Tracing a true IP address - can we do it?

This is an archive of the phpBB 2.0.x support forum. Support for phpBB2 has now ended.
Forum rules
Following phpBB2's EoL, this forum is now archived for reference purposes only.
Please see the following announcement for more information: viewtopic.php?f=14&t=1385785
Locked
seanjohnstone
Registered User
Posts: 13
Joined: Sat May 14, 2005 7:35 am

Tracing a true IP address - can we do it?

Post by seanjohnstone » Sat Jul 29, 2006 9:03 am

I maintain a forum for a friend who has problems with individuals repeatedly reregistering under new nicknames to cause trouble. They all connect through the same proxy and so all have the same IP address - unfortunately so do a lot of legitimate forum users - hence we cannot just block that IP.

I know that I can visit sites such as http://www.all-nettools.com and it can detect my true IP address (beyond what the proxy shows it as) - can I integrate such a feature into PHPBB to do the same?

Can't see a mod for this.

Katash
Registered User
Posts: 2
Joined: Sat Jul 29, 2006 10:39 am

Post by Katash » Sat Jul 29, 2006 10:48 am

I know its not what your after but I'd suggest you implement authentication whereby valid e-mail addresses must be used for a registration. when they kick off, ban their email addresses - They'll soon get fed up of having to create new hotmail accounts.
Failing that I'd subtly edit every post they make just to make them look like idiots - perhaps some sort of gay pick-up line convo between them?

Katash
Registered User
Posts: 2
Joined: Sat Jul 29, 2006 10:39 am

Post by Katash » Sat Jul 29, 2006 10:59 am

.... I'd also consider mailing all your existing members and explaining the reasons for doing so, then using wildcards to ban mail providers like hotmail - that way they cant keep registering with free accounts.

Any legitimate users that are banned could be assigned mail accounts from your domain if they cant find a non free provider

atnbueno
Registered User
Posts: 39
Joined: Sun Aug 03, 2003 5:26 pm
Location: Spain
Contact:

Post by atnbueno » Sun Jul 30, 2006 11:23 am

I use this function to determine the IP address. It's far, far away from being a perfect solution, but it works with Spanish ISPs:

Code: Select all

function ip() {
	if ($_SERVER['HTTP_X_FORWARDED_FOR']) {
		return $_SERVER['HTTP_X_FORWARDED_FOR'];
	} elseif ($_SERVER['HTTP_CLIENT_IP']) {
		return $_SERVER['HTTP_CLIENT_IP'];
	} elseif ($_SERVER['REMOTE_ADDR']) {
		return $_SERVER['REMOTE_ADDR'];
	}
}
Antonio B.
mundoplus.tv - Televisión por Satélite en España

NeoThermic
Security Consultant
Posts: 2141
Joined: Thu Dec 25, 2003 1:33 am
Location: United Kingdom
Contact:

Post by NeoThermic » Sun Jul 30, 2006 12:57 pm

atnbueno wrote: I use this function to determine the IP address. It's far, far away from being a perfect solution, but it works with Spanish ISPs:

Code: Select all

function ip() {
	if ($_SERVER['HTTP_X_FORWARDED_FOR']) {
		return $_SERVER['HTTP_X_FORWARDED_FOR'];
	} elseif ($_SERVER['HTTP_CLIENT_IP']) {
		return $_SERVER['HTTP_CLIENT_IP'];
	} elseif ($_SERVER['REMOTE_ADDR']) {
		return $_SERVER['REMOTE_ADDR'];
	}
}


The two main problems with that is both X-Forwarded-For and HTTP-Client-IP can be faked as the user wishes. This would allow spoofing attacks where someone could appear as the same IP as another. If you also edit phpBB's code to trust the above variables, then it could facilitate session jumping, as all one would have to do is gain a session ID and the IP that is using it, and they could hop into that users session by passing the correct values via the header.

If you wish to log the x-forwarded-for or client IP fields in addition to the remote_addr that phpBB logs, you can do the following:

First you'll need to add a column to the posts table, so something like

Code: Select all

ALTER TABLE phpbb_posts ADD poster_forwarded_ip varchar(8);
Then you'll need to do the following:
In /includes/functions_post.php:

Code: Select all

FIND:


BEFORE ADD:

$forwarded_IP = (isset($HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR']) ? encode_ip($_HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR']) : encode_ip($_HTTP_SERVER_VARS['HTTP_CLIENT_IP']);


FIND:
$sql = ($mode != "editpost") ? "INSERT INTO " . POSTS_TABLE . " (topic_id, forum_id, poster_id, post_username, post_time, poster_ip, enable_bbcode, enable_html, enable_smilies, enable_sig) VALUES ($topic_id, $forum_id, " . $userdata['user_id'] . ", '$post_username', $current_time, '$user_ip', $bbcode_on, $html_on, $smilies_on, $attach_sig)" : "UPDATE " . POSTS_TABLE . " SET post_username = '$post_username', enable_bbcode = $bbcode_on, enable_html = $html_on, enable_smilies = $smilies_on, enable_sig = $attach_sig" . $edited_sql . " WHERE post_id = $post_id";

IN-LNE FIND:
enable_smilies, enable_sig

IN-LINE AFTER, ADD:
, poster_forwarded_ip

IN-LINE FIND:
$smilies_on, $attach_sig

IN-LINE AFTER, ADD:
, $forwarded_IP)
That will log the forwarded IP address of the poster, if they have one.

To be able to let bans on IP's affect those IP's as well:

/includes/sessions.php:

Code: Select all

FIND:
preg_match('/(..)(..)(..)(..)/', $user_ip, $user_ip_parts);

BEFORE ADD:
$user_forwarded_ip = (isset($HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR']) ? encode_ip($_HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR']) : encode_ip($_HTTP_SERVER_VARS['HTTP_CLIENT_IP']);

preg_match('/(..)(..)(..)(..)/', $user_forwarded_ip, $user_forwarded_ip_parts);

FIND:
WHERE ban_ip IN ('" . $user_ip_parts[1] . $user_ip_parts[2] . $user_ip_parts[3] . $user_ip_parts[4] . "', '" . $user_ip_parts[1] . $user_ip_parts[2] . $user_ip_parts[3] . "ff', '" . $user_ip_parts[1] . $user_ip_parts[2] . "ffff', '" . $user_ip_parts[1] . "ffffff')

AFTER ADD:
OR ban_ip IN ('" . $user_forwarded_ip_parts[1] . $user_forwarded_ip_parts[2] . $user_forwarded_ip_parts[3] . $user_forwarded_ip_parts[4] . "', '" . $user_forwarded_ip_parts[1] . $user_forwarded_ip_parts[2] . $user_forwarded_ip_parts[3] . "ff', '" . $user_forwarded_ip_parts[1] . $user_forwarded_ip_parts[2] . "ffff', '" . $user_forwarded_ip_parts[1] . "ffffff')
As of current, you'll have to find the forwarded IP's manually via the database, but for now that modification should do as required. Just don't fully trust the x-forwarded-for or http-client-ip as you'll hit problems.

NeoThermic
NeoThermic.com... a well of information. Ask me for the bit bucket so you can drink its goodness. ||新熱です

seanjohnstone
Registered User
Posts: 13
Joined: Sat May 14, 2005 7:35 am

Post by seanjohnstone » Mon Jul 31, 2006 6:33 pm

That looks great - thanks!

Locked

Return to “2.0.x Support Forum”