That extension only fools misconfigured webservers, You dont blindly accept
X-Forwarded-For, VIA, or Client-IP as the 'real' IP
On Fri, Oct 24, 2014 at 4:34 PM, Arcane 21 <arcane(a)live.com> wrote:
Spammers might be using something similar to the
IPfuck Firefox/Chrome
extension, which fakes an IP address instead of allowing the real IP to be
recorded, not sure how we can defend against that sort of thing at present.
Date: Fri, 24 Oct 2014 16:25:42 -0400
From: phoenixoverride(a)gmail.com
To: alj62888(a)yahoo.com; mediawiki-l(a)lists.wikimedia.org
Subject: Re: [MediaWiki-l] Off topic: Wiki spammer is using spoofed IP
addresses???
The IP address belongs to CANTV Servicios which I have seen a LOT of spam
from recently
On Fri, Oct 24, 2014 at 3:25 PM, Al <alj62888(a)yahoo.com> wrote:
> I am surprised to see that a spammer is spoofing his IP address. I got
> some spam from 200.90.74.226 - "226" is out of range for IPs and so
isn't
> even a valid IP address. I confirmed that
the number is not a wiki
> username and the apache log shows the same IP. It appears maybe the
> spammer's script has a bug and not range-checking the generated numbers
> which made it obvious that the IP is spoofed; otherwise I would have
never
> noticed.
>
> I thought IP spoofing was a fairly sophisticated tactic and didn't
expect
> to see a common wiki spammer using it, or am
I wrong? I'm also
surprised
> apache even allowed the connection, much
less the Amazon AWS
firewall. Am
I missing
something?
Al
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
_______________________________________________
MediaWiki-l mailing list
To unsubscribe, go to:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l