I am writing some code to retrieve IPs from a domain that comes from a querystring. To achieve this, I have used
Dns.GetHostAddresses(uri);
Which return type is a array of System.Net.IPAddress[]
But I want to write a comment in the code to explain to the developer why a domain such as google for example, may (OK google will) return more than 1 IP address.
Does anyone have a definition or can direct me to a website that has material on this?
Thanks
Its used as a kind of 'load balancer' for DNS queries.
See here for a good discussion:
Is it possible that one domain name has multiple corresponding IP addresses?
Related
We have a web application : C# + SQL 2k5
Different companies send us information, we parse, them, do different things, and come up with a simple list for each of our customers. The list will look the same, but will have different information based on the customer.
They should not have access to each other's data.
We would like to create a page which would be embedded on their own site. I was thinking about using something like an iFrame.
Basically customer ABC would embed on his own abc.com an iframe with a URL (we will give them the parameters needed) and his clients will see our data on his site.
The other customer, lets call him xyz, has an other website xyz.com, will do the same thing, but in the url I should make a difference between them.
I would like to know how is the best, safest way to proceed.
How should I start to build up this page that is going to be embedded.
How should I make a difference between the 2 customers? The only way to get info from them is the parameters they send me, and eventually, I could get the 'parent' of my embedded iFrame, so that might help me restrict xyz to embed using url parameter info to get data from abc. See my dilemma?
Probably a unique identifier for each customer (like a GUID?) will be needed, and they woul dnot know each other's ID ... Or is there a more secure way to do things like this?
Any help would be appreciated.
Thanks
Embed a publically visible unique id in the URL and process this to extract the client id. e.g.
<IFRAME src="http://example.com/1122334455667788aabbcc">
You could check the Request.UrlReferrer to ensure that the request see this answer
However the only safe way of doing this is to provide an authenticated API that the site uses server side to process via a services API (e.g. WCF), or at the very least an authenticated HttpWebRequest; any other way leaves your data only as secure as a publically visible unique id.
Take a look at how one of the credit card processing portals do this (eg WorldPay or Paypal). There are several ways.
At the very least you need provide each customer with a unique ID that they send you.
I have a website and i need to deploy it in a single country for example Lebanon. In other words, any request that comes to the website from any other country should not be responded to.
I think I may use the IP address of the request and know from which country it was generated.
How can I do this in C#.
I think I may use the IP address of the request and know from which country it was generated
No, you dont. Illusion.
you can not know which country a request comes frmo, only where the IP address is registere, pretty much. More information is avaialble parsing the reverse dns SOMETIMES if you are smart at this.
This ignores little issuesl ike large international providers that may use a central pool of addresses, like VPN providers etc. Or satellite phone providers (which may be used out of a country but not be resident there).
At the end this will be of RELATIVELY limtied use, depending what your exact busienss case is it may be totally useless.
How can I do this in C#.
Programming.
Get a GeoIP database (look up the term in google, a provider will show up, otherwise try it in combination with "maxmind"). THen query the IP against the database. Decide how to handle "maybe" scenarios like international businesses. Example... IBM has address space. They use it for all their oprations. How you want to deal with this?
One thing you can do to encourage local indexing and participation is deploy your website with a Lebanon country code suffix.
www.example.co.lb
Here's a list of country suffix domains.
We are looking to create a website that displays information to all new visitors to a site, i.e. welcome, please read our help guide, etc.
The big problem is that our website is not allowed to use long-lasting cookies (i.e. over 20 minutes). Does anybody know of any way we can determine whether a user has visited the site before or not. As another restriction, we can not add anyform of registration to the system.
The application is being created in ASP.Net 3.5.
Thanks for the help
The EFF has a tool/site that you can visit that shows how with the plugins, OS details, browser details, etc. you can determine a visit fairly uniquely. It could give some insight on details to store in a database to determine if the user had been there before:
https://panopticlick.eff.org/
You could attempt to use an IP address, but with NAT'ing and most ISPs handing out dynamic IP addresses anyways, you'll never really know if the user visiting is one who's been there before or not with any certainty.
If you have no way of storing information on the client side, this is impossible except for saving IPs and comparing those, which isn't really accurate either.
