WordPress.org

Support

Support » Plugins and Hacks » Getting a private ip adresses reported from an 'external' user.

Getting a private ip adresses reported from an 'external' user.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author WPReady

    @wpready

    Hi Dwight66,

    If you have a regular wordpress installation, you’ll find some information querying the database:

    select * from wp_statcomm where ip like ‘%10.21.26%’.

    It is also possible to trigger some action when this IP is detected. More of this later.

    Hi WPReady,

    Thank you for your reply. My WP installation came out of the Synology package center. I presume it is a more or less regular installation. I’ll look into the tables tonight (GMT+1)
    I just don’t understand why these private addresses are showing up while I’m using a C-class private address on my internal home network.
    Somehow somebody manages to show up with this weird address. This triggers me to investigate if this might be a bug or there is something else going on. I’ll let you know what I’ve found in the bare table.

    Plugin Author WPReady

    @wpready

    There is an article explaining how to expand Statcomm to trigger some actions under many circumstances.

    Please see the following link
    http://wpgetready.com/2012/05/expanding-statcomm-statcomm_info-action/

    Best Regards

    Hi WPReady,

    Thank you for the link to the information about the statcomm_info structure.
    I checked the wp_statcomm table. As expected the records with an IP-field value of 10.21.26.* were there. That is why they appear in the statistics. I’m curious why these private addresses are appearing at all. As far as I know these kind of IP-addresses are non-routable and therefor hardly can come from outside my private network. I was looking for information that might explain how StatComm interprets the connection data of an external user/connection. I can’t explain where these weird private IP-addresses are comming from. They just show up in the StatComm statistics. In other words, is this an interpretation of StatComm or in the worst case: Am I hacked?

    Plugin Author WPReady

    @wpready

    Hi Dwight66,
    I’ve been researching about the subject. I think the problem could come because a the ip detection is weakly implemented.
    In this situation the IP could be forged to make us think the IP comes from somewhere.

    I’m working to improve and fix this problem. If you are curious about it There is some examples on http://www.thespanner.co.uk/2007/12/02/faking-the-unexpected/

    Best Regards

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Getting a private ip adresses reported from an 'external' user.’ is closed to new replies.