Following this topic, I'm leaning a little on PunBB 1.3.4 to establish the same system,
even if some find it useless as the only "protection".
Since I have found nothing for PunBB ips, I'll file the amendments to do if you're interested.
I warn, I have not used the Hooks, the changes are in direct files.
From what I saw, a feature not available anymore, "@gethostbyaddr($ip)" in file moderate.php line 55.
For the rest, everything is functional.
[---][---][---]
Note 1: It is advisable to make a backup before making changes.
Furthermore, this operation is at your own risk, I can not be held responsible blahblahblah in case of bug .
Note2: Put the same key if you change $encrypted_key = "put_your_key_here";.
Note3: If I spent my time doing this topic is that it works, I'm not crazy
In Phpmyadmin :
1) In the structure of the table "posts", colonne "poster_id", change "type" to "varchar(40)"
2) In the structure of the table "users", colonne "registration_ip"
a) change "type" to "varchar(40)"
b) change "Défaut2" as defined: "ab3a723bf153e72986de993c39f2eaabc9a122b7"
On your server,:
1) add this function:
function hash_ip($ip)
{
// change with your own key
$encrypted_key = "put_your_key_here";
return sha1($ip.$encrypted_key.sha1($ip.sha1($encrypted_key)));
}
1) Update ips of the table posts with query :
$query = array(
'SELECT' => 'id, poster_ip',
'FROM' => 'posts'
);
$result = $forum_db->query_build($query) or error(__FILE__, __LINE__);
while($row = $forum_db->fetch_assoc($result))
{
$query2 = array(
'UPDATE' => 'posts',
'SET' => 'poster_ip=\''.hash_ip($row['poster_ip']).'\'',
'WHERE' => 'id='.$row['id'].' LIMIT 1'
);
$forum_db->query_build($query2) or error(__FILE__, __LINE__);
}
2) Update ips of the table users with query :
$query = array(
'SELECT' => 'id, registration_ip',
'FROM' => 'users'
);
$result = $forum_db->query_build($query) or error(__FILE__, __LINE__);
while($row = $forum_db->fetch_assoc($result))
{
$query2 = array(
'UPDATE' => 'users',
'SET' => 'registration_ip=\''.hash_ip($row['registration_ip']).'\'',
'WHERE' => 'id='.$row['id'].' LIMIT 1'
);
$forum_db->query_build($query2) or error(__FILE__, __LINE__);
}
Possibly, if you have any banned users, do this also:
3) Update ips of the table bans with query :
$query = array(
'SELECT' => 'id, ip',
'FROM' => 'bans'
);
$result = $forum_db->query_build($query) or error(__FILE__, __LINE__);
while($row = $forum_db->fetch_assoc($result))
{
$query2 = array(
'UPDATE' => 'bans',
'SET' => 'ip=\''.hash_ip($row['ip']).'\'',
'WHERE' => 'id='.$row['id'].' LIMIT 1'
);
$forum_db->query_build($query2) or error(__FILE__, __LINE__);
}
[---][---][---]
In your files :
[---]
In FORUM_ROOT.'moderate.php', line 30 change:
// Is get_host an IP address or a post ID?
if (preg_match('/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/', $_GET['get_host']) || preg_match('/^((([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}:[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){5}:([0-9A-Fa-f]{1,4}:)?[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){4}:([0-9A-Fa-f]{1,4}:){0,2}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){3}:([0-9A-Fa-f]{1,4}:){0,3}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){2}:([0-9A-Fa-f]{1,4}:){0,4}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}((\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b)\.){3}(\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b))|(([0-9A-Fa-f]{1,4}:){0,5}:((\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b)\.){3}(\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b))|(::([0-9A-Fa-f]{1,4}:){0,5}((\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b)\.){3}(\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b))|([0-9A-Fa-f]{1,4}::([0-9A-Fa-f]{1,4}:){0,5}[0-9A-Fa-f]{1,4})|(::([0-9A-Fa-f]{1,4}:){0,6}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){1,7}:))$/', $_GET['get_host']))
to
// Is get_host an IP address or a post ID?
