NYCPHP Meetup

[nycphp-talk] best practice for detecting ip

Larry Ludwig larrylud at gmail.com
Thu Mar 27 00:34:56 EDT 2008


 

Hey everyone,

Does someone know the best practice for detecting ip addresses with 
php/apache for use in reporting/metrics?

I'm re-evaluating our code for detecting ips and I see it's built 
towards getting a unique browser ip without regard for how easily it 
can be spoofed.  For example, we're using X-FORWARDED-FOR which I know 
can be very easily spoofed by proxy servers so it should only be done 
with trusted proxies like AOL.  Does anyone know where to find a good 
list of ips of trusted proxies (as well as maybe a list of known 
anonymous proxy servers)?

Also, is there any reason to use HTTP_CLIENT_IP?  The current code we 
have looks to use that first if it's available.  But I'm not exactly 
sure the difference between that header and REMOTE_ADDR.

Thanks a lot,
Rob

Hi Rob,

Yes I assuming you are partly asking this based upon the amount of form spam
and the amount of people using anonymous proxing.

Some RBLs that might be of help
 
Some of the public ones out there (not complete)
http://www.dronebl.org/
http://www.stopforumspam.com/  (which we have converted into a local RBL)
http://rbl.efnetrbl.org/
 
As of previous RBLs were designed to be for only SMTP but as the botnets
progress to web based attacks/spam they are being reused for other proposes.
 
Here is the obligatory PHP code to test RBLs and if a proxy service
 
http://www.jhurliman.org/index.php/2005/open-proxy-rbl-lookups-in-php/
http://w-shadow.com/blog/2007/11/23/detect-users-accessing-your-site-via-a-p
roxy/

There also exists apache plugins to block/redirect to other web pages if on
a specified RBLs
 
Offline I can discuss other things we are developing to help protect our
network by using RBLs
 
RBLs aren't just for SMTP anymore.

-L

--
Larry Ludwig
Empowering Media
1-866-792-0489 x600
Managed and Unmanaged Xen VPSes
http://www.hostcube.com/


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nyphp.org/pipermail/talk/attachments/20080327/6f256cee/attachment.html>


More information about the talk mailing list