Jump to content

Visitor IP

dalawh

By dalawh,
in PHP

 Share

Recommended Posts

dalawh Member

dalawh

Posted
Posted

I did a few searches and I found that though $_SERVER['REMOTE_ADDR'] gets you the IP of a visistor, it is not always accurate because they could be hiding behind a proxy. I read that it was good to check $_SERVER['REMOTE_ADDR'] and $_SERVER['HTTP_X_FORWARDED_FOR'] to see if they contained value and if they did, it meant that they were behind a proxy, so it was better to use $_SERVER['REMOTE_ADDR'] and $_SERVER['HTTP_X_FORWARDED_FOR'] instead of $_SERVER['REMOTE_ADDR']. Now my question is whether $_SERVER['REMOTE_ADDR'] and $_SERVER['HTTP_X_FORWARDED_FOR'] where the same or not. If not, what is the difference between them? I also read that $_SERVER['REMOTE_ADDR'] and $_SERVER['HTTP_X_FORWARDED_FOR'] were not always accurate because of the fact that the header could be spoofed. I tested this and it seems that the few proxies I used, the $_SERVER['REMOTE_ADDR'] and $_SERVER['HTTP_X_FORWARDED_FOR'] were not able to detect that it was behind a proxy. My question now is if there was a more accurate way to track an IP as opposed to this? I also want to know if there was any way to track the original IP of someone using a VPN or VPS?

Link to comment
Share on other sites
birbal Devoted Member

birbal

Posted
Posted (edited)

$_SERVER['REMOTE_ADDR'] can't be spoofed actualy because that is the ip address through which server and client send data back and forth. when someone use proxy , that remote server act as client and request page from the target server. which means they talk to via proxy server ip address and target remote address. so 'REMOTE_ADDR' become the address of proxy server. $_SERVER['HTTP_X_FORWARDED'] is non standard header. it is what the proxy server set when it request target server. but it is up to the proxy server what will be the value of it or even it will be there or not. there is many more headers used there to determin e proxies but it would vary from server to server. this headers can be spoofed. You can check those all proxy headers exist or not but i doubt all proxies could be caught via that. There is not any reliable way of doing that.

Edited by birbal
Link to comment
Share on other sites
dalawh Member

dalawh

Posted
  • Author
Posted
$_SERVER['REMOTE_ADDR'] can't be spoofed actualy because that is the ip address through which server and client send data back and forth. when someone use proxy , that remote server act as client and request page from the target server. which means they talk to via proxy server ip address and target remote address. so 'REMOTE_ADDR' become the address of proxy server. $_SERVER['HTTP_X_FORWARDED'] is non standard header. it is what the proxy server set when it request target server. but it is up to the proxy server what will be the value of it or even it will be there or not. there is many more headers used there to determin e proxies but it would vary from server to server. this headers can be spoofed. You can check those all proxy headers exist or not but i doubt all proxies could be caught via that. There is not any reliable way of doing that.
Not to be rude or anything, but you didn't even answer one of my question.
Link to comment
Share on other sites
getty Newbie

getty

Posted
Posted

Unfortunately the means of hiding the IP is the exact purpose of a Website Proxy. HTTP_X_FORWARDED... is the original IP of the user and if it is set (isset) REMOTE_ADDR would be the proxy's address. Bare in mind that multiple layers can be used as a proxy hiding the original IP behind the supposed 'HTTP_X_FORWARDED' IP. There is no way around this and even Google is having this sort of problem. There is however a way of identifying the ISP of the client although it does come at a cost. There are database containing IP addresses and ISP details that you can subscribe for a monthly instalment of payments. The only website I know who does this sort of service for FREE (giving out ISP details) is whatsmyip.com.

Link to comment
Share on other sites
birbal Devoted Member

birbal

Posted
Posted (edited)

I think i already did.

My question now is if there was a more accurate way to track an IP as opposed to this?
You can check those all proxy headers exist or not but i doubt all proxies could be caught via that. There is not any reliable way of doing that.
I also want to know if there was any way to track the original IP of someone using a VPN or VPS?
VPN will work same as proxy server between client and target server. so it is same as above. Edited by birbal
Link to comment
Share on other sites
boen_robot w3schools Guru

boen_robot

Posted
Posted

Birbal did answer your question... let me sum it up for you...

