Hacker News new | past | comments | ask | show | jobs | submit login

If you have a hard time determining their IP, here's a trick that might work. Visit their site with a unique but innocuous-looking path or query that would never be accessed by a normal user. For example:

http://4co.in/?q=1

If the query string is being passed through, which I suspect it is, you can use the query string to easily locate the corresponding entry in your own logs. Or, if the query string isn't being passed through, you can use a path instead:

http://4co.in/q

You probably already thought of this technique. I decided to post it anyway in case you hadn't, or in case anyone else is facing a similar challenge.




Building on this, you could create a script on your server that requests a random url, then greps that url in your logs to figure out the IP and then add that to the banned list. It'll be an auto banning machine!


countermove: he works it out and blocks your magic query - query needs to be made from somewhere indistinguishable from normal requests. Changing IP would be best... maybe via tor.

A unique sequence of legitimate requests might be more difficult to for the other side to detect and it won't result in 404s. Could randomise the sequence and each can come from a different IP as long as they were synchronised properly.


> countermove: he works it out and blocks your magic query

He very well might. But my estimation of the thief's skills is low. I could be wrong, of course.

> A unique sequence of legitimate requests might be more difficult to for the other side to detect and it won't result in 404s. Could randomise the sequence and each can come from a different IP as long as they were synchronised properly.

That's probably the best bet. A legitimate but very winding path through actual links on the site would work quite well. Given enough steps, it would almost certainly be unique. Because you'd be varying the path each time, the thief would find it hard or impossible to block you.


Clever solution! I like it




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: