The Burton Tech Journal

Security

Fix for Incorrect IP Addresses in WordPress Comments

by on Nov.30, 2008, under PHP, Security, Spam, Wordpress

Due to a web server’s proxy or the server is clustered (particularly with “cloud” based hosting), the server variable WordPress uses does not reflect the IP address of the posting user. Instead the IP address is the internal private LAN address of the web server’s network. This causes problems when trying to blacklist spammers or use a plugin like Akismet.

To workaround this IP address issue, you will need to modify the $_SERVER["REMOTE_ADDR"] variable by editing the “wp-config.php” in your WordPress root directory:

  1. Download and backup your wp-config.php configuration file.
  2. Open your WordPress configuration file and add the following code after the named constant definitions: 
/* By Grant Burton @ BURTONTECH.COM (11-30-2008): IP-Proxy-Cluster Fix */
function checkIP($ip) {
   if (!empty($ip) && ip2long($ip)!=-1 && ip2long($ip)!=false) {
       $private_ips = array (
       array('0.0.0.0','2.255.255.255'),
       array('10.0.0.0','10.255.255.255'),
       array('127.0.0.0','127.255.255.255'),
       array('169.254.0.0','169.254.255.255'),
       array('172.16.0.0','172.31.255.255'),
       array('192.0.2.0','192.0.2.255'),
       array('192.168.0.0','192.168.255.255'),
       array('255.255.255.0','255.255.255.255')
       );

       foreach ($private_ips as $r) {
           $min = ip2long($r[0]);
           $max = ip2long($r[1]);
           if ((ip2long($ip) >= $min) && (ip2long($ip) <= $max)) return false;
       }
       return true;
   } else { 
       return false;
   }
}

function determineIP() {
   if (checkIP($_SERVER["HTTP_CLIENT_IP"])) {
       return $_SERVER["HTTP_CLIENT_IP"];
   }
   foreach (explode(",",$_SERVER["HTTP_X_FORWARDED_FOR"]) as $ip) {
       if (checkIP(trim($ip))) {
           return $ip;
       }
   }
   if (checkIP($_SERVER["HTTP_X_FORWARDED"])) {
       return $_SERVER["HTTP_X_FORWARDED"];
   } elseif (checkIP($_SERVER["HTTP_X_CLUSTER_CLIENT_IP"])) {
       return $_SERVER["HTTP_X_CLUSTER_CLIENT_IP"];
   } elseif (checkIP($_SERVER["HTTP_FORWARDED_FOR"])) {
       return $_SERVER["HTTP_FORWARDED_FOR"];
   } elseif (checkIP($_SERVER["HTTP_FORWARDED"])) {
       return $_SERVER["HTTP_FORWARDED"];
   } else {
       return $_SERVER["REMOTE_ADDR"];
   }
}
//Override server variable for WordPress comments
$_SERVER["REMOTE_ADDR"] = determineIP();

Caution should be used since many of these variables can be spoofed by a client, so don’t use them for authentication or access control. The functions could be easily adapted for other web applications though.

1 Comment :, , , , , , , , , , , , , , , more...

Non-Routable (Private) IP Addresses

by on Nov.29, 2008, under Networking, Security

RFC 1597 provides for a group of Internet Networks that will never be assigned. The private addresses will also not be routable through the Internet, preventing communication with networks on other subnets. The implementation of the Private IP address scope makes it the proper choice for use on company Intranets and for home/SOHO networks. These IP addresses have been specifically selected to use when it isn’t necessary or desired for computers on the Internet to connect to IPv4 based deviced on your network.

With use of a proxy server, firewall, or router, users and devices with non-routable IP addresses are allowed to access the Internet through a single IP address provided by their service provider. The devices achieve this through the process of Network Address Translation (NAT), allowing the nonroutable addresses to communicate with Internet-based, routable, Public IP addresses.

Reserved IP addresses for Private Networks are the following:

10.0.0.0 – 10.255.255.255
172.16.0.0 – 172.31.255.255
192.168.0.0 – 192.168.255.255

A complete and current list of all IP Address Allocations can be found at the Internet Assigned Numbers Authority’s (IANA) website: http://www.iana.org/numbers/

Leave a Comment :, , , , , , , , , , , more...

View Mail Headers in Outlook 2007

by on Nov.25, 2008, under Email, Microsoft Office, Microsoft Outlook 2007, Spam

Extracting an email header can be useful in tracking email issues, locating spammers, and reporting spam.

To view your header, do the following:

  1. Locate the message in your inbox and right-click on it.
  2. Select Message Options from the menu
  3. Copy the text in the Internet Headers window.  This will not include the email message, just the header.
  4. Paste the information into an email or document for analysis.  If you wish to paste the information into an email, you will need to close the options dialogue first.
Leave a Comment :, , , , , , , , more...

Reporting Spam

by on Nov.23, 2008, under Email, Spam

We would like to begin by stating that you should NEVER reply to a spam message, attempt to use the “unsubscribe” link in an unsolicited email message, or click on any links in the email.  You should also not download any images or files embedded in the email message.  By downloading the content or clicking on any links, spammers may detect that your email address is active and either send additional messages or sell your address to other spammers.

By reporting spam, you are taking an active effort to shut down the businesses behind the spam and remove a problem the impacts everyone.  If you receive spam that you would like to report, you have a few options:

  1. Look at the email message’s header to locate the true source of the spam and email the spammer’s ISP’s “abuse” address directly.  Generally we do not recommend doing this since the service providers supporting spam operations will either ignore the complaint or they may actually supply your address to the spammers themselves.  You can use the Network Abuse Clearing House to look up abuse contact addresses.
  2. Use a third party to submit spam complaints and supply the spammer’s information to spam feeds and realtime block list services.  We often use and recommend signing up for a free account at SpamCop, since they allow you to report violators.
  3. Report the spam to the Federal Trade Commission (FTC) for inclusion into their spam database. The FTC and its law enforcement partners use the database to pursue cases against spam operations.

If you have been a victim of a computer or Internet related crime, such as fraud or indentity/financial theft, you can find help at the following places:

  1. Contact your local police department and ask for assistance with a cyber crime.
  2. File a complaint with the Internet Crime Complaint Center
  3. Contact any of the financial institutions or service providers involved in the incident
  4. Review the information and resources provided by the United States Secret Service’s Financial Crimes Division.

If you are careful and use the right software/services, you can avoid many of the problems surrounding spam, phishing scams, viruses, and spyware.

1 Comment :, , , , , , , , , , , , , , , , , , , , , , , , , more...

View Mail Headers in Outlook 97, Outlook 98, Outlook 2000, Outlook 2003

by on Nov.23, 2008, under Email, Microsoft Office, Microsoft Outlook 2003, Spam

Extracting an email header can be useful in tracking email issues, locating spammers, and reporting spam.  To find your email header, in Outlook versions 97 to 2003, you can use the following steps.  Please note, Microsoft Outlook 97 may require the Internet Mail Enhancement Patch to view any mail headers.

To view your header, do the following:

  1. Start Outlook
  2. Open the email message in a separate window by double clicking on the email in your Inbox
  3. In the new email window, click on the View menu and select Options
  4. Copy the text in the Internet Headers window.  This will not include the email message, just the header.
  5. Paste the information into an email or document for analysis.  If you wish to paste the information into an email, you may need to close the options dialogue first.
Leave a Comment :, , , , , , , , , , , more...

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Blogroll

A few highly recommended websites...