2

I'm looking to set up a whistleblowing/anonymous tip website, but I've run into some problems. The basic idea is that you navigate to a splash page, fill in a few fields (name and location optionally, and then the message), then fire it off. At that point the message gets sent to a specific email inbox so that our team can look at it.

I've done a bit of research and PHP seems like my best bet, but I would also like to be able to log IP addresses for every message (or, more ideally, append them to the email before it is sent) so that I can be sure I'm not getting trolled or spammed. Can anyone point me in the right direction with this? I'm kind of a PHP noob, but willing to learn.

Thanks!

Improve this question
4
  • possible duplicate of php: geting ip addres Commented Feb 4, 2011 at 7:11
  • 1
    That doesn't sound very anonymous to me. Commented Feb 4, 2011 at 7:19
  • I guess I'm using the term 'anonymous' a bit loosely here, I mostly just want a way of making sure people aren't gaming the system while submitting reports that don't require their names or e-mail addresses. Commented Feb 4, 2011 at 7:28
  • You're using it completely wrong, to be precise - you mean "pseudonymous" - as you're identifying users by something (IP address in this case), but it's not their name. The main problem I see is that it's not even very strong pseudonymity, in most cases IPs can be linked back to the person using only legally and publicly available data. Commented Feb 4, 2011 at 7:56

2 Answers 2

Reset to default
2

The remote IP address will be available within your php script using the super global $_SERVER['REMOTE_ADDR']. You can append that to your mail.

Just to mention: If you log the ip address of the sender, you kind of miss something important if you want the sender to be ANONYMOUS. Because if you log the ip, then this is not really the case anymore.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

You could store the salted hash of the IP instead of logging the IP itself.
Thanks, this looks promising. Same goes for the salted hashes of the IP — if that means that I can still weed out multiple submissions by the same person without actually logging their IP, that would be pretty great... any idea on how to do this though?
@Tom I would imagine you would want to use a database to store some information about each message sent (i.e. put the IP hashes in a table keyed by a unique message ID). That way when a new message is added your script can check for other messages from the same IP and decide whether or not it's spam. As for generating the hashes themselves, I think md5 will do what you need: php.net/manual/en/function.md5.php
0

Problem

Spambots most of the times have a network of computers(hacked!) so blocking IP addresses most of the times does not work. Also I would like to point out the probably some legimate user who is not aware of the malware on his PC can't use your service because you are blocking his IP address. Otherwise CAPTCHA's were NOT necessary at all and Google, Yahoo! would not be using them at all because as you most likely know these images are hard to read sometimes.

Solution

You should just have a good spam filter(GMail's works very good) in place and use Akismet to detect spam-messages instead. They have very decent libraries in place so that you don't have to do any coding at all and it is going to work a lot better, then what you were about to implement.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.