[Mediawiki-l] faking IP address?

Platonides Platonides at gmail.com
Mon May 28 16:21:15 UTC 2012


On 27/05/12 12:24, Helmut Hullen wrote:
> Hallo,
> 
> is it possible that a bad guy fakes his IP address when he creates a  
> page?
> 
> My wiki (arktur.de/Wiki) suffers from Wiki spam, and sometimes I see IP  
> addresses from spammers which don't occur in the apache access_log.
> 
> Viele Gruesse!
> Helmut

Kind of. If the spammer uses a proxy, and the proxy provides a
X-Forwarded-For header, with the IP of the client on behalf of which it
is forwarding the request (or more, if there were several proxy hops),
MediaWiki will use that IP instead, provided it trusts the proxy.
Your apache access_log will report the proxy in such case.

This is most interesting for the case where you have a reverse proxy
(such as squid or varnish) in front of your site.

A proxy is considered trusted if its ip appears on $wgSquidServers or
$wgSquidServersNoPurge.




More information about the MediaWiki-l mailing list