|
Q. The proxy server at AOL, etc. are driving me crazy. I am spending too much time analyzing whether my users are cheating on their subscriptions or just victims of these proxy servers. I sell individual memberships to technical data. I only have about 50 users, and they do not pay a lot, but it is necessary to protect the data. Is their anything that can be done? I have entered the AOL server ip's, but that effectively allows anyone using AOL to cheat. Now it appears that there are others doing the same as AOL. A. With standard webquota you can use cookie based authentication to better identify concurrent logins with the same username (better known as password sharing). Because HTTP is stateless, every request is unique. What that means is with AuthentiX , each username is checked for authentication, but there is no way to tell if it is one user or four users logging in at any one time. In the past, WebQuota Standard allowed you to look at the username, and the IP address. This helped identify unique users (during a session, a username would only have one IP address). Ah, but AOL and Earthlink decided to change IP addresses, even mid session. A valid user could now appear to be coming from different IP addresses...even during the same session. Enter the new and improved WebQuota Standard. Now you can use cookies to uniquely identify a user during a session. This stops password sharing cold. If you want to create individual threshholds for account abuse based upon username, then you'll still need to use WebQuota CMCL rather than standard WebQuota.
NEW!! WebQuota nows includes cookie based
Limited Concurrent Logins protection- which prevents password sharing, even
for users with revolving IP addresses!
See GetConcurrencyToken and setup instructions. Note that this will mean the the Limit-login email warnings will show the remote IP address as the session id instead (of the form "NIN0IANIN0KXNC0KZMQIQIQUMKJAIBNTAIANKZIX0NKY0KX").
Will says:
Thanks Will!
|
|