On 27/05/12 12:24, Helmut Hullen wrote:
Hallo,
is it possible that a bad guy fakes his IP address when he creates a page?
My wiki (arktur.de/Wiki) suffers from Wiki spam, and sometimes I see IP addresses from spammers which don't occur in the apache access_log.
Viele Gruesse! Helmut
Kind of. If the spammer uses a proxy, and the proxy provides a X-Forwarded-For header, with the IP of the client on behalf of which it is forwarding the request (or more, if there were several proxy hops), MediaWiki will use that IP instead, provided it trusts the proxy. Your apache access_log will report the proxy in such case.
This is most interesting for the case where you have a reverse proxy (such as squid or varnish) in front of your site.
A proxy is considered trusted if its ip appears on $wgSquidServers or $wgSquidServersNoPurge.