Want to do a "User/IP address Bandwidth Test", possible..? - GoFuckYourself.com

chupacabra · 02-15-2005, 02:58 PM

i want to do a check and see how much bandwidth is being eaten up by different users, or even just by IP addresses... i don't really want to change my entire security setup altogether, is there any option i can implement temporarily that will log how much bandwidth is being used like this?

i want to hunt down rogue accounts, and accounts that are being accessed by multiple parties via proxies...

alternately, any good proxy-blocking solutions out there? thx all..!

chupacabra · 02-15-2005, 09:50 PM

gentle bump for the evening crowd..?

Manansala · 02-15-2005, 09:57 PM

You know cPanel? Check the source.
Proxy blocking solutions eat up alot of system resources.

chupacabra · 02-15-2005, 10:45 PM

Quote:

Originally Posted by Manansala

You know cPanel? Check the source.
Proxy blocking solutions eat up alot of system resources.

mmm, i have never used cPanel but will check it out right now... i do realize that proxy-blocking scripts eat massive amounts of system cycles up, thats whhy i just want to do some short testing, to ferret out uesr accounts that are being abused via proxy sharing...

any suggestions most welcome, thx friends..!

raymor · 02-16-2005, 12:08 PM

Any decent stats program such as Webalizer will show you that info.
Some stats programs, including webalizer, have a lot of different reports
that can be turned on and off in the config so it's fairly likely that your
current reporting program can do that for you and all you need to do
is turn on those reports in the config.

When you do, it pretty likely that you'll be amzed at how big of a problem
it really is and you'll change your mind about shelling out $100 for
some real security.

Typical proxy blockers aren't that great, as you seemed to indicate.
The load they put on your system is a problem, they don't block
most of the types of proxies that are actually used by the people you
want to stop, but they do block proxies that migt occasionally be used
by a legit member. The solution there is two fold. First, you get a security
solution designed by someone who was actually paying attention
in security 101 and properly distinguishes between authentication
and authorization. You authenticate (and check for proxies) once,
when they login, so that solves your load problem. I completely amazes
me that amost all ofthe "security" approaches marketed for web sites
screw up this very basic principle. That's not advanced computer science, it's literally
taught within the first few weeks (or chapters) of any security course or book.
Also you don't use some silly proxy list or header check as the one and
only criteria, blocking or allowing based on whether or not they SAY that they
are a proxy. Rather what you want to do is use all methods at your disposal
to find out not only IF it's a proxy, but what kind of proxy it is, then
use that information IN COMBINATION with other information about this
login attempt and previous attempts to make a decsion based on
ALL of the available data combined. Again, it amazes me that while these
two idea are so simple and so basic most systems get it wrong on one
or both counts. This lack of any reasonably designed system is why we
were forced to develop Strongbox a few years ago, to provide a security
solution that at least gets the key elements correct.

02-15-2005, 02:58 PM	#1
chupacabra Confirmed User Join Date: Sep 2002 Posts: 3,626	Want to do a "User/IP address Bandwidth Test", possible..? i want to do a check and see how much bandwidth is being eaten up by different users, or even just by IP addresses... i don't really want to change my entire security setup altogether, is there any option i can implement temporarily that will log how much bandwidth is being used like this? i want to hunt down rogue accounts, and accounts that are being accessed by multiple parties via proxies... alternately, any good proxy-blocking solutions out there? thx all..!

02-15-2005, 09:57 PM	#3
Manansala Confirmed User Join Date: Jan 2005 Posts: 551	You know cPanel? Check the source. Proxy blocking solutions eat up alot of system resources. __________________ I don't have a signature. !

02-16-2005, 12:08 PM	#5
raymor Confirmed User Join Date: Oct 2002 Posts: 3,745	Any decent stats program such as Webalizer will show you that info. Some stats programs, including webalizer, have a lot of different reports that can be turned on and off in the config so it's fairly likely that your current reporting program can do that for you and all you need to do is turn on those reports in the config. When you do, it pretty likely that you'll be amzed at how big of a problem it really is and you'll change your mind about shelling out $100 for some real security. Typical proxy blockers aren't that great, as you seemed to indicate. The load they put on your system is a problem, they don't block most of the types of proxies that are actually used by the people you want to stop, but they do block proxies that migt occasionally be used by a legit member. The solution there is two fold. First, you get a security solution designed by someone who was actually paying attention in security 101 and properly distinguishes between authentication and authorization. You authenticate (and check for proxies) once, when they login, so that solves your load problem. I completely amazes me that amost all ofthe "security" approaches marketed for web sites screw up this very basic principle. That's not advanced computer science, it's literally taught within the first few weeks (or chapters) of any security course or book. Also you don't use some silly proxy list or header check as the one and only criteria, blocking or allowing based on whether or not they SAY that they are a proxy. Rather what you want to do is use all methods at your disposal to find out not only IF it's a proxy, but what kind of proxy it is, then use that information IN COMBINATION with other information about this login attempt and previous attempts to make a decsion based on ALL of the available data combined. Again, it amazes me that while these two idea are so simple and so basic most systems get it wrong on one or both counts. This lack of any reasonably designed system is why we were forced to develop Strongbox a few years ago, to provide a security solution that at least gets the key elements correct. __________________ For historical display only. This information is not current: support@bettercgi.com ICQ 7208627 Strongbox - The next generation in site security Throttlebox - The next generation in bandwidth control Clonebox - Backup and disaster recovery on steroids

02-15-2005, 09:50 PM	#2
chupacabra Confirmed User Join Date: Sep 2002 Posts: 3,626	gentle bump for the evening crowd..?