Tags:







Advertise here: Contact FM.


Is this IP spoofing?
October 19, 2007 4:42 AM   RSS feed for this thread Subscribe

Someone posted a spam comment on my blog that came from IP address "192.168.0.165". Since that IP address is reserved for private networks, how on earth did they do that? Is this "IP spoofing"? If so, how does it work?
posted by simonw to computers & internet (7 comments total) 2 users marked this as a favorite
Yes, it is.

SecurityFocus has a good overview, and so does wikipedia.
posted by rachelpapers at 4:46 AM on October 19, 2007


You could probably configure the firewall to block that IP range from being used by external traffic, but to defend against all spoofing you'd need to improve the comment form to add typical anti-CSRF measures (at the simplest level, add a salted hash of IP, user agent, date and post ID). That way the commenter has to download something (which the spoofer can't do) in order to submit successfully.
posted by malevolent at 6:05 AM on October 19, 2007


My guess: Your blog software "helpfully" takes the address from the "X-Forwarded-For" header added by a web proxy, and it's reporting the "behind the proxy" address.

This might be useful in the case of someone trying to hide behind (public) proxies to avoid bans, etc., or in the case where your website is behind a reverse proxy (load-balancer).

A quick glance at the Django source suggests it does exactly that, according to docs/middleware.txt, if django.middleware.http.SetRemoteAddrFromForwardedFor is set. There's a first place to look.
posted by mendel at 6:15 AM on October 19, 2007


it could be a problem with how the blog gathers its ip addresses, that actually could be the client computer's IP address, just not the ip address of its gateway.
posted by yeahyeahyeahwhoo at 6:17 AM on October 19, 2007


do you not use user accounts on your blog? i've seen a lot of sites out there now include captcha's with anonymous comment forms. well worth it, imo.
posted by Dillonlikescookies at 4:09 PM on October 19, 2007


Alternatively, you could set up OpenID and disable anonymous comments. I know it's easy in Wordpress.
posted by Mr. Gunn at 4:34 PM on October 19, 2007


I think setting up OpenID might be a bit beyond this poster's abilities.
I know: AskMe is not for jokes.
posted by yerfatma at 5:31 AM on November 6, 2007


« Older ScotlandFilter: Where should I...   |   How infrequently must I drink ... Newer »

You are not logged in, either login or create an account to post comments



Related Questions
Are your tubes clogged, too? October 21, 2006
Why is my website so popular in South Korea? July 18, 2006
Wuz she hax0r3d? February 3, 2006
My emails to various AOL addresses get rejected... June 2, 2005
think before you spam February 19, 2005