You are not logged in. Please login or register.
PunBB Forums → PunBB 1.2 bug reports → About detecting user IP
I found bug with user IP detecting.
When user going to forum through proxy server, his IP addres is detected by user local address, not proxy server address. I think, that address detected by X-Forwarded-For header, not real IP...
I use forum on the server in big corporative network (server hase real IP). And I can see many local addreses (10.xxx.xxx.xxx, 192.168.xxx.xxx) in forum user details, wich not present in my network...
It's not a bug, it's a feature. PunBB attempts to detect the IP address behind the proxy, because banning the proxy usually isn't what you want. If someone is causing problems and is banned, he/she shouldn't just be able to switch to a different proxy and continue causing problems. In reality, it's not that easy, but that's the general idea.
H-mm. And how I can tell the difference between my local clients (10.0.0.0/8) and clients in another corporative networks 
?
I hase been many times confused with this - where is my local clients and - where is other clients ...
There is an idea to ban users by it's cookies personal data or use together - user local address and proxy address (X-Forwarded-For + VIA)...
H-mm. And how I can tell the difference between my local clients (10.0.0.0/8) and clients in another corporative networks :) ?
by ip
There is an idea to ban users by it's cookies personal data...
user register new account....
I think like Rickard It's not a bug, it's a feature.
by ip
My local clients have the same ip's such another local clients.
If I ban any local addres - I ban this addres in _all_ local networks...
hm?
My local clients have the same ip's such another local clients.
joke:
1. ban all by ip
2. don't use ban, use legs and hand (for bad users)
3. new ip for all
4. close forum
$-)
adsh: Well, the alternative is to only use REMOTE_ADDR, but then you will end up with many users having the same IP address instead. We've had the problem at a site where i moderate (sweclockers.com). We banned the IP address of a user that was causing a lot of problems and then it turned out it was the proxy of a large swedish ISP, so lots and lots of users ended up getting banned. This was of course unacceptable and we were forced to unban that IP. We've had the same problem many, many times.
May be - banning on some personal cookies data makes more good sense?
PunBB does ban based on cookie data. However, cookies can very easily be deleted.
You can not login to forum without cookie. There is - ban, based on user name, not IP. And we also may ban user, based on "proxy ip + local user ip". In alternative...
You can not login to forum without cookie. There is - ban, based on user name, not IP.
True, however it is very easy to delete the cookie and then register again under a new username.
And we also may ban user, based on "proxy ip + local user ip". In alternative...
I'm not sure what you mean. If you don't want to ban an IP address, you don't have to. You can just ban the username.
The IP address detection has been improved in PunBB 1.2. It will ignore obviously local IP's such as 127.0.0.1, 192.168.*, 10.* etc.
Im running punBB 1.2.12 and I still have this problem/feature. It running in an internal reverse proxy server and it says that a couple of users IP is 192.168.x.x
Any idea how to avoid this without compromising punBB's banning feature?
You can have a lot of users with the same IP, there is nothing wrong with this. They could be behind a proxy, or just using NAT on theri firewall. Bannin IPs is a bad practice. In my country 99.99% users don't have static IPs.
But its normal that a guy from Argentina, one from Russia and one from Germany have the exact same IP? I mean, they have the same IP only in this forums, their IP anywere else are different.
OK, that is not normal
"running in an internal reverse proxy server"
Well, there's your problem! No, honestly. I have no idea what actually goes on in your setup. This topic is over two years old, and some of the things I said above don't apply anymore. In version 1.2.12, PunBB relies completely on REMOTE_ADDR (which is the address the proxy is providing). We used to try to sniff out the IP address behind the proxy, but we had to drop that because of some security concerns (was very easy to spoof).
Oh, okey then. Didn't noticed that the topic was old. I just thought that something wrong could be happening to this forum I mention, but if its standard then there's nothing to see here, please keep moving... 
The problem is that all proxies do not send REMOTE_ADDR in request.
Basically, you can't ban a person without leeting him a way to register again, with punbb or whatever forum/portal script.
The problem is that all proxies do not send REMOTE_ADDR in request.
Unless I'm missing something very basic, every computer sends out REMOTE_ADDR. It's X_FORWARDED_FOR that not every proxy sends out and that can be manipulated (which is why PunBB doesn't use it anymore)
PunBB Forums → PunBB 1.2 bug reports → About detecting user IP
Powered by PunBB, supported by Informer Technologies, Inc.