Okay, I need some help.
I've got forums, InvisionPowerBoard v1.1 RC2. Twice today, I've had a guest surfing the site w/ 127.0.0.1 as their IP addy. I'm completely at a loss as to what the hell is going on...does anyone have any ideas?
Printable View
Okay, I need some help.
I've got forums, InvisionPowerBoard v1.1 RC2. Twice today, I've had a guest surfing the site w/ 127.0.0.1 as their IP addy. I'm completely at a loss as to what the hell is going on...does anyone have any ideas?
Ok so I don't understand if this is a joke (127 blah blah blah is your own addy) or if somebody is actually somehow forging that IP address just to screw with you.... Elaborate?
Maybe he's using some form of proxy that makes the Ip appear as 127.0.0.1 ?
Deb, do you physically host the Forum or is it hosted somewhere else? I know I can open a browser on my site (via SSH) and visit any site there. If I did that, it's likely it'd show up as 127.0.0.1 since the browser initiates from the server the site is hosted on (that'd be my guess anyways).. Maybe the admin, if you don't host it, is just checking things out?
MsMittens, it's possible that's what it is, because no, I don't personally host the site. However, we've had the site there for about 16 months and it's never happened before, and it's happened twice today, so I'm nervous. It's a completely non-tech forum, most of the people there have to have help with their avatars, so it's not likely that it's any of them playing a joke or spoofing their IP. And we're debating in IRC whether or not that's even possible right now.
So why not send an email to your admin and ask them about it? They may be able to help with some logs. Also, do you have logs that indicate who visited when? On my service I can see who visits my site, how often and what pages (assuming I have pages up... :D).
Ok here are 2 Examples there self explanitary.
Anyhow you'll need winrar to unzip it.
cheers
Lfrog
MsMittens, we're going to contact them today. The only complaint I have about Invision is that when you contact them with a problem, you can expect to be treated like a pain in the ass retard. :rolleyes:
Leapfrog, thanks for the effort, but you're wrong. I have both of those boxes checked yes, and when I am on the forum, I see my IP addy, correctly. I.E. my addy is 209.*.*.* and that's what I see. Same for a guest...even if it's not a member of the site at all, I see a valid IP address for them. When we first started the forum (waaaay back when :D ) we had them set to no, and we didn't see any IP addresses, and a couple of times, it caused some pretty crappy problems, so we set it to yes, and we see every IP address that every person on the forum has, guest or not.
Does that sound right to anyone? I'm having a hard time swallowing that story, but I could be quite mistaken too. Any input is appreciated. :)Quote:
we do NOT roam your board to see if you have anything illegal on your site. Sounds like someone who frequents your board has some sort of port scanner virus/trojan running from their computer without (?) them knowing - it's hard to say without actually seeing the problem... but it's not us and it's not IPB.
Well that, IMHO, won't be the cause Deb. I think what your looking at is simple IP spoofing or some sort of 'privacy' software running on a persons computer to mask the real IP address.Quote:
has some sort of port scanner virus/trojan running from their computer without (?) them knowing
Cheers:
Thanks DJM :) That's the same conclusion I came to, we were discussing it on IRC and the unanimous vote was that that email was a load of poo.
The thing is, it's never a member with that addy, it's always a guest. I suppose they could be looking over the site and have some kind of privacy software running, but it strikes me as very odd, because as a guest, the only thing you can see is the welcome page, there are no threads to read or anything else, so it seems strange to me that they would be looking at the welcome msg as often as they are. We're up to at least 5 times in the last 24 hours now.
More than anything else, I don't understand why this is happening, therefore don't know whether I should be concerned about it or not. :confused:
If they are just 'lurking', I wouldn't pay it much attention. It's when you start getting attacked by some clown spoofing localhost is when the fun really starts. :pQuote:
Originally posted here by debwalin
Thanks DJM :) That's the same conclusion I came to, we were discussing it on IRC and the unanimous vote was that that email was a load of poo.
The thing is, it's never a member with that addy, it's always a guest. I suppose they could be looking over the site and have some kind of privacy software running, but it strikes me as very odd, because as a guest, the only thing you can see is the welcome page, there are no threads to read or anything else, so it seems strange to me that they would be looking at the welcome msg as often as they are. We're up to at least 5 times in the last 24 hours now.
More than anything else, I don't understand why this is happening, therefore don't know whether I should be concerned about it or not. :confused:
Cheers:
Lol...but I want to stop it before we start getting attacked by some clown spoofing localhost :p
I can understand that Deb, but how much control do you have? You said the fourm is hosted, isn't it the responsibility of the host company to protect it's servers?Quote:
Originally posted here by debwalin
Lol...but I want to stop it before we start getting attacked by some clown spoofing localhost :p
Cheers:
http://www.inetprivacy.com/a4proxy/
"Advanced features allow you to actively hide yourself while surfing: A4Proxy can generate a fake IP address for each request, selectively modify HTTP variables, block cookies, and more."
It all could be something like this... I am going to try to find a copy and see if it fools my BB.
Hey, thanks CGX :D That would be great. Let me know what happens, would you? I know that I have used Proxomitron before for awhile, and it didn't fool my forums, so if you found something that did, it would be interesting at the least.
I have set my proxy to my webserver before and then browsed like that. It acturally works, but it only lets you surf what is on your own server. And it only needs to be running a web server, no proxy. But it doesn't change the IP to 127.0.0.1 on my server. It still detects me as my normal IP address. Maybe you should try setting your website as your proxy anyways, browse a bit, log in and check the IP. Something might happen different on your server.
I don't really see how it would be 127.0.0.1, though. Even on my server when I browse, my server's IP shows up instead of a loopback IP. All I can say is that it is very strange. Good luck finding the cause, but I don't think A4Proxy is behind it... I think that their Fake IP address is acturally just selecting a random proxy for each connection, but I've never used it so I don't know 100% for sure...
I think you're right Tim. It hasn't happened in the last 12 hours or so that I know of, but then no one has really been on the forum in the last 12 hours either, at least none of the admin, so I'm not certain. I'm hoping it was just a glitch somewhere and something odd happened a few times and it won't happen again. The power of positive thinking, right? :D
Its supposed to modify the Http request to make it look like you are coming from another IP address... but anyway, I tryed a couple of tools that claim to hide the IP address or spoof it and none of them tricked my BB. This is a weird situation. I dont know what they could of done.Quote:
I don't really see how it would be 127.0.0.1, though. Even on my server when I browse, my server's IP shows up instead of a loopback IP. All I can say is that it is very strange. Good luck finding the cause, but I don't think A4Proxy is behind it... I think that their Fake IP address is acturally just selecting a random proxy for each connection, but I've never used it so I don't know 100% for sure...
correct me if i'm wrong but isn't 127.0.0.1 the IP of your router?
BWAHAHAHAHA.. that's the funniest thing I've seen.. please tell me you're kidding...Quote:
correct me if i'm wrong but isn't 127.0.0.1 the IP of your router?
127.0.0.1 is the localhost identifier.
that ip means local host so its reffering to you