Solved

Manage /Control Multiple logins to a website

Posted on 2013-06-21
7
224 Views
Last Modified: 2013-11-13
We host a website on tomcat. To be able to use our website we sell subscriptions. To ensure these are not abused we track IP's and ensure that only allowed IP's are able to log in.

However this means a public IP is allowed and if there are 10 pc's behind that public ip all are allowed. We always knew this and never bothered to look into it. But now with new licensing in place we want to be able to track how many different or individual pc's are accessing our Website.


Is there a way to record or obtain mac address of the remote pc's logging in or is there any other way to manage or control this.

Please advise thanks.
0
Comment
Question by:Clement P
7 Comments
 
LVL 11

Assisted Solution

by:Giladn
Giladn earned 334 total points
ID: 39265410
I found this:
http://wiki.apache.org/tomcat/FAQ/Logging

please do tell what kind of firewall you are using, is embedded web tracking app/code like GOSTATS a good solution?
http://gostats.com/

hope this helps,

G
0
 
LVL 1

Assisted Solution

by:svenove
svenove earned 166 total points
ID: 39265470
MAC-address-information is not accessible after the connection passes through a router, so that's not an option.

How exactly do they log in? Username and password?
If so, you could perhaps implement some kind of system to check if the same username is logged in from different IPs at the same time?

An other option is to check the HTTP_USER_AGENT - this is the string that identifies the browser/OS and even this would be the same on two computers running the same OS and browser, combining that along with IP is a step closer at least. :)
0
 
LVL 53

Expert Comment

by:COBOLdinosaur
ID: 39267296
If you are licensing IP instead of users then you really have little control beyond keeping a count of users logging on from the IP and limiting the number. cookies do not help much because they can be deleted by the use.

I will also confirm what svenove said about the mac address.  That can only be used by the router to map local devices.



Cd&
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 11

Expert Comment

by:Giladn
ID: 39268208
comment:

you cannot "trace" or track those users since no authentication mechanism is involved
0
 
LVL 2

Author Comment

by:Clement P
ID: 39283741
Can we get internal IP of the users, by using any php code integreated on our website. combination of internal ip and external ip wil give us a clear idea.
0
 
LVL 11

Accepted Solution

by:
Giladn earned 334 total points
ID: 39284070
it depands, what exactly are you using in order to connect users? Firewall VPN? IPsec?
are users getting static ip address from your server?

please describe topology so I can be more helpful..

G
0
 
LVL 2

Author Closing Comment

by:Clement P
ID: 39644117
sorry for not accepting the solutions .
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
topping3 challenge 14 52
@SBGen Method 3 25
SIEM traffic 5 31
starter POM and spring-boot-starter,  spring-boot-web 2 17
If your site has a few sections that need to be secure when data is transmitted between the server and local computer, such as a /order/ section for ordering or /customer/ which contains customer data, etc it would of course be recommended to secure…
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
Viewers will learn about basic arrays, how to declare them, and how to use them. Introduction and definition: Declare an array and cover the syntax of declaring them: Initialize every index in the created array: Example/Features of a basic arr…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now