How much the safety of your website worths?
NetBrood IP Safe is an easy to use module for your DotNetNuke web site. It can be used to restrict access to some IP adresses, redirect them or serve some content or a file.
As any responsible administrator you visit your Administrative Site Log page for collecting statistics or analyzing its details. While checking the detailed site log, though, have you ever noticed one (or more) specific, IP address (-es) sending requests to your website more often than usual and to a specific page, something like thousends requests per second???
Did you track the IP addresses but they are either not leading to a specific well known server, such as a well known search engine, but instead they have been identified as bots or spiders???
Did you contacted your host administrator to check those IP addresses, to blacklist or restore those addresses but this led to many emails beeing exchanged and at the end nothing happened, because a new IP address appeared after a while???
If the answer is yes to the above questions, then maybe, IP safe can be an easy and inexpensive solution for you to use and furnish your DotNetNuke website. Also integrating our analytics log, we manage to create a better logging sybsystem for your DotNetNuke portal and you, when you want to extract detailed and meaningful analytics.
IP handling is performed in the lower communication stack (3rd level). This kind of handling is performed usually by the system administrators; they define black-white list with IP addresses which can conect to the machinge running the webserver. While administrators block access in general to the machine, by closing TCP ports, they permit connection to the web server for clients to connect and perform requests.
But this is critical, since most essensial resources - and scpecially those connected to the privacy of your users or clients - are on your web server. So attackers try to exploit security flows, or bugs in the application level, in order to steal your precious resources (Such as the vulnerability in ASP .NET we recently heard about. An attacker using this vulnerability could request and download files within an ASP.NET Application like the web.config file (which often contains sensitive data); also could decrypt data sent to the client in an encrypted state - like ViewState data within a page).
We are talking about web spiders, bots or whatever web clients that traverse your website. This could be for malicious reasons such as trying to crack your website, or maybe just for indexing its content. But this also could make us being suspicious; what is a search engine doing in my website, since I did not invited it; or I put my robot.txt to block its access to some pages?
Also in the later case, the bot is stealing your something from your precious resources such as network bandwidth or web server processing capabilities, making your website slow to legitimate users or your business clients. Making your users to suffer a slow website experience.
So, aren't there times you wish to block some "persistent clients"? Sure in the platform you can restrict access to some users, but you cannot block some or redirect others to some other portions of your web site.
In other words, you can restrict access to register users by asigning roles, but how can you handle unregistered users?
IP safe is a module like any other DotNetNuke module. You can place it to a page and/or copy it to other pages in order to protect the pages where it is used. Also you can use it to display the client details, such as its browser and IP address, to the visiting user and/or log the visiting page. Its basic functionality is to restrict access (block), redirect, serve a file or a content (text) to clients identified by their IP addresses.
This way you can have one extra tool in your administrative toolbox to increase the safety of your website and use it as a responsible administrator of your website.
The module has minimal user interface:
it is easy to put it in action with simple settings:
Enable IP Safe will enable the IP Safe module functionality.
Display Client properties check, allows you to display the browser name and IP address for the connected user. Unckecking it though, it will not display anything and will allow module to work in stelth mode (if you check the Enable IP Safe check box).
Log Client Properties check boc will enable the module to collect and log connecting users' properties in order for you to extract detailed analytics for you portal users. So enable this check box, add this module to all pages in your portal and collect analytics data for any user that visits your portal. You may be supprised from the detailed results and the numbers of spiders visiting your website.
Also there is an easy interface to module functionality and Actions management:
You can block, redirect connecting users based on their IP address, serve them some static content (that can be the content of a web page or a text file) or a file for download.
Now, we have integrated a powerfull loggin system, based on connected client properties. This way the module logs properties such as:
- the visited portal - this is usefull when having multiple portals in one DotNetNuke installation. Of course all portals are available only to host superuser. Authorized users can see statistics for their portal.
- the vistited page - authorized user can see statistics for the page he has permission, while administrator can see details for any page.
- the visiting user - aythorized users can see statistics for themselves and other registered - unregistered DotNetNuke users.
- browser settings (such as the browser name, version, client's screen resolution etc). Screen resolution of the connected client - in order to apply a better skin for your web site.
- the advanced search allows to find out entry (and exit pages) in you web site - these are pages the user first entered (last visited) in your portal
- the application settings - if ip safe module performed some action on the client, the captured log type, etc.
- you can also limit results based on time etc
we have expanded the search form for you to see the details on which you can extract your results.
- Using this module, to log visits, one can get an approximation of the speed the connected client get pages from your website. This way you may identify havy pages and take proper actions - see bellow.
- Authorized users are permited to delete their log entries but only administrators can delete any log entry.
- Also due to restrictions users can see only their logged user name on the pages they visited - while adminsitrators see user ids and page ids for all the pages in the portal.
Based on the above remarks, you can enable this module for your portal registered users, that have permissions, in order to provide them analytics about your portal and their pages, directly, without any effort - e.g. without having to extract any other external analytics data, such as from Google Analytics.
For example: if you have a page where you advertise one of your customers, you can allow your customers to view details about page visits, by providing them a registered user account with permission to this module. This way you can convince them about the supremacy of your portal.
Bellow is another example of the analysis for our website's visits. We clearly see the difference between Client and Server log type. Because not all visitors are actual (real) users. While Google Analytics (or others analytics providers) collects analytics for visiting clients, using our logging feature you can collect either type, based on the visiting client - the module ensures you that you will collect the most feature rich analytics data set.
Also, for an actual user (Client type) you can easily see the pages he/she visited and in which sequence. While Google Analytics reports 4.3 pages/visit and other aggregated data, using this module you extract detailed data, and know exactly how many pages, a user visited and what those pages are (among others). Using the search form above, you can extract meaningfull analytics for your website, you users' preferences etc.
Also there is a posibility to display agregatd results in more formated maner as displayed bellow:
The fields support also localized templates for formating.
IP Safe Logging is a really powerful feature for IP Safe. Using it properly you can have a tool to distinguish those “peristent clients“ that visit frequently your website. Also extract meaningful analytics data for your web portal.
If you are still interested for your portal security check a demo in NetBrood.com website and check the latest release notes. Also registered users can check how the module works in Our Demo Page, without having to install anything on their websites.
So, if you are interested in more details, you can:
Why IP Safe?
IP address is an independed network feature that goes moreover with the machine, rather than the user using the machine. All connected devices (computers, laptops, or mobile phones etc) have a unique IP address. There are two kind of IP addresses, the static and the dynamic IP address. Static IP address is an IP address that does not change and it is allways the same. This kind of IP address is given usually to network providers that are constantly connected. Each client of the network provider receives an IP address that belong to the network provider's subnetwork. This is called dynamic IP address, it is the assigned dynamically to the client and this may be different everytime the client connect to the network.
No matter what the IP address is, this module allows you to block a specific IP address or any IP address that is a part of a subnetwork, creating network classes. This way this module does not discriminate any user, based on the user properties, but actually may prevent ("malicious" or not) client machines to squeeze resources from your website.