| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 15 Jun 2004 22:13:44 -0500 From: GulfTech Security <security@...ftech.org> To: BugTraq <bugtraq@...urityfocus.com> Subject: Problem With IP Logging In Invision Power Board? IPB like many other forum systems logs visitors IP's However I have noticed in the past that people who are surfing through some proxies have their internal (private) IP logged instead of their "real" IP Address. Here are a few screenshots I took of my LAN IP being logged instead of my internet IP. http://images.gulftech.org/ipb_1.png http://images.gulftech.org/ipb_2.png As far as I can tell it is using the X_FORWARDED_FOR IP, which might be a good thing as it could get the IP of a person using a non anonymous proxy or the like to cause some mischief, but it should definitely check for private IP's and if it finds one present go with the REMOTE_ADDR IP instead, or something different because IP's of private networks are pretty much useless to admins etc. I have not taken time to look at the code responsible for this behavior, but I did contact Invision a while back and was basically told to purchase a license if I wanted technical support. hmmmmm, great response :P BTW, the particular IPB version I have experienced this behavior on is the latest 1.3 release. Anyway, anyone else have this issue? James B.
Powered by blists - more mailing lists