homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

Help with IP Addresses Passed by Apache in Header
Need help to stop server break-in attempts.

5+ Year Member

Msg#: 4537719 posted 4:26 pm on Jan 20, 2013 (gmt 0)


We have a server configured using Apache 2.2.13. We also have some custom database software running on the machine with its own Apache CGI which has a special command in it to determine what IP address a request is coming from.

Yesterday, someone was trying to break into our database using thousands of queries. I noticed the IP address in our logs initially, so I knew what IP address to try to block, but then the IP address from the "hacker" started appearing as just two colons (::) in our logs.

What I'm wondering, are there two different IP addresses Apache is handling for each request? In other words, is there the "real" IP address where data is being sent to and from, then perhaps a second IP address stuck in the header, that perhaps can be spoofed?

Our database programmer who wrote the CGI that connects it to Apache said he just gets the IP address from Apache, but he programmed this years ago, and doesn't remember from where or how.

So, I'm just wondering, if someone is blocking their IP address with :: how do they get data back? Is it like I am guessing, there is the real IP address and a second IP address specified in the header that can be spoofed?

Any clarification would be very helpful. Thank you!

- Jeff Gold



WebmasterWorld Senior Member wilderness us a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

Msg#: 4537719 posted 4:46 pm on Jan 20, 2013 (gmt 0)

the lack of the complete log entry is simply an overload on your database and/or the software (CGI script) that runs it.

Most raw logs (even under normal circumstance) have an occasional hiccup and an odd-date-line appears incomplete.

Global Options:
 top home search open messages active posts  

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved