Problem with routing to website and PHP REMOTE_ADDR variable - Routers

This is a discussion on Problem with routing to website and PHP REMOTE_ADDR variable - Routers ; This may take a while for me to explain thoroughly enough for everyone to understand it, so please bear with me. I am running a website, we'll call it "spockrules.com". I have the entire site programmed in PHP, and it ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Problem with routing to website and PHP REMOTE_ADDR variable

  1. Problem with routing to website and PHP REMOTE_ADDR variable

    This may take a while for me to explain thoroughly enough for everyone
    to understand it, so please bear with me.

    I am running a website, we'll call it "spockrules.com". I have the
    entire site programmed in PHP, and it works pretty well, if I do say
    so myself. Lately, I have been receiving some unwelcome hits, however.
    See, I have my page setup so that people can post comments to it. When
    people post comments, they appear on the page immediately (I moderate
    the comments and take down ones later that I think are inappropriate).
    Lately, some people have been posting some rather... rude... comments
    to my site. The nice thing is, I log every IP address that hits my
    site using the $_SERVER['REMOTE_ADDR'] variable, so I can tell who
    posted the rude comments as well as see everyone's IP who views my
    site.

    Well, I decided to keep these people away, I would filter the two or
    three IP addresses that were causing me trouble using a PHP script. I
    would setup a more advanced firewall only I have no access to root on
    this server (it is hosted by another company). So what I did is put an
    if statement into my code like this:

    if($_SERVER['REMOTE_ADDR']=='999.999.999.999')
    {
    Redirect the user to http://slashdot.org without loading my page
    }
    else
    {
    Load my page
    }

    Where 999.999.999.999 is the attacker's IP. Now I realize this isn't
    even close to a solid solution, but I figured it would make it enough
    of an inconvenience for these people to get around that they would
    leave me alone. Instead, they somehow figured out how to post from a
    new IP address - an IP address that is very very unusual...

    Somehow they are posting from an address, we'll call it 65.X.X.X (not
    its real address, the real IP resolves to somewhere in the largest
    nearby city, Cedar Rapids, IA), and viewing my site from this address.
    Now, I figure, oh well, I'll add that IP to my block list...

    Only problem, when I block that 65.X.X.X address and then *I* try to
    access the site, I get blocked and redirected to slashdot! No, the
    65.X.X.X address is NOT mine, mine starts with 128.X.X.X. When I run a
    traceroute from my IP to my server, I find that there are a few hops
    on my route that are very similar in address to the 65.X.X.X IP -
    likely routers downstream from my ISP, though none of the IP's are
    EXACTLY that 65.X.X.X. My question - why is it when I return the
    "$_SERVER['REMOTE_ADDR']" variable within PHP, my IP shows up
    (128.X.X.X) but when I try to access the site using my "filtering
    method" - just a simple if statement using that EXACT same variable
    and comparing it to 65.X.X.X, the program thinks it has a match? What
    in the world is going on? I thought the $_SERVER['REMOTE_ADDR']
    variable only returned the remote host's end IP, not the addresses of
    routers in-between.

    On top of this, I have attempted to connect to my site from other
    ISP's and other connections around the city - I always get redirected
    to slashdot.org (like I'm coming from the 65.X.X.X address) regardless
    of where I connect from. Thanks for your help and for reading about my
    rather lengthy and complicated problem.

  2. Re: Problem with routing to website and PHP REMOTE_ADDR variable

    I don't know a whole lot about PHP, but I do about debugging. And you
    may have tried these, but I'm gonna offer my 2c worth anyway.

    Print out the values of your $_SERVER['REMOTE_ADDR']. Have your script
    write them to a file only you know about and can pull up on the web.
    Take a look at what it's actually pulling.

    Print out the two values you're trying to compare and see if they do
    match. Again, writing to a file you can pull up may be helpful.

    Make sure you're not blocking a broadcast or multi-cast address.

    Make sure you're blocking a valid external address. (Not the 10.x.x.x,
    172.16.x.x and 192.168.x.x)

    Make sure you're using the redirect command correctly.

    Hope that helps a bit.

    Paul

    KJ wrote:
    > This may take a while for me to explain thoroughly enough for everyone
    > to understand it, so please bear with me.
    >
    > I am running a website, we'll call it "spockrules.com". I have the
    > entire site programmed in PHP, and it works pretty well, if I do say
    > so myself. Lately, I have been receiving some unwelcome hits, however.
    > See, I have my page setup so that people can post comments to it. When
    > people post comments, they appear on the page immediately (I moderate
    > the comments and take down ones later that I think are inappropriate).
    > Lately, some people have been posting some rather... rude... comments
    > to my site. The nice thing is, I log every IP address that hits my
    > site using the $_SERVER['REMOTE_ADDR'] variable, so I can tell who
    > posted the rude comments as well as see everyone's IP who views my
    > site.
    >
    > Well, I decided to keep these people away, I would filter the two or
    > three IP addresses that were causing me trouble using a PHP script. I
    > would setup a more advanced firewall only I have no access to root on
    > this server (it is hosted by another company). So what I did is put an
    > if statement into my code like this:
    >
    > if($_SERVER['REMOTE_ADDR']=='999.999.999.999')
    > {
    > Redirect the user to http://slashdot.org without loading my page
    > }
    > else
    > {
    > Load my page
    > }
    >
    > Where 999.999.999.999 is the attacker's IP. Now I realize this isn't
    > even close to a solid solution, but I figured it would make it enough
    > of an inconvenience for these people to get around that they would
    > leave me alone. Instead, they somehow figured out how to post from a
    > new IP address - an IP address that is very very unusual...
    >
    > Somehow they are posting from an address, we'll call it 65.X.X.X (not
    > its real address, the real IP resolves to somewhere in the largest
    > nearby city, Cedar Rapids, IA), and viewing my site from this address.
    > Now, I figure, oh well, I'll add that IP to my block list...
    >
    > Only problem, when I block that 65.X.X.X address and then *I* try to
    > access the site, I get blocked and redirected to slashdot! No, the
    > 65.X.X.X address is NOT mine, mine starts with 128.X.X.X. When I run a
    > traceroute from my IP to my server, I find that there are a few hops
    > on my route that are very similar in address to the 65.X.X.X IP -
    > likely routers downstream from my ISP, though none of the IP's are
    > EXACTLY that 65.X.X.X. My question - why is it when I return the
    > "$_SERVER['REMOTE_ADDR']" variable within PHP, my IP shows up
    > (128.X.X.X) but when I try to access the site using my "filtering
    > method" - just a simple if statement using that EXACT same variable
    > and comparing it to 65.X.X.X, the program thinks it has a match? What
    > in the world is going on? I thought the $_SERVER['REMOTE_ADDR']
    > variable only returned the remote host's end IP, not the addresses of
    > routers in-between.
    >
    > On top of this, I have attempted to connect to my site from other
    > ISP's and other connections around the city - I always get redirected
    > to slashdot.org (like I'm coming from the 65.X.X.X address) regardless
    > of where I connect from. Thanks for your help and for reading about my
    > rather lengthy and complicated problem.



+ Reply to Thread