«

How can I stop some one from trying to post my form from a remote site.
I am getting some one cycling through usernames trying fpr passwords on a
web site.
Don

You can block a range of IP addresses using the IIS administrator. For as
page level access goes, retrieve the user's IP address, and see if the IP
falls within the range, only then let the user through.

Request.ServerVariables("REMOTE_ADDR")

will give your the IP address of the client.

--
Manohar Kamath
Editor, .netBooks
www.dotnetbooks.com


"Don Grover" <> wrote in message
news:...
> How can I stop some one from trying to post my form from a remote site.
> I am getting some one cycling through usernames trying fpr passwords on a
> web site.
> Don
>
>

"Don Grover" <> wrote in message
news:...
> How can I stop some one from trying to post my form from a remote site.
> I am getting some one cycling through usernames trying fpr passwords on a
> web site.
> Don
>
>

do an HTTP Referrer check from your login, to make sure the source of the
login attempt is from your website. If the source is not from your website,
it IS an intrusion, do not allow the login and ban their IP address for one
day.

<%
Dim yourDomain, theReferer
yourDomain = "http://www.yourdomain.com/"
theReferer = Request.ServerVariables("HTTP_REFERER")
theReferer = left(theReferer, len(yourDomain))

If Not yourDomain = theReferer Then
Response.Redirect("/niceTryBuddy.asp")
%>


the reason for left in the referer instead of using somthing like
instr() is an instr statement could still be beat with an entry in the
querystring to satisfy it.

Brynn
www.coolpier.com

On Tue, 13 Jan 2004 16:02:22 -0500, "Bill" <>
wrote:

>"Don Grover" <> wrote in message
>news:...
>> How can I stop some one from trying to post my form from a remote site.
>> I am getting some one cycling through usernames trying fpr passwords on a
>> web site.
>> Don
>>
>>
>
>do an HTTP Referrer check from your login, to make sure the source of the
>login attempt is from your website. If the source is not from your website,
>it IS an intrusion, do not allow the login and ban their IP address for one
>day.
>
>
>
>

I participate in the group to help give examples of code. I do not guarantee the effects of any code posted. Test all code before use!

Brynn
www.coolpier.com

On your post page ... even easier than my other post

<%
Dim yourDomain, theReferer
yourDomain = "http://" & Request.ServerVariables("HTTP_HOST")
theReferer = Request.ServerVariables("HTTP_REFERER")
theReferer = left(theReferer, len(yourDomain))

If Not yourDomain = theReferer Then
Response.Redirect("/niceTryBuddy.asp")
%>

put this at the top of any page that you want to protect from remote
submit ... no changes required in above.

Brynn
www.coolpier.com





On Wed, 14 Jan 2004 07:51:25 +1100, "Don Grover"
<> wrote:

>How can I stop some one from trying to post my form from a remote site.
>I am getting some one cycling through usernames trying fpr passwords on a
>web site.
>Don
>
>

I participate in the group to help give examples of code. I do not guarantee the effects of any code posted. Test all code before use!

Brynn
www.coolpier.com

Except for the change of the /niceTryBuddy.asp page ... lol.

I just redirect them to my home page ... or off the site completely.

I suggest the follwing url

http://www.fun-greetings-jokes.com/g/hkr.htm





On Wed, 14 Jan 2004 03:44:06 GMT, (Brynn) wrote:

>
>On your post page ... even easier than my other post
>
><%
>Dim yourDomain, theReferer
> yourDomain = "http://" & Request.ServerVariables("HTTP_HOST")
> theReferer = Request.ServerVariables("HTTP_REFERER")
> theReferer = left(theReferer, len(yourDomain))
>
>If Not yourDomain = theReferer Then
>Response.Redirect("/niceTryBuddy.asp")
>%>
>
>put this at the top of any page that you want to protect from remote
>submit ... no changes required in above.
>
>Brynn
>www.coolpier.com
>
>
>
>
>
>On Wed, 14 Jan 2004 07:51:25 +1100, "Don Grover"
><> wrote:
>
>>How can I stop some one from trying to post my form from a remote site.
>>I am getting some one cycling through usernames trying fpr passwords on a
>>web site.
>>Don
>>
>>
>
>I participate in the group to help give examples of code. I do not guarantee the effects of any code posted. Test all code before use!
>
>Brynn
>www.coolpier.com

I participate in the group to help give examples of code. I do not guarantee the effects of any code posted. Test all code before use!

