How does this hacker keep changing his IP Address (new country)

Forum Moderators: phranque

Message Too Old, No Replies

How does this hacker keep changing his IP Address (new country)

jezzer300

10:37 am on Nov 22, 2005 (gmt 0)

Hi,

I have someone passing the contents of a dictonary and MD5 passwords to various fields on my website. I track the HTTP_X_FORWARDED_FOR and REMOTE_ADDR although only the REMOTE_ADDR has any contents.

I assume this means you can change the REMOTE_ADDR in the Header when accessing web pages? And I don't mean just a different IP address due to dial-up IPs giving a new ISP, it changes country too.

Previously I had though the IP address to be the only reliable details?

DaveN

11:12 am on Nov 22, 2005 (gmt 0)

look into open proxies

DaveN

jezzer300

2:21 pm on Nov 22, 2005 (gmt 0)

Thanks.... I just have.

So, I suppose if I ban each "open IP" that I'm getting from known attacks I'll deal with this hacker. I guess they only have so many IP address which they're rotating around.

I also assume the possability of banning an address of a real user is very remote.

This was an interesting read about link spammers etc:
www dot theregister dot co dot uk
/2005/01/31/link_spamer_interview/

DaveN

2:49 pm on Nov 22, 2005 (gmt 0)

Lol Sam is a good friend of mine .. Hahaha

Proxies .. I have around 20,000 on my list .. have fun

DaveN

Raymond

3:10 pm on Nov 22, 2005 (gmt 0)

Hi, is there a quick way to determine if a IP is a proxy?

jezzer300

3:13 pm on Nov 22, 2005 (gmt 0)

I found some code that did do this, but it was very slow.

DaveN

3:16 pm on Nov 22, 2005 (gmt 0)

the problem is that a lot of proxies are very slow!

DaveN

Animated

1:29 am on Nov 23, 2005 (gmt 0)

you can find out if an ip is a proxy by scanning the ports, or a proxy scanner because thay all have a few specific ports open like 1080,8080 etc..