WordPress.org

Ready to get started?Download WordPress

Forums

StatComm (StatPress Community) Multisite Edition
Getting a private ip adresses reported from an 'external' user. (6 posts)

  1. Dwight66
    Member
    Posted 1 year ago #

    Everey now and the StatComm reports in the last hits a user with the ip-address 10.21.26.*. I don't use this private networkrange in my local network. I would like to know where StatComm gets this IP-information from so I can take measures when neccesary.

    With kind regards

    dwight

    http://wordpress.org/extend/plugins/statpress-community-formerly-statcomm/

  2. WPReady
    Member
    Plugin Author

    Posted 1 year ago #

    Hi Dwight66,

    If you have a regular wordpress installation, you'll find some information querying the database:

    select * from wp_statcomm where ip like '%10.21.26%'.

    It is also possible to trigger some action when this IP is detected. More of this later.

  3. Dwight66
    Member
    Posted 1 year ago #

    Hi WPReady,

    Thank you for your reply. My WP installation came out of the Synology package center. I presume it is a more or less regular installation. I'll look into the tables tonight (GMT+1)
    I just don't understand why these private addresses are showing up while I'm using a C-class private address on my internal home network.
    Somehow somebody manages to show up with this weird address. This triggers me to investigate if this might be a bug or there is something else going on. I'll let you know what I've found in the bare table.

  4. WPReady
    Member
    Plugin Author

    Posted 1 year ago #

    There is an article explaining how to expand Statcomm to trigger some actions under many circumstances.

    Please see the following link
    http://wpgetready.com/2012/05/expanding-statcomm-statcomm_info-action/

    Best Regards

  5. Dwight66
    Member
    Posted 1 year ago #

    Hi WPReady,

    Thank you for the link to the information about the statcomm_info structure.
    I checked the wp_statcomm table. As expected the records with an IP-field value of 10.21.26.* were there. That is why they appear in the statistics. I'm curious why these private addresses are appearing at all. As far as I know these kind of IP-addresses are non-routable and therefor hardly can come from outside my private network. I was looking for information that might explain how StatComm interprets the connection data of an external user/connection. I can't explain where these weird private IP-addresses are comming from. They just show up in the StatComm statistics. In other words, is this an interpretation of StatComm or in the worst case: Am I hacked?

  6. WPReady
    Member
    Plugin Author

    Posted 1 year ago #

    Hi Dwight66,
    I've been researching about the subject. I think the problem could come because a the ip detection is weakly implemented.
    In this situation the IP could be forged to make us think the IP comes from somewhere.

    I'm working to improve and fix this problem. If you are curious about it There is some examples on http://www.thespanner.co.uk/2007/12/02/faking-the-unexpected/

    Best Regards

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags

No tags yet.