Web Wiz Forums - Forged IP address

Print Page | Close Window

Forged IP address

Printed From: Web Wiz Forums
Category: Web Wiz Web App Support Forums
Forum Name: Web Wiz Forums
Forum Description: Support forum for Web Wiz Forums application.
URL: https://forums.webwiz.net/forum_posts.asp?TID=12584
Printed Date: 11 April 2026 at 3:02pm
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com

Topic: Forged IP address

Posted By: Vapor
Subject: Forged IP address
Date Posted: 17 November 2004 at 2:04pm

Today, I had a user post a message from my IP address. I'm on a cable connection which gives users a unique IP Address. I run a hardware firewall, a software firewall, Norton AV, and I don't open attachments. I scan routinely, including today.

I consider it unlikely that I have been "hacked", but I'll take what precautions I can to ensure that I have not.

It is my assumption currently that the posting IP address was forged, by a "bot"

The "user" set up a message on my board, then spammed Yahoo Finance to direct people to my board. From there, they hoped to direct traffic to their site - there was a link in the message.

It's my assumption that this was an automated process.

http://finance.messages.yahoo.com/bbs?.mm=FN&action=m&board=1603135367&tid=mcdt&sid=1603135367&mid=2218 - Here is one Yahoo Finance link

http://finance.messages.yahoo.com/bbs?.mm=FN&action=m&board=1603135367&tid=mcdt&sid=1603135367&mid=2218 - Here is another

http://finance.messages.yahoo.com/bbs?.mm=FN&action=m&board=1603135367&tid=mcdt&sid=1603135367&mid=2218 - Here is a third

I'm sure there are more. I've been using version 7.9 of the forum for approximately 1-2 weeks. My IP address is the most prolific on the board with approx 3000 posts. If any crawler is able to crawl the board with appropriate permissions, then this would be the most frequent IP address used within the last week.

The IP address that the person registered from is: 24.244.141.102

I track "latest IP address" and "registration IP address" silently in a seperate table.

That address has been banned, of course.

This is all that I can provide at this point as far as the anatomy of the attack goes.

My forum admin name and password was changed, of course, and the version I am using is SQL Server.

-------------
http://www.stageselect.com/Collection - Trade, Sell, Organize your Video Games! (free)

Replies:

Posted By: dj air
Date Posted: 17 November 2004 at 2:47pm

someone probbabbly fakes the Ip address. is easy to do.

Posted By: xeerex
Date Posted: 17 November 2004 at 2:56pm

/agree with dj air

Spoofing IP addresses isn't difficult at all. Heck, you can even spoof the MAC address of your NIC if you want..

wrote:

If any crawler is able to crawl the board with appropriate permissions

I've actually mod'ed one of my forums so that the IP tracking is on but only admins have permissions to view it. This is mainly because they freak out even if it's just a message of "your ip is logged." /shakes his head.

Remember, that bots can only crawl the same HTML code that the browser renders. This is why search bots can index a forum but not if you have group or password protected content.

-------------
http://webspacegeeks.com - Need Hosting, Domains, Dedicated Servers?
http://www.smartergeek.com - web design | pc support | training | podcasts | video production

Posted By: delirium
Date Posted: 19 November 2004 at 12:09am

Would someone be able to tell me how to hide the IP addresses from everybody, including moderators, on web wiz forum. I would lke to set it up in such way that only admiistrator can view it.

Thank you

Posted By: dj air
Date Posted: 19 November 2004 at 5:20am

change lines 756 to 761 on the forum_posts.asp file from


 'If  the user is the admin or moderatir then display the authors IP
If  (blnAdmin OR blnModerator) AND strAuthorIP <> "" Then
Response.Write(" | " & strTxtIP & "  <a
href=""javascript:openWin('pop_up_IP_blocking.asp?IP= " &
strAuthorIP & "&TID=" & lngTopicID  &
"','move','toolbar=0,location=0,status=0,menubar=0,sc rollbars=1,resizable=1,width=425,height=425')""
class=""smL ink"">" & strAuthorIP & "</a>")
       Else
     
     Response.Write(" | " & strTxtIPLogged)

            End If




  
'If  the user is the admin or moderatir then display the authors IP
   
If  (blnAdmin) AND strAuthorIP <> "" Then
Response.Write(" | " & strTxtIP & "  <a href=""javascript:openWin('pop_up_IP_blocking.asp?IP= " &
strAuthorIP & "&TID=" & lngTopicID  &
"','move','toolbar=0,location=0,status=0,menubar=0,sc rollbars=1,resizable=1,width=425,height=425')""
class=""smL ink"">" & strAuthorIP & "</a>")


      Else
   
     Response.Write(" | " & strTxtIPLogged)

            End If

Posted By: bims
Date Posted: 20 November 2004 at 6:30am

Would someone be able to tell me how to hide the IP addresses from everybody

Isn't this the default in 7.9? Can ordinary users see all IP addresses? I thought they just see an 'IP logged' notification?

Posted By: dj air
Date Posted: 20 November 2004 at 7:04am

only admin/Moderators are able to see Ip Addresses,
no one else can they see IP logged

Posted By: xeerex
Date Posted: 20 November 2004 at 5:23pm

wrote:

I thought they just see an 'IP logged' notification?

That is all they see, which tends to freak them out many times.

-------------
http://webspacegeeks.com - Need Hosting, Domains, Dedicated Servers?
http://www.smartergeek.com - web design | pc support | training | podcasts | video production