woolyg Posted February 13, 2011 Share Posted February 13, 2011 Hey all, I'm building a PHP app that requires that the user's IP is recorded upon registration, and am in the middle of coding the logic that allows or disallows registration. A question for those who know about IP 'spoofing', really. Is it possible, if you obfuscated or hid your IP, to have a PHP script think you have no IP, ie for $_SERVER['REMOTE_ADDR'] to return nothing? The script will require that an IP is returned in the first place - if none is shotwing, the script will die out. All input appreciated, I'd like to know what I'm up against with regards to the possibilty of IP obfuscators/hiders/spoofers... WoolyG Quote Link to comment https://forums.phpfreaks.com/topic/227517-users-who-use-spoof-ip-addresses/ Share on other sites More sharing options...
.josh Posted February 13, 2011 Share Posted February 13, 2011 Yes it is possible to spoof your IP address and no you can't do anything about it. But even legitimate users' IP addresses can change from time to time, even when they are accessing the internet from home. But they could also be accessing it from a public place, in which case you will most certainly come across different users with the same IP address. The reason most sites are worried about spoofed IP addresses is to ensure that the same user isn't doing something twice. Like for instance, viewing content twice (like accessing some media or downloading some asset multiple times, when you only want them to access it once). Requiring the user to register and login greatly reduces this. And since you require the user to register and login, then what is your need to know their IP address? In short, for average users, you should not look at IP addresses at all, because not only is it unreliable, it is pointless. That is not to say that looking at IP addresses is a lost cause. For instance, you can use it as part of a larger algorithm for determine possible spambots. If you look at your database and suddenly see a 100 hits in the span of minutes from the same IP address, then it's more than likely a spambot. But the point of previous paragraphs is, if you look in your db at IP address and reject a registration because even one exists, even if it was entered like a year ago...well that is not a good idea. Quote Link to comment https://forums.phpfreaks.com/topic/227517-users-who-use-spoof-ip-addresses/#findComment-1173788 Share on other sites More sharing options...
woolyg Posted February 13, 2011 Author Share Posted February 13, 2011 The reason most sites are worried about spoofed IP addresses is to ensure that the same user isn't doing something twice. Like for instance, viewing content twice (like accessing some media or downloading some asset multiple times, when you only want them to access it once). That's mostly why I'm looking at this - the site rules are going to dictate that users may not have more than one account. The site will only allow them to carry out a certain action once per page (based on their session ID) and while I'm not going to actively disallow them from doing it, I'll be logging IPs to check if the same action is done on the same page by the same IP, but using different session IDs. This will then be highlighted to admins to 'flag' for a possible duplicate account - also understanding that 2 PCs on the same home or workplace network will be sharing the same IP as seen by the site. Visitors to the site that do not log in will not have the IP recorded. Thanks for your input Crayon, it's made it clearer in my head in any case!! - Wooly Quote Link to comment https://forums.phpfreaks.com/topic/227517-users-who-use-spoof-ip-addresses/#findComment-1173795 Share on other sites More sharing options...
Ninjakreborn Posted February 13, 2011 Share Posted February 13, 2011 Just some additional feedback. I would advise not relying solely on IP addresses either. However, they tend to be a nice addition to your other security protocols. So here is another bit of feedback, one way that a person can hide their IP address is by using a proxy. I did some basic Google Searches and found out, it might be possible to get someones IP even if they are behind a proxy. http://www.teachmejoomla.net/code/php/remote-ip-detection-with-php.html Not sure if this is going to help you make the system a little more secure, but it's something worth looking into. Quote Link to comment https://forums.phpfreaks.com/topic/227517-users-who-use-spoof-ip-addresses/#findComment-1173844 Share on other sites More sharing options...
woolyg Posted February 14, 2011 Author Share Posted February 14, 2011 Cheers businessman332211, I will most definitely do more reading on it. Quote Link to comment https://forums.phpfreaks.com/topic/227517-users-who-use-spoof-ip-addresses/#findComment-1173853 Share on other sites More sharing options...
xylex Posted February 14, 2011 Share Posted February 14, 2011 That script buisnessman pointed you to makes it really, really easy to spoof IP addresses since it looks at *FORWARDED_FOR headers, which are just sent by the client and you can set these really easily using Modify Headers or similar browser plugins. At least using the REMOTE_ADDR makes a person have to work a bit to spoof it even though you might have more duplicates. Quote Link to comment https://forums.phpfreaks.com/topic/227517-users-who-use-spoof-ip-addresses/#findComment-1173870 Share on other sites More sharing options...
Ninjakreborn Posted February 14, 2011 Share Posted February 14, 2011 You could be right. I haven't done a lot with IP's. I generally just grab the remote and use that to do whatever I need. I just ran across that link. Didn't look into it much, but was worth posting. Quote Link to comment https://forums.phpfreaks.com/topic/227517-users-who-use-spoof-ip-addresses/#findComment-1173909 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.