Brynn
www.coolpier.com

There's one problem with that - what if they access your site from
http://yourdomain.com ?

I suggest the following:

<%
Dim yourDomain, theReferer, theLen
yourDomain = "http://www.yourdomain.com"
theLen = len(yourDomain) - len("http://www.")
theReferer = Request.ServerVariables("HTTP_REFERER")
theReferer = RIGHT( left(theReferer, len(yourDomain)) , theLen )
....etc...






"Brynn" <> wrote in message
news:...
>
> <%
> Dim yourDomain, theReferer
> yourDomain = "http://www.yourdomain.com/"
> theReferer = Request.ServerVariables("HTTP_REFERER")
> theReferer = left(theReferer, len(yourDomain))
>
> If Not yourDomain = theReferer Then
> Response.Redirect("/niceTryBuddy.asp")
> %>
>
>
> the reason for left in the referer instead of using somthing like
> instr() is an instr statement could still be beat with an entry in the
> querystring to satisfy it.
>
> Brynn
> www.coolpier.com
>
> On Tue, 13 Jan 2004 16:02:22 -0500, "Bill" <>
> wrote:
>
> >"Don Grover" <> wrote in message
> >news:...
> >> How can I stop some one from trying to post my form from a remote site.
> >> I am getting some one cycling through usernames trying fpr passwords on
a
> >> web site.
> >> Don
> >>
> >>
> >
> >do an HTTP Referrer check from your login, to make sure the source of the
> >login attempt is from your website. If the source is not from your
website,
> >it IS an intrusion, do not allow the login and ban their IP address for
one
> >day.
> >
> >
> >
> >
>
> I participate in the group to help give examples of code. I do not
guarantee the effects of any code posted. Test all code before use!
>
> Brynn
> www.coolpier.com

Checkout my other post on in this thread ... I placed some code that
won't care what site, etc ...


On Wed, 14 Jan 2004 22:26:47 -0500, "Bill" <>
wrote:

>There's one problem with that - what if they access your site from
>http://yourdomain.com ?
>
>I suggest the following:
>
><%
>Dim yourDomain, theReferer, theLen
>yourDomain = "http://www.yourdomain.com"
>theLen = len(yourDomain) - len("http://www.")
>theReferer = Request.ServerVariables("HTTP_REFERER")
>theReferer = RIGHT( left(theReferer, len(yourDomain)) , theLen )
>...etc...
>
>
>
>
>
>
>"Brynn" <> wrote in message
>news:.. .
>>
>> <%
>> Dim yourDomain, theReferer
>> yourDomain = "http://www.yourdomain.com/"
>> theReferer = Request.ServerVariables("HTTP_REFERER")
>> theReferer = left(theReferer, len(yourDomain))
>>
>> If Not yourDomain = theReferer Then
>> Response.Redirect("/niceTryBuddy.asp")
>> %>
>>
>>
>> the reason for left in the referer instead of using somthing like
>> instr() is an instr statement could still be beat with an entry in the
>> querystring to satisfy it.
>>
>> Brynn
>> www.coolpier.com
>>
>> On Tue, 13 Jan 2004 16:02:22 -0500, "Bill" <>
>> wrote:
>>
>> >"Don Grover" <> wrote in message
>> >news:...
>> >> How can I stop some one from trying to post my form from a remote site.
>> >> I am getting some one cycling through usernames trying fpr passwords on
>a
>> >> web site.
>> >> Don
>> >>
>> >>
>> >
>> >do an HTTP Referrer check from your login, to make sure the source of the
>> >login attempt is from your website. If the source is not from your
>website,
>> >it IS an intrusion, do not allow the login and ban their IP address for
>one
>> >day.
>> >
>> >
>> >
>> >
>>
>> I participate in the group to help give examples of code. I do not
>guarantee the effects of any code posted. Test all code before use!
>>
>> Brynn
>> www.coolpier.com
>
>

I participate in the group to help give examples of code. I do not guarantee the effects of any code posted. Test all code before use!

Brynn
www.coolpier.com