Sent from my iPad
On Jul 5, 2012, at 9:54 PM, linuxusers-requ...@socallinux.org wrote: > Send LinuxUsers mailing list submissions to > linuxusers@socallinux.org > > To subscribe or unsubscribe via the World Wide Web, visit > http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers > or, via email, send a message with subject or body 'help' to > linuxusers-requ...@socallinux.org > > You can reach the person managing the list at > linuxusers-ow...@socallinux.org > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of LinuxUsers digest..." > > > Today's Topics: > > 1. Any way to get the IP address of a user on a website. (Ann) > 2. Re: Any way to get the IP address of a user on a website. > (Joel Witherspoon) > 3. Re: Any way to get the IP address of a user on a website. > (Randall Whitman) > 4. Re: Any way to get the IP address of a user on a website. > (Todd Lyons) > 5. Re: Any way to get the IP address of a user on a website. > (Chris Penn) > 6. Re: Any way to get the IP address of a user on a website. (Ann) > 7. Re: Any way to get the IP address of a user on a website. (Ann) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 05 Jul 2012 16:27:41 -0700 > From: Ann <a...@randrinc.com> > Subject: [LinuxUsers] Any way to get the IP address of a user on a > website. > To: SoCal LUG Users List <linuxusers@socallinux.org> > Message-ID: <4ff622ed.6030...@randrinc.com> > Content-Type: text/plain; charset=ISO-8859-1 > > I have a customer with a retail website. He is not having CC fraud > issues, but suspects that some people are using his shopping card to > validate stolen credit cards. > > So, they enter a card # and if the bank approves it , it is a good > card. They are not supplying valid ship to addresses, so he does not > ship the goods, But he would like to stop his site from being used in > that way. > > Any way to "capture" the ip address from the http request or something > like that? It is a java application running under tomcat with apache as > the web server. > > Also he is running under ssl so, does that capture anything like that. > > Thanks for any ideas. > > Ann Richmond > > -- > Ann Richmond > ---------------- > Randr Inc > 951-369-3427 > 951-787-8683 Fax > www.randrinc.com > > > > ------------------------------ > > Message: 2 > Date: Thu, 5 Jul 2012 18:15:03 -0700 > From: Joel Witherspoon <joel.withersp...@gmail.com> > Subject: Re: [LinuxUsers] Any way to get the IP address of a user on a > website. > To: SoCal LUG Users List <linuxusers@socallinux.org> > Message-ID: > <CAEVGmLA9tomNBQoq-V1wjUeTM-GN1=uhkqpg6_xhnvfz6ku...@mail.gmail.com> > Content-Type: text/plain; charset="iso-8859-1" > > Did you check the logs? Try /var/log/... > On Jul 5, 2012 4:27 PM, "Ann" <a...@randrinc.com> wrote: > >> I have a customer with a retail website. He is not having CC fraud >> issues, but suspects that some people are using his shopping card to >> validate stolen credit cards. >> >> So, they enter a card # and if the bank approves it , it is a good >> card. They are not supplying valid ship to addresses, so he does not >> ship the goods, But he would like to stop his site from being used in >> that way. >> >> Any way to "capture" the ip address from the http request or something >> like that? It is a java application running under tomcat with apache as >> the web server. >> >> Also he is running under ssl so, does that capture anything like that. >> >> Thanks for any ideas. >> >> Ann Richmond >> >> -- >> Ann Richmond >> ---------------- >> Randr Inc >> 951-369-3427 >> 951-787-8683 Fax >> www.randrinc.com >> >> _______________________________________________ >> LinuxUsers mailing list >> LinuxUsers@socallinux.org >> http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers >> > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://socallinux.org/pipermail/linuxusers/attachments/20120705/86d905c7/attachment-0001.htm> > > ------------------------------ > > Message: 3 > Date: Thu, 05 Jul 2012 18:39:29 -0700 > From: Randall Whitman <909li...@whizman.com> > Subject: Re: [LinuxUsers] Any way to get the IP address of a user on a > website. > To: SoCal LUG Users List <linuxusers@socallinux.org> > Message-ID: <2415.1341538769@randall-desktop> > Content-Type: text/plain; charset=iso-8859-1 > >> Any way to "capture" the ip address from the http request or something >> like that? ?It is a java application running under tomcat with apache as >> the web server. > > By default, the client IP address is the first field of the Apache > access log file. A clever attacker will spoof it, else use a > compromised botnet rather than one's own machines. > > http://httpd.apache.org/docs/2.4/logs.html#common > > HtH > /Randall > > > ------------------------------ > > Message: 4 > Date: Thu, 5 Jul 2012 19:20:26 -0700 > From: Todd Lyons <tly...