Add IP info lookup for Admins

spec
rfc

(Jeff Atwood) #1

I propose adding a “lookup” button next to most IP addresses in user fields that are visible to admins:

Clicking the lookup button would pop up a dynamically queried box that shows a spinner, which will populate with additional lookup info about that IP as the data arrives, e.g.

We can start simple with just the top 3 here:

  1. Geolocation info for this IP, with Google Maps link
  2. reverse DNS lookup info for this IP
  3. lookup other accounts sharing this IP
  4. query server logs for this IP
  5. query flags filed against this IP

etc, whatever else it makes sense to query or show for an IP

This way if you have a sketchy user, you can verify where they’re coming from.


(Benjamin Kampmann) #2

Unless we do the lookup at the time of creation, the geolocation could’ve changed no? Is there a way to do a lookup of an IP for the past?


(Jeff Atwood) #3

It says “Last IP address”. That’s where we last saw them. So what’s the issue, again?


(Benjamin Kampmann) #4

Yes, sure the last IP. But if you’d query for the GEO-Data of the IP, lets say a day later, when the user clicks on it, most services will give you the geoposition of it right now (not where it has been when we registered it). I was just wondering whether we want to take that into account, query at the time of registration for the data or whether there are services that keep a record we can look up at.


(Jeff Atwood) #5

This seems like extreme hair-splitting, considering what we have now is nothing.


(Benjamin Kampmann) #6

Oh, don’t misunderstand my request as critique please. I am totally up for it. That was merely an implementation detail question out of curiosity.


(Ben Dowling) #7

IP locations don’t change that frequently, and even less frequently at the country level, so looking up the current geolocation details is probably going to be OK.

To get this up and running quickly you could use the http://ipinfo.io API, which gives you a bunch of different details:

$ curl ipinfo.io/67.188.232.130
{
  "ip": "67.188.232.130",
  "hostname": "c-67-188-232-130.hsd1.ca.comcast.net",
  "city": "Mountain View",
  "region": "California",
  "country": "US",
  "loc": "37.4192,-122.0574",
  "org": "AS7922 Comcast Cable Communications, Inc.",
  "postal": "94043"
}

(Kane York) #8

Oh wow, it includes the AS number? That could be useful for detecting cheap proxies.

Here’s what it returns for my droplet in the SF cluster:

curl ipinfo.io/107.170.242.76
{
  "ip": "107.170.242.76",
  "hostname": "hello.from.riking.org",
  "city": "New York",
  "region": "New York",
  "country": "US",
  "loc": "40.7267,-73.9981",
  "org": "AS14061 Digital Ocean, Inc.",
  "postal": "10012"
}

Yeah, “Digital Ocean” is way more useful than “New York” there.

And my current location on campus WiFi:

{
  "ip": "129.65.150.6",
  "hostname": "pcp069467pcs.wireless.calpoly.edu",
  "city": "San Luis Obispo",
  "region": "California",
  "country": "US",
  "loc": "35.3471,-120.4553",
  "org": "AS2152 California State University Network",
  "postal": "93407"
}

Again, AS number is really useful!


(Jeff Atwood) #9

Well, if you want to work on this @riking be my guest :wink:


(Benjamin Kampmann) #10

Is anyone on this? @riking, @coderholic, @codinghorror? Otherwise I’d volunteer to work on it (this week).


(Sam Saffron) #11

Nobody is working on this, feel free to give it a shot. Also any bugs, bugs are our top priority at the moment. (hence I am slowing down on PR review work)


(Benjamin Kampmann) #12

@sam, I see, thanks for the heads-up. Running through that category now and let me know if there is anything I can help with.


(Jeff Atwood) #13

I would personally very much like to see this added!


(Benjamin Kampmann) #14

As promised:


(Jeff Atwood) #15

@lightyear this looks great. Copy added. :thumbsup: The accounts with same IP is a huge, huge help.

Thank you. Big step forward.


(Benjamin Kampmann) #16

always a pleasure. Do I get pinned global banner topics now :smiley: ?


(Jeff Atwood) #17

ask @zogstrip he is working on it.

The bulk of this, and the important parts, are definitely all there now. The only bits left are:

  1. query flags filed against this IP
  2. query server logs for this IP

I’ll leave this open in case anyone wants to take those.


(Régis Hanol) #18

Yes, sir!


(Benjamin Kampmann) #19


(Jeff Atwood) #20

@lightyear I noticed this does not work at all for IPV6, e.g. this:

Any comment @supermathie?