Home »
FUDforum Development »
Bug Reports »
Old bug revisited?
Old bug revisited? [message #19009] |
Mon, 21 June 2004 18:39 |
Marticus
Messages: 272 Registered: June 2002
Karma: 1
|
Senior Member |
|
|
I keep receiving email messages from the forum regarding people who have attempted to register for accounts. The admin interface shows similar details to this:
Login: Lancer
E-mail: postmaster(at)blahblahpornsite(dot)com
Name: Lancer
Gender: Unspecified
IP Address: 0.0.0.0
So, I check the apache access logs and find this:
213.24.168.11 - - [21/Jun/2004:08:15:05 -0400] "POST /index.php?t=register HTTP/1.1" 200 401
213.24.168.11 - - [21/Jun/2004:08:15:33 -0400] "POST /index.php?t=register HTTP/1.1" 302 5
213.24.168.11 - - [21/Jun/2004:08:15:34 -0400] "GET /index.php?S=a47613fcf266fc74697dc821ee037bed HTTP/1.1" 200 13579
213.24.168.11 - - [21/Jun/2004:08:15:35 -0400] "GET /lib.js HTTP/1.1" 304 -
213.24.168.11 - - [21/Jun/2004:08:15:36 -0400] "GET /theme/default/forum.css HTTP/1.1" 304 -
213.24.168.11 - - [21/Jun/2004:08:16:12 -0400] "GET /index.php?t=emailconf&conf_key=3da4fc9af93e6a45b2ba8f86e0336008 HTTP/1.1" 302 5
213.24.168.11 - - [21/Jun/2004:08:16:13 -0400] "GET /index.php?t=index& HTTP/1.1" 200 13579
213.24.168.11 - - [21/Jun/2004:08:16:14 -0400] "GET /lib.js HTTP/1.1" 304 -
213.24.168.11 - - [21/Jun/2004:08:16:15 -0400] "GET /theme/default/forum.css HTTP/1.1" 304 -
I found one reference to these log entries in your search:
http://fudforum.org/forum/index.php?t=msg&goto=2553&
Is there an exploint in fud? Will I need to use mod rewrite to block this type of attack?
-Marticus
|
|
|
Re: Old bug revisited? [message #19010 is a reply to message #19009] |
Mon, 21 June 2004 18:45 |
Ilia
Messages: 13241 Registered: January 2002
Karma: 0
|
Senior Member Administrator Core Developer |
|
|
What is the problem? I see nothing wrong.
The IP of '0.0.0.0' is possible only in these cases:
1) There was no HTTP_X_FORWARDED_FOR ($_SERVER['HTTP_X_FORWARDED_FOR']) header with valid entries and $_SERVER['REMOTE_ADDR'] was empty too.
2) Your PHP does not create/populate $_SERVER superglobal.
FUDforum Core Developer
|
|
|
Goto Forum:
Current Time: Sun Nov 24 17:03:04 GMT 2024
Total time taken to generate the page: 0.03705 seconds