@ivenue.com> > Subject: Re: [LinuxUsers] Any way to get the IP address of a user on a > website. > To: SoCal LUG Users List <linuxusers@socallinux.org> > Message-ID: > <CAFG21ojrJ+TSZMT3oQChz+7=b5dei_3-+tzqxvrsxroznw+...@mail.gmail.com> > Content-Type: text/plain; charset=UTF-8 > > On Thu, Jul 5, 2012 at 6:39 PM, Randall Whitman <909li...@whizman.com> wrote: >>> Any way to "capture" the ip address from the http request or something >>> like that? It is a java application running under tomcat with apache as >>> the web server. >> By default, the client IP address is the first field of the Apache >> access log file. A clever attacker will spoof it, else use a >> compromised botnet rather than one's own machines. > > I'll nitpick a little here. You can't spoof the endpoint of a valid > TCP connection. They may proxy it through some open proxy, but it > will be the IP of the proxy, and most proxies, even open proxies, will > add a HTTP header that indicates what IP it's proxying for. > > ...Todd > -- > The total budget at all receivers for solving senders' problems is $0. > If you want them to accept your mail and manage it the way you want, > send it the way the spec says to. --John Levine > > > ------------------------------ > > Message: 5 > Date: Thu, 5 Jul 2012 22:37:22 -0500 > From: Chris Penn <cantorm...@gmail.com> > Subject: Re: [LinuxUsers] Any way to get the IP address of a user on a > website. > To: SoCal LUG Users List <linuxusers@socallinux.org> > Message-ID: > <CAEPrVyAfMheDgMungm+dyr=7fAGmWfyS_=u2lm5prxnocup...@mail.gmail.com> > Content-Type: text/plain; charset=ISO-8859-1 > > Better credit card validation, I would think, with billing address and > 3 digit code on back of card, would be the best bet. It might also be > a good idea to match the billing zip code with the IP address > location, at least to the country. It is easy to use an open wifi, > tor, and/or a http proxy to hide one's IP address. It is also easy to > use tor and a dns to get an exit node in the same region as the > billing address. If you are lucky you might get a stupid user making > the transaction from a real IP; give the information to the > authorities when you report the crime. > > You could block tor and many known proxies in iptables which would > likely avoid a considerable amount of fraud imo, though this is not > friendly to those who enjoy their privacy. > > Chris... > > On Thu, Jul 5, 2012 at 9:20 PM, Todd Lyons <tly...@ivenue.com> wrote: >> On Thu, Jul 5, 2012 at 6:39 PM, Randall Whitman <909li...@whizman.com> wrote: >>>> Any way to "capture" the ip address from the http request or something >>>> like that? It is a java application running under tomcat with apache as >>>> the web server. >>> By default, the client IP address is the first field of the Apache >>> access log file. A clever attacker will spoof it, else use a >>> compromised botnet rather than one's own machines. >> >> I'll nitpick a little here. You can't spoof the endpoint of a valid >> TCP connection. They may proxy it through some open proxy, but it >> will be the IP of the proxy, and most proxies, even open proxies, will >> add a HTTP header that indicates what IP it's proxying for. >> >> ...Todd >> -- >> The total budget at all receivers for solving senders' problems is $0. >> If you want them to accept your mail and manage it the way you want, >> send it the way the spec says to. --John Levine >> _______________________________________________ >> LinuxUsers mailing list >> LinuxUsers@socallinux.org >> http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers > > > > -- > "As we open our newspapers or watch our television screens, we seem to > be continually assaulted by the fruits of Mankind's stupidity." > -Roger Penrose > > > ------------------------------ > > Message: 6 > Date: Thu, 05 Jul 2012 21:52:50 -0700 > From: Ann <a...@randrinc.com> > Subject: Re: [LinuxUsers] Any way to get the IP address of a user on a > website. > To: SoCal LUG Users List <linuxusers@socallinux.org> > Message-ID: <4ff66f22.9060...