Kryptix Posted October 10, 2010 Share Posted October 10, 2010 Not so much of a programming problem as such but if I add the ability to recover accounts via IP address, is it possible to spoof an IP address? Is it a bad idea to automatically allow a user to reset a password if their IP (according to PHP) matches the IP that created the account? Link to comment https://forums.phpfreaks.com/topic/215566-ip-information/ Share on other sites More sharing options...
freelance84 Posted October 10, 2010 Share Posted October 10, 2010 What if the member's ISP hasn't put them on a static IP address (as is usually the case)? Or if someone else is on the computer of the member? Link to comment https://forums.phpfreaks.com/topic/215566-ip-information/#findComment-1120869 Share on other sites More sharing options...
Kryptix Posted October 10, 2010 Author Share Posted October 10, 2010 What if the member's ISP hasn't put them on a static IP address (as is usually the case)? Or if someone else is on the computer of the member? Not really worried about that I was just wondering if someone could manage to spoof another IP through header modification or whatever to trick PHP? Link to comment https://forums.phpfreaks.com/topic/215566-ip-information/#findComment-1120875 Share on other sites More sharing options...
Pikachu2000 Posted October 10, 2010 Share Posted October 10, 2010 To answer your question, yes it's a bad idea. Link to comment https://forums.phpfreaks.com/topic/215566-ip-information/#findComment-1120877 Share on other sites More sharing options...
Alex Posted October 10, 2010 Share Posted October 10, 2010 To answer your question, yes it's a bad idea. +1 Link to comment https://forums.phpfreaks.com/topic/215566-ip-information/#findComment-1120879 Share on other sites More sharing options...
Kryptix Posted October 10, 2010 Author Share Posted October 10, 2010 So it's possible to make http://www.whatismyip.com display any IP you want? Link to comment https://forums.phpfreaks.com/topic/215566-ip-information/#findComment-1120885 Share on other sites More sharing options...
Pikachu2000 Posted October 10, 2010 Share Posted October 10, 2010 Spoofing aside, IP addresses change. That alone makes it a terrible idea to try a system such as you've described. Link to comment https://forums.phpfreaks.com/topic/215566-ip-information/#findComment-1120892 Share on other sites More sharing options...
Kryptix Posted October 11, 2010 Author Share Posted October 11, 2010 Spoofing aside, IP addresses change. That alone makes it a terrible idea to try a system such as you've described. It would be a recovery process, just a part of the overall process but all I'm interested in is whether or not it can be spoofed. Link to comment https://forums.phpfreaks.com/topic/215566-ip-information/#findComment-1121017 Share on other sites More sharing options...
Pawn Posted October 11, 2010 Share Posted October 11, 2010 Not so much of a programming problem as such but if I add the ability to recover accounts via IP address, is it possible to spoof an IP address? Is it a bad idea to automatically allow a user to reset a password if their IP (according to PHP) matches the IP that created the account? Yes. Yes. Link to comment https://forums.phpfreaks.com/topic/215566-ip-information/#findComment-1121018 Share on other sites More sharing options...
DarkMantis Posted October 11, 2010 Share Posted October 11, 2010 To be perfectly honest, you sound like your trying to do this as an attackers point of view. It seems like you know a system which does this and you are trying to trick it. However, to answer your question, yes you can spoof IP's, however, that's not to say you will receive any data back through that IP address as you are not that machine. Spoofing an IP would be just sending out Data from your machine and in the packet headers you would be IP XXX.XXX.XXX.XXX instead of YYY.YYY.YYY.YYY. You cannot receive the data back from the spoofee, as it were, unless you are on their network. Link to comment https://forums.phpfreaks.com/topic/215566-ip-information/#findComment-1121044 Share on other sites More sharing options...
jatrasmara Posted October 11, 2010 Share Posted October 11, 2010 many people use ISP who have dinamic IP Link to comment https://forums.phpfreaks.com/topic/215566-ip-information/#findComment-1121080 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.