Posted by Jerry Stuckle on 03/02/07 22:56

Varn wrote:
> Hi all,
>
> I've got a website coded in PHP, and a malicious person is
> posting fake spam messages to a low-security forum that I've coded.
> My forum code simply reads the POST data and in good faith
> posts the message to the forum and records the IP of the poster.
> Here is what is happening. Bogus messages are being posted
> always of roughly the same type or message, often with
> bogus URLs in them, and the IP address that I am recording
> is always random i.e. spoofed.
>
> What I would like to do is to have the web server keep the
> connection open long enough to ascertain that the real
> IP of the spoofer is, or at least to ascertain that the HTTP
> request is more than one packet. Is it possible to do either
> of these from PHP?
>
> Thanks.
>

No, it's not possible in PHP. However, they probably aren't using a
spoofed IP address, anyway. Most of these use anonymous proxies - of
which there are a bunch all over the world.

You may be better off parsing the message for URL's - if there are more
than one or two reject the message. It might help.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

[Back to original message]