@randrinc.com> > Content-Type: text/plain; charset="iso-8859-1" > > everyone, thanks for the in put. The cc validation is a you get what > you pay for. So for complete validation, e.g. billing address, phone, > etc. you pay a lot more for each transaction. My customer gets very > little fraud so the cost is too great for the benefit. > > He is not getting much fraud, but he thinks they are using his site to > figure out which cards will work and which will not. they are not even > bothering to put in a shipable address most of the time so they don't > expect to get product shipped. He believes they are just sifting > through cards looking for ones they can use. > > I believe most of the vendors do almost no validation on the cc, just > the 3/4 digit code plus your name. > thanks > Ann > > Chris Penn wrote: >> Better credit card validation, I would think, with billing address and >> 3 digit code on back of card, would be the best bet. It might also be >> a good idea to match the billing zip code with the IP address >> location, at least to the country. It is easy to use an open wifi, >> tor, and/or a http proxy to hide one's IP address. It is also easy to >> use tor and a dns to get an exit node in the same region as the >> billing address. If you are lucky you might get a stupid user making >> the transaction from a real IP; give the information to the >> authorities when you report the crime. >> >> You could block tor and many known proxies in iptables which would >> likely avoid a considerable amount of fraud imo, though this is not >> friendly to those who enjoy their privacy. >> >> Chris... >> >> On Thu, Jul 5, 2012 at 9:20 PM, Todd Lyons <tly...@ivenue.com> wrote: >> >>> On Thu, Jul 5, 2012 at 6:39 PM, Randall Whitman <909li...@whizman.com> >>> wrote: >>> >>>>> Any way to "capture" the ip address from the http request or something >>>>> like that? It is a java application running under tomcat with apache as >>>>> the web server. >>>>> >>>> By default, the client IP address is the first field of the Apache >>>> access log file. A clever attacker will spoof it, else use a >>>> compromised botnet rather than one's own machines. >>>> >>> I'll nitpick a little here. You can't spoof the endpoint of a valid >>> TCP connection. They may proxy it through some open proxy, but it >>> will be the IP of the proxy, and most proxies, even open proxies, will >>> add a HTTP header that indicates what IP it's proxying for. >>> >>> ...Todd >>> -- >>> The total budget at all receivers for solving senders' problems is $0. >>> If you want them to accept your mail and manage it the way you want, >>> send it the way the spec says to. --John Levine >>> _______________________________________________ >>> LinuxUsers mailing list >>> LinuxUsers@socallinux.org >>> http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers >>> >> >> >> >> > > -- > Ann Richmond > ---------------- > Randr Inc > 951-369-3427 > 951-787-8683 Fax > www.randrinc.com > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://socallinux.org/pipermail/linuxusers/attachments/20120705/6d5ce861/attachment-0001.htm> > > --------------- > Date: Thu, 05 Jul 2012 21:54:48 -0700 > From: Ann <a...@randrinc.com> > Subject: Re: [LinuxUsers] Any way to get the IP address of a user on a > website. > To: SoCal LUG Users List <linuxusers@socallinux.org> > Message-ID: <4ff66f98.7070...@randrinc.com> > Content-Type: text/plain; charset="iso-8859-1" > > Also, not sure how I match an entry in an Apache log to an individual > user putting a transaction through the application. so if I have > thousands of users a day, how do I know which is which IP? > > Ann > > Todd Lyons wrote: >> On Thu, Jul 5, 2012 at 6:39 PM, Randall Whitman <909li...@whizman.com> wrote: >> >>>> Any way to "capture" the ip address from the http request or something >>>> like that? It is a java application running under tomcat with apache as >>>> the web server. >>>> >>> By default, the client IP address is the first field of the Apache >>> access log file. A clever attacker will spoof it, else use a >>> compromised botnet rather than one's own machines. >>> >> >> I'll nitpick a little here. You can't spoof the endpoint of a valid >> TCP connection. They may proxy it through some open proxy, but it >> will be the IP of the proxy, and most proxies, even open proxies, will >> add a HTTP header that indicates what IP it's proxying for. >> >> ...Todd >> > > -- > Ann Richmond > ---------------- > Randr Inc > 951-369-3427 > 951-787-8683 Fax > www.randrinc.com > > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://socallinux.org/pipermail/linuxusers/attachments/20120705/61b7fab4/attachment.htm> > > ------------------------------ > > _______________________________________________ > LinuxUsers mailing list > LinuxUsers@socallinux.org > http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers > > > End of LinuxUsers Digest, Vol 61, Issue 3 > ***************************************** _______________________________________________ LinuxUsers mailing list LinuxUsers@socallinux.org http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers
