You are not logged in.
- Topics: Active | Unanswered
#1 2010-03-09 10:40 pm
- poultryexcuse
- Member
- Registered: 2009-09-08
- Posts: 96
Anybody Seen A Dot/Period In Place Of IP# (vBulletin3.8.3)
Sorry if this is inappropriate for this forum...
We've got a Guest using various different IPs(recognized from their userstring), but now has shown up with just a period in place of their IP#.
Any idea what software/service/method they are using to do that?
Edit: Guest
Last edited by poultryexcuse (2010-03-14 9:59 am)
Offline
#2 2010-03-10 5:43 am
- zaphod
- Jägermonster
- From: USA
- Registered: 2008-11-22
- Posts: 2,115
- Website
Re: Anybody Seen A Dot/Period In Place Of IP# (vBulletin3.8.3)
Are you trying to pull hostname? Sometimes that's poisoned. I have seen foreign addresses return "." and even "localhost"
I suggest you use $_SERVER['REMOTE_ADDR'] (if using php) to discern IP address instead. If this variable is miss-set, it was a spoofed IP anyway, to the point the connection failed.
Also, you might try my program ZB Block (if you are looking to protect php applications), this sounds like a prime example of a problem it deals with well.
Zap 
Get Protected, Stay Protected...
With ZB Block, GNU/GPL Freeware Anti-Spam/Anti-Hack protection for your php based website.
Offline
#3 2010-03-10 10:31 am
- poultryexcuse
- Member
- Registered: 2009-09-08
- Posts: 96
Re: Anybody Seen A Dot/Period In Place Of IP# (vBulletin3.8.3)
I was viewing the "Who's Online" list; most of the listings show some kind of alpha/numerical address, along with a hostname of some type.
I appreciate and will pass on your suggestions to our Admin. I'm just a moderator and know nothing about php, programming in general, other matters technical... Lucky I can find my a$# with both hands(on a good day.)
So "$_SERVER['REMOTE_ADDR']" should be the variable employed in the place where our php determines the IP#...
Thanks again.
Offline
#4 2010-03-10 12:35 pm
- zaphod
- Jägermonster
- From: USA
- Registered: 2008-11-22
- Posts: 2,115
- Website
Re: Anybody Seen A Dot/Period In Place Of IP# (vBulletin3.8.3)
Well, if this is who's online, what they should do is stick with what they're using.
But if it's security logging, the IP is far more important, hostname could could later. Hostname isn't trustable, and should not be used for IP specific blocking (as it can be faked).
Zap
Get Protected, Stay Protected...
With ZB Block, GNU/GPL Freeware Anti-Spam/Anti-Hack protection for your php based website.
Offline
#5 2010-03-11 3:15 pm
- Alessandra
- Member
- From: Chicago, Illinois, USA
- Registered: 2009-11-29
- Posts: 165
- Website
Re: Anybody Seen A Dot/Period In Place Of IP# (vBulletin3.8.3)
So, zaphod, do you mean that I shouldn't be using hostnames as criteria for my forum's ban list? I've been using IP, hostname, and email, but not user name since that seems so random and pointless (Also, what if a spammer uses the name "Dave"?). If hostnames are really untrustworthy, I can eliminate using them.
Offline
#6 2010-03-11 3:54 pm
- zaphod
- Jägermonster
- From: USA
- Registered: 2008-11-22
- Posts: 2,115
- Website
Re: Anybody Seen A Dot/Period In Place Of IP# (vBulletin3.8.3)
Yes, you can use hostnames in the ban list. Just don't rely on them.
IPs can also change ownership, but there is no way to "poison" a domain name server to report the wrong IP of a connection... however there is a way to poison them to report the wrong domain name of an IP.
Spoofed IPs don't connect due to http's bi-directional handshake.
If you are having problems with an isp, for example, netdirekt.d3 (substitute d3 for de) the best thing to do would be to ban netdirekt.d3, but even more secure is to find out what their IP ranges are and ban them. I would nomally go to http://robtex.com , enter the network name, and click lucky.
Then click the graph tab, then the AS record number on the right of that graph, giving you http://www.robtex.com/as/as28753.html . Then click the BGP tab to find all that host's network ranges (CIDR format).
If your forum doesn't accept CIDR, but will accept a IP-IP range you can use a service like http://grox.net/utils/whatmask/ to convert. For instance 217.20.112.0/20 becomes 217.20.112.0 - 217.20.127.255 .
BTW ZB Block allready has this whole ASR blocked, along with it's compatriots internetserviceteam.c0m, NetDirect, and jmhservices.c0m.
Zap
Get Protected, Stay Protected...
With ZB Block, GNU/GPL Freeware Anti-Spam/Anti-Hack protection for your php based website.
Offline
#7 2010-03-12 8:40 am
- poultryexcuse
- Member
- Registered: 2009-09-08
- Posts: 96
Re: Anybody Seen A Dot/Period In Place Of IP# (vBulletin3.8.3)
Thanx for those tips, Zap.
We're not seeing any hostname nor IP# on our "Who's Online" list...nothing but a single dot/period "."
Offline
#8 2010-03-12 3:13 pm
- zaphod
- Jägermonster
- From: USA
- Registered: 2008-11-22
- Posts: 2,115
- Website
Re: Anybody Seen A Dot/Period In Place Of IP# (vBulletin3.8.3)
if (($hostname == ".") || ($hostname == "localhost")){ $hostname = $ipaddress }Substitute the proper variables as needed.
Zap
Get Protected, Stay Protected...
With ZB Block, GNU/GPL Freeware Anti-Spam/Anti-Hack protection for your php based website.
Offline