homepage Welcome to WebmasterWorld Guest from 54.167.41.199
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
Help with IP Addresses Passed by Apache in Header
Need help to stop server break-in attempts.
rescueme




msg:4537721
 4:26 pm on Jan 20, 2013 (gmt 0)

Hello,

We have a server configured using Apache 2.2.13. We also have some custom database software running on the machine with its own Apache CGI which has a special command in it to determine what IP address a request is coming from.

Yesterday, someone was trying to break into our database using thousands of queries. I noticed the IP address in our logs initially, so I knew what IP address to try to block, but then the IP address from the "hacker" started appearing as just two colons (::) in our logs.

What I'm wondering, are there two different IP addresses Apache is handling for each request? In other words, is there the "real" IP address where data is being sent to and from, then perhaps a second IP address stuck in the header, that perhaps can be spoofed?

Our database programmer who wrote the CGI that connects it to Apache said he just gets the IP address from Apache, but he programmed this years ago, and doesn't remember from where or how.

So, I'm just wondering, if someone is blocking their IP address with :: how do they get data back? Is it like I am guessing, there is the real IP address and a second IP address specified in the header that can be spoofed?

Any clarification would be very helpful. Thank you!

- Jeff Gold

 

wilderness




msg:4537725
 4:46 pm on Jan 20, 2013 (gmt 0)

the lack of the complete log entry is simply an overload on your database and/or the software (CGI script) that runs it.

Most raw logs (even under normal circumstance) have an occasional hiccup and an odd-date-line appears incomplete.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved