Jump to content
dalawh

Visitor IP

Recommended Posts

I did a few searches and I found that though $_SERVER['REMOTE_ADDR'] gets you the IP of a visistor, it is not always accurate because they could be hiding behind a proxy. I read that it was good to check $_SERVER['REMOTE_ADDR'] and $_SERVER['HTTP_X_FORWARDED_FOR'] to see if they contained value and if they did, it meant that they were behind a proxy, so it was better to use $_SERVER['REMOTE_ADDR'] and $_SERVER['HTTP_X_FORWARDED_FOR'] instead of $_SERVER['REMOTE_ADDR']. Now my question is whether $_SERVER['REMOTE_ADDR'] and $_SERVER['HTTP_X_FORWARDED_FOR'] where the same or not. If not, what is the difference between them? I also read that $_SERVER['REMOTE_ADDR'] and $_SERVER['HTTP_X_FORWARDED_FOR'] were not always accurate because of the fact that the header could be spoofed. I tested this and it seems that the few proxies I used, the $_SERVER['REMOTE_ADDR'] and $_SERVER['HTTP_X_FORWARDED_FOR'] were not able to detect that it was behind a proxy. My question now is if there was a more accurate way to track an IP as opposed to this? I also want to know if there was any way to track the original IP of someone using a VPN or VPS?

Share this post


Link to post
Share on other sites

$_SERVER['REMOTE_ADDR'] can't be spoofed actualy because that is the ip address through which server and client send data back and forth. when someone use proxy , that remote server act as client and request page from the target server. which means they talk to via proxy server ip address and target remote address. so 'REMOTE_ADDR' become the address of proxy server. $_SERVER['HTTP_X_FORWARDED'] is non standard header. it is what the proxy server set when it request target server. but it is up to the proxy server what will be the value of it or even it will be there or not. there is many more headers used there to determin e proxies but it would vary from server to server. this headers can be spoofed. You can check those all proxy headers exist or not but i doubt all proxies could be caught via that. There is not any reliable way of doing that.

Edited by birbal

Share this post


Link to post
Share on other sites
$_SERVER['REMOTE_ADDR'] can't be spoofed actualy because that is the ip address through which server and client send data back and forth. when someone use proxy , that remote server act as client and request page from the target server. which means they talk to via proxy server ip address and target remote address. so 'REMOTE_ADDR' become the address of proxy server. $_SERVER['HTTP_X_FORWARDED'] is non standard header. it is what the proxy server set when it request target server. but it is up to the proxy server what will be the value of it or even it will be there or not. there is many more headers used there to determin e proxies but it would vary from server to server. this headers can be spoofed. You can check those all proxy headers exist or not but i doubt all proxies could be caught via that. There is not any reliable way of doing that.
Not to be rude or anything, but you didn't even answer one of my question.

Share this post


Link to post
Share on other sites

Unfortunately the means of hiding the IP is the exact purpose of a Website Proxy. HTTP_X_FORWARDED... is the original IP of the user and if it is set (isset) REMOTE_ADDR would be the proxy's address. Bare in mind that multiple layers can be used as a proxy hiding the original IP behind the supposed 'HTTP_X_FORWARDED' IP. There is no way around this and even Google is having this sort of problem. There is however a way of identifying the ISP of the client although it does come at a cost. There are database containing IP addresses and ISP details that you can subscribe for a monthly instalment of payments. The only website I know who does this sort of service for FREE (giving out ISP details) is whatsmyip.com.

Share this post


Link to post
Share on other sites

I think i already did.

My question now is if there was a more accurate way to track an IP as opposed to this?
You can check those all proxy headers exist or not but i doubt all proxies could be caught via that. There is not any reliable way of doing that.
I also want to know if there was any way to track the original IP of someone using a VPN or VPS?
VPN will work same as proxy server between client and target server. so it is same as above. Edited by birbal

Share this post


Link to post
Share on other sites

Birbal did answer your question... let me sum it up for you...

My question now is if there was a more accurate way to track an IP as opposed to this?
No.
I also want to know if there was any way to track the original IP of someone using a VPN or VPS?
No.

Share this post


Link to post
Share on other sites
HTTP_X_FORWARDED... is the original IP of the user and if it is set (isset) REMOTE_ADDR would be the proxy's address.
HTTP_X_FORWARDED would be the original ip, but it is not obvious. as proxy server can override it and use it any aribitary ip (spoofed). There was a previous issue with that in former version of BBforum where they checked the HTTP_X_FORWARDED and user was exploited it.

Share this post


Link to post
Share on other sites

Only question left unanswered is "Now my question is whether $_SERVER['REMOTE_ADDR'] and $_SERVER['HTTP_X_FORWARDED_FOR'] where the same or not. If not, what is the difference between them?".

Share this post


Link to post
Share on other sites
Now my question is whether $_SERVER['REMOTE_ADDR'] and $_SERVER['HTTP_X_FORWARDED_FOR'] where the same or not.
No. They are not the same.
$_SERVER['REMOTE_ADDR'] ... that is the ip address through which server and client send data back and forth.
... And a proxy is a client.
$_SERVER['HTTP_X_FORWARDED'] is non standard header. it is what the proxy server set when it request target server.
... And ANY header (standard or non standard) can be spoofed or not present at all. It's up to the client (and... say it with me... "a proxy is a client") to decide if and what it should send.If all that sounds like a mouthful, here's another way to sum it up:- $_SERVER['REMOTE_ADDR'] - Always present. Always the IP that contacted your server.- $_SERVER['HTTP_X_FORWARDED'] - May or may not be present. Sometimes it is the IP of an end user.

Share this post


Link to post
Share on other sites
Guest So Called

I've been using $_SERVER['REMOTE_ADDR'] to get the IP address, just for my logging and traffic analysis. I like to look up the originating country, and on occasion I even look up US visitors to my hobby site, just because I'm curious where people came from, and who "my people" are. :) It never occurred to me to look at the X-Forwarded-For header but for the last few years I've been logging all the headers, just for data mining if I ever wonder about oddities in my log. I can always delete the column from my MySQL log table... So I looked at my log and from about 55,000 site visits there's almost 600 using this header, about 1 percent. Many of the log entries can be associated with mobile guests (cellphone Internet accesses). The biggest shock for me was about a dozen of them with my own IP address! One of these originated from Yahoo's search engine, the rest were from Google. As near as I can tell they are related to Google (or Yahoo) visiting my site after I had used their search engine to look at my page ranking for various searches. I know this sounds a bit far fetched but there isn't any other way I can think of for my IP address to show up in somebody else's X-Forwarded-For header, particularly a Yahoo or Google 'bot. I'm giving some thought to adding more code to examine these visits more. I'm thinking of using the X-Forwarded-For instead of the remote address for my logging, and then adding the originating IP address to my comment section:

$ip_address = empty($_SERVER['HTTP_X_FORWARDED']) ? $_SERVER['REMOTE_ADDR'] : $_SERVER['HTTP_X_FORWARDED'];

I agree with the rest of the replies. Remote address can't be faked because there's no way for the sender to get a reply if they don't give their address. Anything else can be faked. However it would be a mistake to think that the site visitor has mischief in mind just because they have the X-Forwarded-For header. I've learned a lot of very strange things looking at my logs... :)

Share this post


Link to post
Share on other sites
I can think of for my IP address to show up in somebody else's X-Forwarded-For header, particularly a Yahoo or Google 'bot
thats bots knows your domain address. they are resolving it to get your IP and after that they are buidling HTTP_X_FORWARDED_ header with that ip and then requesting your page..
$ip_address = empty($_SERVER['HTTP_X_FORWARDED']) ? $_SERVER['REMOTE_ADDR'] : $_SERVER['HTTP_X_FORWARDED'];
what if someone set spoofed HTTP_X_FORWARDED ? it will assume it as its ip address. you can check for those proxy headers to mark the ips as proxy but considering those address as ip address is not good idea. Where you would get at least the address of ip of the proxy server, you will get now an arbitrary ip. With that code people can fake their ip easily. they just need to set HTTP_X_FORWARDED and they are masked.

Share this post


Link to post
Share on other sites

There seemed to be a typo in my question. What I meant to ask was...Now my question is whether

$_SERVER['HTTP_CLIENT_IP']

and $_SERVER['HTTP_X_FORWARDED_FOR'] where the same or not. If not, what is the difference between them?

Share this post


Link to post
Share on other sites

The general answer is that since both of those are non-standard headers, there isn't any set of rules that they have to follow. See the response here: http://stackoverflow.com/questions/7445592/what-is-the-difference-between-http-client-ip-and-http-x-forwarded-for

Share this post


Link to post
Share on other sites
Guest So Called

I just checked my logs and in over 50,000 site visits not a single one had an X-Client-IP header.

Share this post


Link to post
Share on other sites
I just checked my logs and in over 50,000 site visits not a single one had an X-Client-IP header.
It's bad practice, but it looks like they omit the X prefix for that header. It should be there, but it's not.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...