I got a wild one here, but I can't figure out this proxy he's on...

[Killbat]

I run a small forum from my webserver at home, used by a small group of friends (less than a dozen active members). Recently this crazy registered and has made a couple nonsensical posts. Every time, he accesses it from 199.91.35.254, which resolves to proxy.pho.medcity.net
I'm trying to find out more information about this address, but have been unsuccessful so far, that's where I'm asking for help.
Also, when I get tired of this wang, what's the best way to deal with it? I don't think my forum software allows IP or IP range bans.

 

[sabka]

Here you go:

Registrant:
HCA Information Technology and Services
Bldg 4 - 2E Attention Ken Wood
2555 Park Plaza
Nashville, TN 37203
US

Domain Name: MEDCITY.NET

Administrative Contact:
Engineering, Network corp.tech@hcahealthcare.com
Bldg 4 - 2E Attention Ken Wood
2555 Park Plaza
Nashville, TN 37203
US
615-344-8389
Fax: 615-344-8980

Technical Contact:
Engineering, Network corp.tech@hcahealthcare.com
Bldg 4 - 2E Attention Ken Wood
2555 Park Plaza
Nashville, TN 37203
US
615-344-8389
Fax: 615-344-8980



Registrar of Record: directNIC.com, http://www.directnic.com
Record last updated on 14-Jun-2002.
Record expires on 28-Oct-2003.
Record Created on 29-Oct-1997.

Domain servers in listed order:
NS1.MEDCITY.NET 199.91.33.20
NS2.MEDCITY.NET 199.91.36.20


As for blocking his/her IP: Depending on what type of OS you're using, you could use a software based firewall or even, if you have one and it supports it, block it through your router.

 

[Killbat]

Thanks, but checking the router logs I came up with an IP accessing the webserver that no member has claim to. I'm keeping a log utility running now, and if he posts again I'll be able to confirm his origins with the timestamp.

 

[Garion]

What kind of server is your forum running on? If you want to block an IP, you can always do it the old-fashioned way. Add dummy route to your server to that network so that it goes nowhere. Takes right good care of it.

- G

 

[Killbat]

I won't have the hardware firewall come school time.

 

[n0cmonkey]

Originally posted by: Killbat
I won't have the hardware firewall come school time.

Use something like OpenBSD or Linux to sit between your webserver and the internet. Both of those OSes come with two fo the top firewalls out there.

 

[Killbat]

Then we're talking about 3 machines, my workstation, the firewall box, and the server. That's too many (this is all going in a dorm room), I need something on the server itself, basic IP/port blocking capability.

 

[n0cmonkey]

Originally posted by: Killbat
Then we're talking about 3 machines, my workstation, the firewall box, and the server. That's too many (this is all going in a dorm room), I need something on the server itself, basic IP/port blocking capability.

Both of the OSes I mentioned work great as webservers. Im not aware of any firewalls that give you this much control under Windows, but Tiny Personal Firewall might.

 

[CaptainGoodnight]

You can block that address from in IIS. Right click on you site in the Internet Infomation Systems snap-in in Computer Management. Select Properties, Click the Directory Security Tab, click "Edit..." button under the IP address and domain name restrictions. Add his ip/domain name.