Check for a fake IP not working correctly with IPv6

  • Resolved ike456

    (@ike456)


    9 years, 3 months ago

    The function _is_fake_ip generated some false positives. I did some fixes and it’s working now. Maybe it needs some further workarounds for old php versions to keep it working there.

    /**
	* Check for a fake IP
	*
	* @since   2.0
	* @change  2.6.2
	*
	* @param   string   $ip    Client IP
	* @param   string   $host  Client Host [optional]
	* @return  boolean         TRUE if fake IP
	*/

	private static function _is_fake_ip($client_ip, $client_host = false)
	{
		/* Remote Host */
		$host_by_ip = gethostbyaddr($client_ip);

		/* IPv6 special */
		if(self::_is_ipv6($client_ip)) {
			if(self::_is_ipv6($host_by_ip) && inet_pton($client_ip) === inet_pton($host_by_ip)) {
				// no domain
				return false;
			} else {
				// has domain
				$record = dns_get_record($host_by_ip,DNS_AAAA);
				if(empty($record) || empty($record[0]['ipv6'])) {
					// no reverse entry
					return true;
				} else {
					return inet_pton($client_ip) !== inet_pton($record[0]['ipv6']);
				}
			}
		}

		/* IPv4 / Comment */
		if ( empty($client_host) ) {

			$ip_by_host = gethostbyname($host_by_ip);

			if ( $ip_by_host === $host_by_ip ) {
				return false;
			}

		/* IPv4 / Trackback */
		} else {
			if ( $host_by_ip === $client_ip ) {
				return true;
			}

			$ip_by_host = gethostbyname($client_host);
		}

		if ( strpos( $client_ip, self::_cut_ip($ip_by_host) ) === false ) {
			return true;
		}

		return false;
	}

	/**
	* Check for an IPv4 address
	*
	* @since   2.4
	* @change  2.6.2
	*
	* @param   string   $ip  IP to validate
	* @return  integer       TRUE if IPv4
	*/

	private static function _is_ipv4($ip)
	{
		//return preg_match('/^\d{1,3}(\.\d{1,3}){3,3}$/', $ip);
		return filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4) !== false ;
	}

	/**
	* Check for an IPv6 address
	*
	* @since   2.6.2
	* @change  2.6.2
	*
	* @param   string   $ip  IP to validate
	* @return  boolean       TRUE if IPv6
	*/

	private static function _is_ipv6($ip)
	{
		//return ! self::_is_ipv4($ip);
		return filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) !== false ;
	}

    https://wordpress.org/plugins/antispam-bee/

Viewing 1 replies (of 1 total)
  • Anonymous User 7658014

    (@anonymized_7658014)

    9 years, 3 months ago

    Hi there, ike456,

    thanks for posting your solution. It might take a while, though, before the plugin author will be able to test and support IPv6 with AntiSpam Bee. It just isn’t available on a broader basis yet.

    Meanwhile, your solution certainly will provide great value to those looking to for a quick solution to immediately implement IPv6 support in the plugin. (Even though hacking plugin files directly usually isn’t recommended, of course.)

    Thanks again!

Viewing 1 replies (of 1 total)
  • The topic ‘Check for a fake IP not working correctly with IPv6’ is closed to new replies.

Tags