-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Andreas Kasenides wrote: | hi everybody, | Is there a way to protect images from defacement | ie upload of a bogus image with the same name as | a valid image?
Protect the image page.
| On a relevant issue how is it possible for an attacker to forge its | true ip address? Can that be prevented.
"True" IP address is a tricky thing to determine. Right now my computer's IP address is 10.0.0.87, but this is a private network address on my home network. Packets coming from my computer to the outside internet go through a router which has some other IP address, and that's what you would see when I make an edit to a wiki on the Internet.
Similarly, the request could be sent through an intermediary proxy server, in which case the wiki would see the proxy's internet IP address instead of my router's internet-side address. The proxy _might or might not_ report my router's address as having been the original source. It might even report some randomly invented address.
Proxy servers are typically used to aggregate requests from many client machines at a company or ISP, to reduce bandwidth use by caching or to increase security by reducing the number of outside points required to be open to the internet (or both). There are also proxy servers out there specifically for the purpose of letting anyone use them to hide the source of their web requests (as well as many misconfigured proxies which allow this to happen without the intention of their owners).
See past threads on open proxy blocking and related issues.
- -- brion vibber (brion @ pobox.com)