My question now is if there was a more accurate way to track an IP as opposed to this?
No.
I also want to know if there was any way to track the original IP of someone using a VPN or VPS?
No.
Link to comment
Share on other sites
birbal Devoted Member

birbal

Posted
Posted
HTTP_X_FORWARDED... is the original IP of the user and if it is set (isset) REMOTE_ADDR would be the proxy's address.
HTTP_X_FORWARDED would be the original ip, but it is not obvious. as proxy server can override it and use it any aribitary ip (spoofed). There was a previous issue with that in former version of BBforum where they checked the HTTP_X_FORWARDED and user was exploited it.
Link to comment
Share on other sites
boen_robot w3schools Guru

boen_robot

Posted
Posted
Now my question is whether $_SERVER['REMOTE_ADDR'] and $_SERVER['HTTP_X_FORWARDED_FOR'] where the same or not.
No. They are not the same.
$_SERVER['REMOTE_ADDR'] ... that is the ip address through which server and client send data back and forth.
... And a proxy is a client.
$_SERVER['HTTP_X_FORWARDED'] is non standard header. it is what the proxy server set when it request target server.
... And ANY header (standard or non standard) can be spoofed or not present at all. It's up to the client (and... say it with me... "a proxy is a client") to decide if and what it should send.If all that sounds like a mouthful, here's another way to sum it up:- $_SERVER['REMOTE_ADDR'] - Always present. Always the IP that contacted your server.- $_SERVER['HTTP_X_FORWARDED'] - May or may not be present. Sometimes it is the IP of an end user.
Link to comment
Share on other sites
Guest So Called

Guest So Called

Posted
Posted

I've been using $_SERVER['REMOTE_ADDR'] to get the IP address, just for my logging and traffic analysis. I like to look up the originating country, and on occasion I even look up US visitors to my hobby site, just because I'm curious where people came from, and who "my people" are. :) It never occurred to me to look at the X-Forwarded-For header but for the last few years I've been logging all the headers, just for data mining if I ever wonder about oddities in my log. I can always delete the column from my MySQL log table... So I looked at my log and from about 55,000 site visits there's almost 600 using this header, about 1 percent. Many of the log entries can be associated with mobile guests (cellphone Internet accesses). The biggest shock for me was about a dozen of them with my own IP address! One of these originated from Yahoo's search engine, the rest were from Google. As near as I can tell they are related to Google (or Yahoo) visiting my site after I had used their search engine to look at my page ranking for various searches. I know this sounds a bit far fetched but there isn't any other way I can think of for my IP address to show up in somebody else's X-Forwarded-For header, particularly a Yahoo or Google 'bot. I'm giving some thought to adding more code to examine these visits more. I'm thinking of using the X-Forwarded-For instead of the remote address for my logging, and then adding the originating IP address to my comment section: 

$ip_address = empty($_SERVER['HTTP_X_FORWARDED']) ? $_SERVER['REMOTE_ADDR'] : $_SERVER['HTTP_X_FORWARDED'];

I agree with the rest of the replies. Remote address can't be faked because there's no way for the sender to get a reply if they don't give their address. Anything else can be faked. However it would be a mistake to think that the site visitor has mischief in mind just because they have the X-Forwarded-For header. I've learned a lot of very strange things looking at my logs... :)

Link to comment
Share on other sites
birbal Devoted Member

birbal

Posted
Posted
I can think of for my IP address to show up in somebody else's X-Forwarded-For header, particularly a Yahoo or Google 'bot
thats bots knows your domain address. they are resolving it to get your IP and after that they are buidling HTTP_X_FORWARDED_ header with that ip and then requesting your page..
$ip_address = empty($_SERVER['HTTP_X_FORWARDED']) ? $_SERVER['REMOTE_ADDR'] : $_SERVER['HTTP_X_FORWARDED'];
what if someone set spoofed HTTP_X_FORWARDED ? it will assume it as its ip address. you can check for those proxy headers to mark the ips as proxy but considering those address as ip address is not good idea. Where you would get at least the address of ip of the proxy server, you will get now an arbitrary ip. With that code people can fake their ip easily. they just need to set HTTP_X_FORWARDED and they are masked.
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...