Plugin Author
AITpro
(@aitpro)
Where are you seeing 0.0.0.0? is it your ip address, REMOTE_ADDR, Host Name, HTTP_X_FORWARDED_FOR or the website|server ip address? Post a Security Log entry so I can see it. Most likely it is going to be a routing mistake|problem.
http://en.wikipedia.org/wiki/Default_route
The default route in Internet Protocol Version 4 (IPv4) is designated as the zero-address 0.0.0.0/0 in CIDR notation,[1] often called the quad-zero route. The subnet mask is given as /0, which effectively specifies all networks, and is the shortest match possible. A route lookup that does not match any other route, falls back to this route. Similarly, in IPv6, the default route is specified by ::/0.
The ip address 0.0.0.0 does not show up in the BPS security log. It shows up in the Redirection plugin’s log of 404 errors. This address is apparently trying to access pages or other files on my site.
Again, I posted this here out of curiosity to get feedback from others as to whether it *might* pose a security issue, as I’d read 0.0.0.0 was (or could be) a spoofed address. And, if someone if spoofing an ip address (just as entries on caller ID can be spoofed), I figured they were up to no good.
Thanks!
Plugin Author
AITpro
(@aitpro)
The first thing you want to check is – does the “Redirection” plugin use|create the 0.0.0.0 IP address when it cannot get an IP address. So ask that plugin author if that is what is happening. From a security standpoint I do not see how a routing 0.0.0.0 IP address could be used to hack anything, but I will look around.
I have posted a question on Redirection’s support forum asking why I’m seeing 0.0.0.0. I’ll let you know the answer.
Thanks!
Plugin Author
AITpro
(@aitpro)
Here is some additional info about the 0.0.0.0 non-routable meta-address used to designate an invalid, unknown or non applicable target.
http://en.wikipedia.org/wiki/0.0.0.0
The only thing is that you’re not saying “all addresses should have access” — that’s done in your firewall(s) and/or the server software and/or other security layers like tcpwrappers.
0.0.0.0, in this context, means “all IP addresses on the local machine” (in fact probably, “all IPv4 addresses on the local machine”). So, if your webserver machine has two ip addresses, 192.168.1.1 and 10.1.2.1, and you allow a webserver daemon like apache to listen on 0.0.0.0, it will be reachable at both of those IPs. But only to what can contact those IPs and the web port(s).
Note that, in a different context (routing) 0.0.0.0 usually means the default route (the route to “the rest of” the internet, aside from routes in your local network etc.).
Summary|Conclusion: If someone did spoof the IP address to 0.0.0.0 if that is even possible since 0.0.0.0 is publicly|externally non-routable then it would only serve to hide their ip address and could not be used for anything malicious externally or internally.
Plugin Author
AITpro
(@aitpro)
I downloaded the Redirection plugin and looked at the code. In theory, this could be the cause of IP addresses being logged as 0.0.0.0. If the ip2long and long2ip php functions cannot get the correct IP address then 0.0.0.0 will be outputted.
static function create( $url, $agent, $ip, $referrer ) {
global $wpdb, $redirection;
$insert = array(
'url' => urldecode( $url ),
'created' => current_time( 'mysql' ),
'ip' => ip2long( $ip ),
);
if ( !empty( $agent ) )
$insert['agent'] = $agent;
if ( !empty( $referrer ) )
$insert['referrer'] = $referrer;
$wpdb->insert( $wpdb->prefix.'redirection_404', $insert );
}
while ( $exported < $total_items ) {
$rows = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM {$wpdb->prefix}redirection_404 LIMIT %d,%d", $exported, 100 ) );
$exported += count( $rows );
foreach ( $rows AS $row ) {
$csv = array(
$row->created,
$row->url,
long2ip( $row->ip ),
$row->referrer,
);
fputcsv( $stdout, $csv );
}
if ( count( $rows ) < 100 )
break;
}
Confirms that the theory is possible:
http://stackoverflow.com/questions/16788425/non-complete-ip-addresses-and-ip2long
Plugin Author
AITpro
(@aitpro)
Non-BPS Plugin issue/problem:
Thread Start Date: 4-26-2015 to 4-27-2015
Thread Resolved/Current Date: 4-28-2015
Comments: Issue/problem has to do with the Redirection plugin. A thread has been posted in the Redirection plugin support forum regarding this issue/problem.