'friendly name'. It allows you to find a specific computer's numeric IP address as it moves around, given that unchanging DNS 'friendly name'.

Dynamic DNS is probably unrelated to your goals for a blocking system for any traditionally functioning web browsers. The majority of the population doesn't have Dynamic DNS enabled. If they do, they could be using multiple computers/IP addresses with the same DNS address... or the converse. DNS won't really help you establish identity for users. Even when a person has a consistently-applied Dynamic DNS name, a web server typically can't determine what that is. By that, I mean your server can't readily convert from IP Address to Dynamic DNS address, only the other way around.

IP addresses themselves can also change over time, but this is typically less by user choice (instead, for example, occurring after month-long periods of inactivity with their ISP). Certainly the average user will see a fairly consistent IP address associated with all the PCs in their home from month-to-month. However, I can just take my laptop and go to StarBucks, I'll get a different IP and if I've cleared all my browser cookies, etc. you can't tell that it's me without personal identification.

The network service that provides IP addresses dynamically is 'DHCP'.

At the end of the day, IP addresses aren't a good per-user blocking strategy, but only you can judge if the frequency of false-positives and false-negatives from any automated IP address blocking system would be appropriate to your solution.

You might get greater benefit from an automated whitelisting system using IP addresses, rather than a blacklisting system, if your goal is to reduce the effort of users proving goodwill over time.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文