473,386 Members | 1,795 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > ip spoofer problem

Join Bytes to post your question to a community of 473,386 software developers and data experts.

IP spoofer problem

Hi all,

I've got a website coded in PHP, and a malicious person is
posting fake spam messages to a low-security forum that I've coded.
My forum code simply reads the POST data and in good faith
posts the message to the forum and records the IP of the poster.
Here is what is happening. Bogus messages are being posted
always of roughly the same type or message, often with
bogus URLs in them, and the IP address that I am recording
is always random i.e. spoofed.

What I would like to do is to have the web server keep the
connection open long enough to ascertain that the real
IP of the spoofer is, or at least to ascertain that the HTTP
request is more than one packet. Is it possible to do either
of these from PHP?

Thanks.

Mar 2 '07 #1
4 1960
Varn wrote:
Hi all,

I've got a website coded in PHP, and a malicious person is
posting fake spam messages to a low-security forum that I've coded.
My forum code simply reads the POST data and in good faith
posts the message to the forum and records the IP of the poster.
Here is what is happening. Bogus messages are being posted
always of roughly the same type or message, often with
bogus URLs in them, and the IP address that I am recording
is always random i.e. spoofed.

What I would like to do is to have the web server keep the
connection open long enough to ascertain that the real
IP of the spoofer is, or at least to ascertain that the HTTP
request is more than one packet. Is it possible to do either
of these from PHP?

Thanks.
No, it's not possible in PHP. However, they probably aren't using a
spoofed IP address, anyway. Most of these use anonymous proxies - of
which there are a bunch all over the world.

You may be better off parsing the message for URL's - if there are more
than one or two reject the message. It might help.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Mar 2 '07 #2
>I've got a website coded in PHP, and a malicious person is
>posting fake spam messages to a low-security forum that I've coded.
I've got news for you: those are *REAL* SPAM.
>My forum code simply reads the POST data and in good faith
posts the message to the forum and records the IP of the poster.
Here is what is happening. Bogus messages are being posted
always of roughly the same type or message, often with
bogus URLs in them, and the IP address that I am recording
is always random i.e. spoofed.
For TCP connections, it's very, very difficult to spoof an IP unless
you've taken over or can relay through the machine WITH that IP,
in which case in a very real sense, the IP is *not* spoofed, it's
accurate, although it's not going to help you figure out where to
send the SWAT team or target missiles to get the spammer.

What makes you think that there aren't millions of infected PCs as
part of the same botnet that all are sending the same spam?
>What I would like to do is to have the web server keep the
connection open long enough to ascertain that the real
IP of the spoofer is, or at least to ascertain that the HTTP
request is more than one packet. Is it possible to do either
of these from PHP?
It takes multiple TCP packets just to establish a connection.

Define "real IP". The IP address of the machine in the botnet is
likely the realest IP address you'll get without a subpoena, and
even then it will be difficult.

Mar 3 '07 #3
Varn wrote:
Hi all,

I've got a website coded in PHP, and a malicious person is
posting fake spam messages to a low-security forum that I've coded.
My forum code simply reads the POST data and in good faith
posts the message to the forum and records the IP of the poster.
Here is what is happening. Bogus messages are being posted
always of roughly the same type or message, often with
bogus URLs in them, and the IP address that I am recording
is always random i.e. spoofed.
If it's an automated spam, you may have to install one of those things
with the wiggly jpeg letters & numbers to be re-typed by a live human. I
know someone who had to install something like that, I think it was a
simple plugin sort of deal. Sorry I'm not more specific.
Mar 3 '07 #4
Paul Furman kirjoitti:
Varn wrote:
>Hi all,

I've got a website coded in PHP, and a malicious person is
posting fake spam messages to a low-security forum that I've coded.
My forum code simply reads the POST data and in good faith
posts the message to the forum and records the IP of the poster.
Here is what is happening. Bogus messages are being posted
always of roughly the same type or message, often with
bogus URLs in them, and the IP address that I am recording
is always random i.e. spoofed.

If it's an automated spam, you may have to install one of those things
with the wiggly jpeg letters & numbers to be re-typed by a live human. I
know someone who had to install something like that, I think it was a
simple plugin sort of deal. Sorry I'm not more specific.
You're talking about the Turing test, aka. Captcha:
http://en.wikipedia.org/wiki/CAPTCHA

--
"En ole paha ihminen, mutta omenat ovat elinkeinoni." -Perttu Sirviö
sp**@outolempi.net | Gedoon-S @ IRCnet | rot13(xv***@bhgbyrzcv.arg)
Mar 3 '07 #5
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

0
Windows python/Pmw-tkinter problem
by: Bruce Davis | last post by:
I'm having a problem on windows (both 2000 and XP) with a multi-threaded tkinter gui application. The problem appears to be a deadlock condition when a child thread pops up a Pmw dialog window in...
Python
11
Virtual function problem
by: Kostatus | last post by:
I have a virtual function in a base class, which is then overwritten by a function of the same name in a publically derived class. When I call the function using a pointer to the derived class...
C / C++
0
Scalability problem With .Net and Sqlserver
by: Refky Wahib | last post by:
Hi I need Technical Support I finished a Great project using .Net and SQL Server and .Net Mobile Control My Business case is to implement this Program to accept about 1 Million concurrent...
Microsoft SQL Server
117
Solution to the halting Problem?
by: Peter Olcott | last post by:
www.halting-problem.com
C / C++
28
Problem with virtual method
by: Jon Davis | last post by:
If I have a class with a virtual method, and a child class that overrides the virtual method, and then I create an instance of the child class AS A base class... BaseClass bc = new ChildClass();...
C# / C Sharp
6
Problem: Request time out
by: Ammar | last post by:
Dear All, I'm facing a small problem. I have a portal web site, that contains articles, for each article, the end user can send a comment about the article. The problem is: I the comment length...
ASP.NET
16
SP1 Problem SOAPException doesn't return quote and Umlaute correcty
by: Dany | last post by:
Our web service was working fine until we installed .net Framework 1.1 service pack 1. Uninstalling SP1 is not an option because our largest customer says service packs marked as "critical" by...
.NET Framework
2
Determining Dropdown Value Problem
by: Mike Collins | last post by:
I cannot get the correct drop down list value from a drop down I have on my web form. I get the initial value that was loaded in the list. It was asked by someone else what the autopostback was...
C# / C Sharp
1
IP spoofer in c#
by: qipi | last post by:
Hi, I want to make an application which manipulates an ip packet. It,for instance, will inject to a http request a different ip,so the site will see the injected ip,kinda ip spoofer. Where do I...
.NET Framework
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!