if (preg_match('/^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$/', $_GET['get_host']) || preg_match('/^((([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}:[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){5}:([0-9A-Fa-f]{1,4}:)?[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){4}:([0-9A-Fa-f]{1,4}:){0,2}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){3}:([0-9A-Fa-f]{1,4}:){0,3}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){2}:([0-9A-Fa-f]{1,4}:){0,4}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}((\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b)\.){3}(\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b))|(([0-9A-Fa-f]{1,4}:){0,5}:((\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b)\.){3}(\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b))|(::([0-9A-Fa-f]{1,4}:){0,5}((\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b)\.){3}(\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b))|([0-9A-Fa-f]{1,4}::([0-9A-Fa-f]{1,4}:){0,5}[0-9A-Fa-f]{1,4})|(::([0-9A-Fa-f]{1,4}:){0,6}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){1,7}:))$/', $_GET['get_host']) || preg_match('/^[0-9A-Fa-f]{40}$/', $_GET['get_host']))
Yet in FORUM_ROOT.'moderate.php', line 55 change:
message(sprintf($lang_misc['Hostname lookup'], $ip, @gethostbyaddr($ip), '<a href="'.forum_link($forum_url['admin_users']).'?show_users='.$ip.'">'.$lang_misc['Show more users'].'</a>'));
to :
message(sprintf($lang_misc['Hostname lookup'], $ip, '<ins><em>Information encrypted, impossible to determine.</em></ins>', '<a href="'.forum_link($forum_url['admin_users']).'?show_users='.$ip.'">'.$lang_misc['Show more users'].'</a>'));
Note: This is gethostbyaddr($ip) is no longer usable, so I substituted a sentence, if you want to change anything.
[---]
In FORUM_ROOT.'admin/users.php', line 180 change:
if (empty($ip) || (!preg_match('/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/', $ip) && !preg_match('/^((([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}:[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){5}:([0-9A-Fa-f]{1,4}:)?[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){4}:([0-9A-Fa-f]{1,4}:){0,2}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){3}:([0-9A-Fa-f]{1,4}:){0,3}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){2}:([0-9A-Fa-f]{1,4}:){0,4}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}((\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b)\.){3}(\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b))|(([0-9A-Fa-f]{1,4}:){0,5}:((\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b)\.){3}(\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b))|(::([0-9A-Fa-f]{1,4}:){0,5}((\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b)\.){3}(\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b))|([0-9A-Fa-f]{1,4}::([0-9A-Fa-f]{1,4}:){0,5}[0-9A-Fa-f]{1,4})|(::([0-9A-Fa-f]{1,4}:){0,6}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){1,7}:))$/', $ip))))
to
if (empty($ip) || (!preg_match('/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/', $ip) && !preg_match('/^((([0-9A-Fa-f]{1,4}:){7}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}:[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){5}:([0-9A-Fa-f]{1,4}:)?[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){4}:([0-9A-Fa-f]{1,4}:){0,2}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){3}:([0-9A-Fa-f]{1,4}:){0,3}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){2}:([0-9A-Fa-f]{1,4}:){0,4}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){6}((\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b)\.){3}(\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b))|(([0-9A-Fa-f]{1,4}:){0,5}:((\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b)\.){3}(\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b))|(::([0-9A-Fa-f]{1,4}:){0,5}((\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b)\.){3}(\b((25[0-5])|(1\d{2})|(2[0-4]\d)|(\d{1,2}))\b))|([0-9A-Fa-f]{1,4}::([0-9A-Fa-f]{1,4}:){0,5}[0-9A-Fa-f]{1,4})|(::([0-9A-Fa-f]{1,4}:){0,6}[0-9A-Fa-f]{1,4})|(([0-9A-Fa-f]{1,4}:){1,7}:))$/', $ip)) && (!preg_match('/[0-9A-Fa-f]{40}/', $ip)))
[---]
In FORUM_ROOT.'include/functions.php', line 1003 change:
// Try to determine the correct remote IP-address
function get_remote_address()
{
$return = ($hook = get_hook('fn_get_remote_address_start')) ? eval($hook) : null;
if ($return != null)
return $return;
return $_SERVER['REMOTE_ADDR'];
}
to
// Try to determine the correct remote IP-address
function get_remote_address()
{
// change with your own key
$encrypted_key = "put_your_key_here";
$return = ($hook = get_hook('fn_get_remote_address_start')) ? eval($hook) : null;
if ($return != null)
return sha1($return.$encrypted_key.sha1($return.sha1($encrypted_key)));
return sha1($_SERVER['REMOTE_ADDR'].$encrypted_key.sha1($_SERVER['REMOTE_ADDR'].sha1($encrypted_key)));
}
[---]
In FORUM_ROOT.'include/url/' + your url scheme + '/rewrite_rules.php, line 58 change:
'/^get_host[\/_-]?([0-9]+|[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})(\.html?|\/)?$/i' => 'moderate.php?get_host=$1',
to :
'/^get_host[\/_-]?([0-9]+|[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}|[0-9A-Fa-f]{40})(\.html?|\/)?$/i' => 'moderate.php?get_host=$1',
[---][---][---]
That is, if it can be useful
EDIT: I add an encryption key because it is too easy to compare IP with this script:
for ($i=0;$i<255;$i++) {
for ($j=0;$j<255;$j++) {
for ($k=0;$k<255;$k++) {
for ($l=0;$l<255;$l++) {
$ip = $i.".". $j .".". $k .".".$l;
mysql_query("INSERT INTO `ips` (`ip`, `sha`) VALUES ('". $ip ."', '". sha1($ip) ."')");
}
}
}
}
Thanks to TheAssassin185.
Now if only access to the database is compromised, it is not possible to retrieve the IP.
Result :