Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: MAC address detection

  1. #1
    Junior Member
    Join Date
    Jun 2006
    Posts
    7

    MAC address detection

    I am running a torrent tracker and would like to make my users accounts safer...so i would like to make an account acessible from only 1 pc and i'd like to make this using the MAC address or CPU-ID...could it be done using PHP or any other language that could be implemented in a website? If so which is the language and how could i do this?

  2. #2
    Junior Member
    Join Date
    May 2006
    Posts
    6
    Scince your dealing with a web site for authintication - no - MAC address isnt one of the SERVER VARIABLES available to you. Maybe make the MAC address a part of the login. Show them how to obtain the MAC and use it to authinticate. But if they write it down and take it to another pc this idea wont work. (hoping no one can remember a MAC address)..

  3. #3
    Junior Member
    Join Date
    Jun 2006
    Posts
    7
    the thing is that the user isn't supposed to enter the mac....i have to get the mac in order to check it when somebody starts their torrent client so i can compare it to the one in the database....so i have to do this automatically....would an activex component solve my problem? if yes...how do i build it...maybe a few outlines or smth to start from....

  4. #4
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    You're not going to get the MAC address of the remote machine from the packets themselves. The packets will show the MAC address of the last router the packet passed through.

    You could do it with some script or something I'm sure... But I have never used torrents so I don't know how they work.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  5. #5
    Junior Member
    Join Date
    Jun 2006
    Posts
    7
    it;s basic php...if it can be done in php it can be done to a torrent...so...is it do-able in php?

  6. #6
    Junior Member
    Join Date
    May 2006
    Posts
    6
    here is an idea - durring account creation - take the unix time of the new account - store it and a MD5 version of the unix time into the regiser database. create a cookie on the client with the MD5 key. Now - there is now way that the hacker can hack this because he dont know the exact unix time of creation.

    upon future logins - query the MD5 from the cookie and unix time from database and see if match - if not - hacking has happened. Ill have to think on this one more....sounds fool proof.

  7. #7
    Junior Member
    Join Date
    Jun 2006
    Posts
    7
    and what if the user hits "clear cookies" button...sounds like he won't be able to login anymore

  8. #8
    Junior Member
    Join Date
    May 2006
    Posts
    6
    i posted more on my blog - <a href="http://2advent.com:81/ViewComments.php?blogid=131">http://2advent.com:81/ViewComments.php?blogid=131</a>

  9. #9
    Junior Member
    Join Date
    Jun 2006
    Posts
    7
    i think i'll have to say it once again...what if the user reinstalls windows or deletes cookies....wouldn't he be unable to login from that point?

  10. #10
    Junior Member
    Join Date
    Jan 2006
    Posts
    14
    In the case of cookies being cleared, there could be a 2nd factor authentication process on the web server, say, having a button saying "Request new cookie", then asking for your first pet's and mother's maiden name.

    Just my 2p's worth


    Sean
    If a packet falls in an empty network, - does it make any noise?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •