Announcement

Announcement Module
Collapse
No announcement yet.

Being harrassed by a user, IP 127.0.0.1

Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Being harrassed by a user, IP 127.0.0.1

    We are experiencing some trouble with people trying to get access to our servers, we are aggressively trying to block them, but now a user has registered and his IP shows up as 127.0.0.1 , how is this possible? are our servers compromised? How can I make sure to check what is wrong?

    Thank you

    Simon

  • #2
    127.0.0.1 is a reserved IP address, a local loopback address. It's not a real IP address.

    Comment


    • #3
      Originally posted by dodgeboard.com View Post
      127.0.0.1 is a reserved IP address, a local loopback address. It's not a real IP address.
      sure I get that, but actually it is my server address, my question is, how can a member uses this address to act as a members and have his IP logged ast his. obviosuly I cannot ban him on IP level. So my questions is, can i prevent a user being logged as 127.0.0.1 , and is my server at risk of hacking.

      As far I see, we are fully patched and safe behind several firewalls, thanks for replying

      Simon

      Comment


      • #4
        Ban his proxy email if he has registered.

        Also one question do you manually approve accounts on your site? If not you should so you can catch him out asap.

        Comment


        • #5
          Originally posted by schwab2clarkson View Post
          Ban his proxy email if he has registered.

          Also one question do you manually approve accounts on your site? If not you should so you can catch him out asap.
          well that's the point I can't ban his proxy because his IP appears as 127.0.0.1 , and with over 600 new registrant a day manauly aproving accounts is a pain the @SS

          So any other suggestions master of vbulletin??

          Thx

          Simon

          Comment


          • #6
            Originally posted by mimezine View Post
            sure I get that, but actually it is my server address, my question is, how can a member uses this address to act as a members and have his IP logged ast his. obviosuly I cannot ban him on IP level. So my questions is, can i prevent a user being logged as 127.0.0.1 , and is my server at risk of hacking.

            As far I see, we are fully patched and safe behind several firewalls, thanks for replying

            Simon
            It is called spoofing and a fairly common practice and easy to do with IP addresses. You'll need to trace back his requests in the web server's log to find his real IP address and ban it.

            Wayne Luke
            The Rabid Badger - a vBulletin Cloud site.
            Please do not PM me for support unless I specifically ask for information to be delivered that way.

            Comment


            • #7
              Originally posted by mimezine View Post
              well that's the point I can't ban his proxy because his IP appears as 127.0.0.1 , and with over 600 new registrant a day manauly aproving accounts is a pain the @SS

              So any other suggestions master of vbulletin??

              Thx

              Simon
              No that is his IP address. Banning his email address would be a start.

              Comment


              • #8
                Originally posted by mimezine View Post
                well that's the point I can't ban his proxy because his IP appears as 127.0.0.1 , and with over 600 new registrant a day manauly aproving accounts is a pain the @SS

                So any other suggestions master of vbulletin??

                Thx

                Simon
                You wont get much volunteer help with that attitude.

                Comment


                • #9
                  Originally posted by dodgeboard.com View Post
                  You wont get much volunteer help with that attitude.
                  I did not mean it that way, but a little sarcasm hasn't hurt anybody, I appreciate all feedback, so again thanks for the feedback. I will go into my logfiles and traceroute it back to a actual IP address, which I can ban. But it is a persistent little bastard, this "spoofer"

                  Simon

                  Comment


                  • #10
                    Originally posted by Wayne Luke View Post
                    It is called spoofing and a fairly common practice and easy to do with IP addresses. You'll need to trace back his requests in the web server's log to find his real IP address and ban it.
                    Thank you so much, the answer I needed! Funny thing that on google searches, I found little about this kind of spoofing of 127.0.0.1 with vbulletin, as if it does not often occur. So thanks again, very helpful!

                    Simon

                    Comment

                    Working...
                    X