How do you detect if the IP address for data received via a web form has come from a spoofed IP address?
If detection is possible in PHP, is there a library that will also attempt to find the real IP address?
Äh - you can not. There can not be a spoofed IP address.
See, HTTP (which is the b asis for web forms) runs on top of TCP.
If I spoofe my IP address in the TCP process, I will never manage to establish the TCP connection. WIthout an established TCP connection, I can not send any data to your server.
THe connection on your side keeps stuck in a half open state - which, btw., was one of the attack vectors some time ago for a denial of service attack (overloading servers with half open connections so real ones do not get established):
Ergo: In order to complete the form data submission, I need to open the TCP channel, for which my IP packets need to provide the real IP address.
Where did you get the idea that your submissions come from spoofed IP addresses?
Related
I am making a game using a networking library in C++ that only supports IPv4, and there's a web server layer in order to resolve information about the game server. I would like to verify that the same IP address that is trying to log in to the game server went through the web server first at least X seconds before. I have a solution already which allows me to determine the timing of such a request, but I'm interested in getting the IPv4 address specifically. For technical reasons I cannot use IPv6 in my game.
(I have tried $_SERVER['REMOTE_ADDR'], but some players are having trouble logging in because they have an IPv6 address which doesn't match with the IPv4 address the game server knows)
I want to get the Client Ip with PHP.I allready known that i can get the Ip with $_SERVER['REMOTE_ADDR'];. But when i post this value in an Database or remember this IP, next day the client adresse is something else and not the same which yesterday.
I allready tried to work with $_SERVER['REMOTE_ADDR']; but the Ip change every day
Yes, IPs change. That’s the nature of most residential internet connections. Only a comparatively small number of connections have static IPs. IP addresses are an implementation detail of a data routing mechanism, they’re not permanent or unique identifiers.
The person controlling the HTTP client would need to run it through an Internet connection with a static IP address. To get one they would need to either use an Internet Service Provider that provides static IP addresses by default or one which provides them as an optional extra (and then take that option).
Then they would have to ensure they didn't use a different Internet connection to make a request in the future (e.g. by using their laptop in a coffee shop instead of at home, or connecting from their phone while connected via cellular broadband).
They could also use a proxy server that was connected using a static ip. The requests would be relayed via the proxy and that its IP address would be used to connect to the server running the PHP.
I have a PHP application in front of me that reads the IP address of the user from $_SERVER['REMOTE_ADDR'].
I don't seem to quite understand how it gets populated. I assume that it is basically reading the client IP address from the request headers. Is that correct?
Note:
I am not asking about whether it is providing the client IP address or not. The documentation already states that fact. I am more interested in the knowing about the "how". Is it retrieving the IP address implicitly from the request headers?
Not a network expert in any way, but as it's an HTTP request, it gets delivered over a TCP connection. The webserver populates $_SERVER['REMOTE_ADDR'] from a TCP socket that is used to communicate with the browser.
I have started to capture the packets sent from my PC and i am wondering how it happens that they are always going to right address.
For example i am sending message to Specific IP and Specific Port, how come nobody is faking his IP address and Port to be for example Google.com and send different response than google does.
I have read that Ddos attacks are most likely hiding their real IPs with different one, i am thinking about way of receiving packets that are sent.
Isn't there any way to listen for packets, sent to specific IP and Port?
How to change ip address such that it does not reveal our original address when using $_SERVER['REMOTE_ADDR']; in php
You need to use a proxy server if you're trying to access a website from a different IP than your own. Wikipedia has more information.
There are several options I have in mind for this. I will go from the simpler to the more complicated one.
First, you could use a proxy server and ask him through an HTTP request made by your program or your browser, to fetch a resource for you. The proxy server will take the role of querying a resource in your place to the target service.
Example :
You want to retrieve the main page of the domain stackoverflow.com. You ask the proxy server to ask stackoverflow's HTTP server to send him the main page and he will forward it back to you.
To SO webserver, the superglobal $_SERVER['REMOTE_ADDR'] variable will correspond to the proxy server's IP address and not yours. However, the HTTP protocol implements some fields such as HTTP_VIA, HTTP_X_FORWARDED_FOR, or HTTP_FORWARDED which can be used to know if the current HTTP request is made by a proxy or not.
A transparent proxy will not specify those fields and will not modify your request whereas a non-transparent proxy may reveal the original IP address of the original requester. You got to use a reliable proxy which will act as you intends it to act. Another thing to consider is the use of an SSL tunnel between you and the proxy to avoid eavesdropping.
The second solution is to use a VPN (Virtual private network) server. It would be too complicated to fully explains how this works, but remember this, when you are connected to a computer using a VPN service (like l2tpd, pptpd ...) it's like you were on the same LAN with this computer. So you can transparently make requests to a webserver and he will never find out what's your real IP address.
A third solution could be to use linked nodes based network such as TOR. It's a free network you can connect to, and you will be completely anonymous to regular people. The TOR network power is to provide a network of many nodes and each nodes doesn't know anything about other nodes, so even people connected to the TOR network cannot know anything about you. I suggest you to read more about this if you're interested.
There are more complicated other solutions such as TCP session hijacking which is generally used to fake IP addresses and literally steal another computer's TCP connection, but this is out of the scope of this answer.