Is this IP spoofing?
October 19, 2007 4:42 AM

Someone posted a spam comment on my blog that came from IP address "192.168.0.165". Since that IP address is reserved for private networks, how on earth did they do that? Is this "IP spoofing"? If so, how does it work?
posted by simonw to Computers & Internet (7 answers total) 2 users marked this as a favorite
Yes, it is.

SecurityFocus has a good overview, and so does wikipedia.
posted by rachelpapers at 4:46 AM on October 19, 2007


You could probably configure the firewall to block that IP range from being used by external traffic, but to defend against all spoofing you'd need to improve the comment form to add typical anti-CSRF measures (at the simplest level, add a salted hash of IP, user agent, date and post ID). That way the commenter has to download something (which the spoofer can't do) in order to submit successfully.
posted by malevolent at 6:05 AM on October 19, 2007


My guess: Your blog software "helpfully" takes the address from the "X-Forwarded-For" header added by a web proxy, and it's reporting the "behind the proxy" address.

This might be useful in the case of someone trying to hide behind (public) proxies to avoid bans, etc., or in the case where your website is behind a reverse proxy (load-balancer).

A quick glance at the Django source suggests it does exactly that, according to docs/middleware.txt, if django.middleware.http.SetRemoteAddrFromForwardedFor is set. There's a first place to look.
posted by mendel at 6:15 AM on October 19, 2007


it could be a problem with how the blog gathers its ip addresses, that actually could be the client computer's IP address, just not the ip address of its gateway.
posted by yeahyeahyeahwhoo at 6:17 AM on October 19, 2007


do you not use user accounts on your blog? i've seen a lot of sites out there now include captcha's with anonymous comment forms. well worth it, imo.
posted by Dillonlikescookies at 4:09 PM on October 19, 2007


Alternatively, you could set up OpenID and disable anonymous comments. I know it's easy in Wordpress.
posted by Mr. Gunn at 4:34 PM on October 19, 2007


I think setting up OpenID might be a bit beyond this poster's abilities.
I know: AskMe is not for jokes.
posted by yerfatma at 5:31 AM on November 6, 2007


« Older Where to stay in Edinburgh?   |   help me drink just the right amount of coffee Newer »
This thread is closed to new comments.