Does anybody know of any way we can determine whether a user has visited the site before or not.
No, you can't. Since you can't use cookies all you've got is what the client's sending by default: IP address, user agent information. With the current IPv4 depletion and the popularity of NAT devices the IP is anything but useful.
About the only way is to capture the IP address of web browser and use that as a unique ID - assuming that it is indeed unique.
You can't rely on the IP since it can be shared by many user, or change for one user.
If you can't store a cookie on the client side, it is not possible.
You can also ask him: "Did you ever visited this site in the past?", but I doubt this is good practice :D
Store a boolean value like "AlreadyVisited" in the Session. So everytime the user visits the page for the first time, he will see your welcome message.
After displaying, set the boolean to false (you need to store it in the session)
I would like to identify if an email address comes from a public provider or is from an established business. I consider public email addresses to be things such as:
Open email service providers, such as
gmail, hotmail and yahoo.
Anonymization services, such as mailinator or dispostable.
I'm aware that there is no foolproof way to do this, and obviously any list based solution would require constant updates.
Is there a public listing or .NET library that can do this for me?
Are there really that many free webmail providers out there? I would go with a 'blacklisting' style solution.
For example, flag everything in this wikipedia list as free (heck I would think covering gmail/hotmail/yahoo/aol would cover a huge % of users anyway). Then if you get more than 2 (or higher number if your site has high throughput) registrations from the same email domain, it notifies the admin to check the domain to see if it needs to be added to the 'blacklist'.
I would imagine there are much more reliable ways to detect business customers though. For example in Australia you could just ask for an ABN and then check that it's valid. Are you willing to punish small business who don't have email providing and just use a generic #gmail account?
Here is a link to SpamAssasin's freemail list: http://svn.apache.org/repos/asf/spamassassin/trunk/rules/20_freemail_domains.cf.
I suppose, checking against this list is a good start.
You might want to talk to the Better-Business-Bureau ( http://www.bbb.org ) and see if they provide some kind of a feed or API. I had a quick look at their site and couldn't see anything obvious, but it would be this kind of organisation I would head to first if I wanted to find out domain names belonging to established businesses. They do have a form on their site to search by email address ( http://www.bbb.org/us/Find-Business-Reviews/ )
Consider using HubSpot blocked domains list. It is not a guarantee that it is 100% accurate or complete.
They also provide a CSV file that you can download and parse programmatically. Link to CSV file is in the linked page.
I am guessing the ultimate goal is to clean your database from unwanted contacts that will increase the monthly bill. What you can do is the following:
Create a webhook that is triggered whenever a new contact is added.
In that webhook (which can be written in any language), check if the contact is in a blacklist (which is gmail/etc...).
Remove the contact if it is in a blacklist using an API call (you will need to first get the contact ID, which can be easily retrieved using API).
If you go to whatismyipaddress.com using a public proxy, it will report your proxy ip, but it will also (usually) report that you're using a proxy, and your originating IP as well in many cases.
How does it do this?
Similar sites like Gmail and Craigslist can tell if the computers connecting to them are proxy servers as well.
I have a site with data that is free to browse 200x/day/ip, but I'd like to protect it from harvesting by people using proxies.
Any tips or insights into how this is accomplished are appreciated.
Please check this SO thread. It explains how to do it. It is tagged for PHP but I think the idea remains same here.
**EDIT :**I am duplicating the accepted answer here for reference :
TOR does not supply any server headers
such as X_FORWARDED_FOR, so your best
bet is to use a list of all known exit
nodes. A list can be found at
https://torstat.xenobite.eu/.
For other proxies, you can look at
server headers. Possible server
headers of interest include:
HTTP_VIA
HTTP_X_FORWARDED_FOR
HTTP_FORWARDED_FOR
HTTP_X_FORWARDED
HTTP_FORWARDED
HTTP_CLIENT_IP
HTTP_FORWARDED_FOR_IP
VIA
X_FORWARDED_FOR
FORWARDED_FOR
X_FORWARDED
FORWARDED
CLIENT_IP
FORWARDED_FOR_IP
HTTP_PROXY_CONNECTION
In PHP, you can get the value of these
fields in the $_SERVER[] superglobal.