IP Spoofing - Forum may had been hacked.

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Nirvana_S
    New Member
    • Feb 2008
    • 17
    • 3.6.x

    IP Spoofing - Forum may had been hacked.

    Hi,

    I recently discovered that numerous members from my forum have the same ip address, and it wasn't until a new member registered with this ip address. This new member turned out to be a nuisance, so I decided to google their ip address. I found another forum from digitalpoint.com where someone else was having the same issue.

    Most of the user accounts that have the ip address have an aol.com email address, which I do know use recycled ip addresses, but there were some members that had hotmail accounts that had the same ip.

    I was wondering if this could possibly be a result from ip spoofing? Or maybe just a huge coincidence...? I decided to ban the IP address until I figure out how to fix the problem. Some of the members didn't use to have this ip address til now, and since I banned the ip they can no longer get into the forum.

    This is what it looks like when I did a search for the ip address in the Admin CP:

  • Nirvana_S
    New Member
    • Feb 2008
    • 17
    • 3.6.x

    #2
    Nobody knows how to fix this? I've had to ban 27 members' ip address because of this issue and I need to fix this so I can unban them.

    Comment

    • sidney
      New Member
      • Dec 2008
      • 4
      • 3.7.x

      #3
      If you look at the host name for that ip address in the screenshot you posted you will see that it has "cache" in it and ends with "proxy.aol.com". That means that it is the ip address of an AOL caching web proxy. I'll put that in plain English.

      These people are using AOL to connect to the Internet, and AOL speeds up their web access by directing all of their web browser traffic through these caching web proxy servers.

      Some AOL customers will sign up using their AOL email address. Others might prefer to use a different email address such as Hotmail, just as anyone else might regardless of who their ISP is. So it means nothing that some of the people you saw had Hotmail addresses. All you know for sure is that if they are coming in from a proxy.aol.com ip address then their connection to the Internet is through AOL.

      The problem you are going to have is that because AOL does things that way you cannot distinguish between customers of AOL who are bad people and customers of AOL who are good people just from their IP address. Not only that, but an AOL customer might end up going through one of their proxy IP addresses one day and get a different one the next. So if you ban one of these IP addresses you may lock out people who have done nothing wrong, while the bad guy might show up with a different AOL ip address the next day.

      There is no good answer to this. You either ban all AOL customers, or you continue to play whack-a-mole by banning the individual accounts when they cause trouble and give up on banning ip addresses that appear to be web proxies from legitimate ISPs.

      Comment

      • Nirvana_S
        New Member
        • Feb 2008
        • 17
        • 3.6.x

        #4
        Thanks Sidney. I guess I'll just unban them and ban the ones who are causing me trouble.

        Comment

        widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
        Working...