Being harrassed by a user, IP 127.0.0.1

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • mimezine
    New Member
    • Oct 2001
    • 17

    Being harrassed by a user, IP 127.0.0.1

    We are experiencing some trouble with people trying to get access to our servers, we are aggressively trying to block them, but now a user has registered and his IP shows up as 127.0.0.1 , how is this possible? are our servers compromised? How can I make sure to check what is wrong?

    Thank you

    Simon
  • dodgeboard.com
    Senior Member
    • Nov 2005
    • 941
    • 4.0.x

    #2
    127.0.0.1 is a reserved IP address, a local loopback address. It's not a real IP address.

    Comment

    • mimezine
      New Member
      • Oct 2001
      • 17

      #3
      Originally posted by dodgeboard.com
      127.0.0.1 is a reserved IP address, a local loopback address. It's not a real IP address.
      sure I get that, but actually it is my server address, my question is, how can a member uses this address to act as a members and have his IP logged ast his. obviosuly I cannot ban him on IP level. So my questions is, can i prevent a user being logged as 127.0.0.1 , and is my server at risk of hacking.

      As far I see, we are fully patched and safe behind several firewalls, thanks for replying

      Simon

      Comment

      • aussiefooty
        Senior Member
        • Nov 2008
        • 1902
        • 6.0.X

        #4
        Ban his proxy email if he has registered.

        Also one question do you manually approve accounts on your site? If not you should so you can catch him out asap.
        Aussiefootyforums

        New Site New forum
        Come and talk sports all day long


        Comment

        • mimezine
          New Member
          • Oct 2001
          • 17

          #5
          Originally posted by schwab2clarkson
          Ban his proxy email if he has registered.

          Also one question do you manually approve accounts on your site? If not you should so you can catch him out asap.
          well that's the point I can't ban his proxy because his IP appears as 127.0.0.1 , and with over 600 new registrant a day manauly aproving accounts is a pain the @SS

          So any other suggestions master of vbulletin??

          Thx

          Simon

          Comment

          • Wayne Luke
            vBulletin Technical Support Lead
            • Aug 2000
            • 73976

            #6
            Originally posted by mimezine
            sure I get that, but actually it is my server address, my question is, how can a member uses this address to act as a members and have his IP logged ast his. obviosuly I cannot ban him on IP level. So my questions is, can i prevent a user being logged as 127.0.0.1 , and is my server at risk of hacking.

            As far I see, we are fully patched and safe behind several firewalls, thanks for replying

            Simon
            It is called spoofing and a fairly common practice and easy to do with IP addresses. You'll need to trace back his requests in the web server's log to find his real IP address and ban it.
            Translations provided by Google.

            Wayne Luke
            The Rabid Badger - a vBulletin Cloud demonstration site.
            vBulletin 5 API

            Comment

            • aussiefooty
              Senior Member
              • Nov 2008
              • 1902
              • 6.0.X

              #7
              Originally posted by mimezine
              well that's the point I can't ban his proxy because his IP appears as 127.0.0.1 , and with over 600 new registrant a day manauly aproving accounts is a pain the @SS

              So any other suggestions master of vbulletin??

              Thx

              Simon
              No that is his IP address. Banning his email address would be a start.
              Aussiefootyforums

              New Site New forum
              Come and talk sports all day long


              Comment

              • dodgeboard.com
                Senior Member
                • Nov 2005
                • 941
                • 4.0.x

                #8
                Originally posted by mimezine
                well that's the point I can't ban his proxy because his IP appears as 127.0.0.1 , and with over 600 new registrant a day manauly aproving accounts is a pain the @SS

                So any other suggestions master of vbulletin??

                Thx

                Simon
                You wont get much volunteer help with that attitude.

                Comment

                • mimezine
                  New Member
                  • Oct 2001
                  • 17

                  #9
                  Originally posted by dodgeboard.com
                  You wont get much volunteer help with that attitude.
                  I did not mean it that way, but a little sarcasm hasn't hurt anybody, I appreciate all feedback, so again thanks for the feedback. I will go into my logfiles and traceroute it back to a actual IP address, which I can ban. But it is a persistent little bastard, this "spoofer"

                  Simon

                  Comment

                  • mimezine
                    New Member
                    • Oct 2001
                    • 17

                    #10
                    Originally posted by Wayne Luke
                    It is called spoofing and a fairly common practice and easy to do with IP addresses. You'll need to trace back his requests in the web server's log to find his real IP address and ban it.
                    Thank you so much, the answer I needed! Funny thing that on google searches, I found little about this kind of spoofing of 127.0.0.1 with vbulletin, as if it does not often occur. So thanks again, very helpful!

                    Simon

                    Comment

                    widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                    Working...