On Wed, 23 Feb 2005 19:17:05 -0000, SED <sed@xxxxxx> wrote: > Is it possible for hackers to give a fake IP address when visiting a website > running PHP? > It might be difficult for a script-kiddy to spoof his IP address, but it isn't difficult for him to find an open proxy server, meaning that all traffic from said Kiddy will appear in the logs with the IP of the proxy. Or hey, perhaps one of the machines in your 'trusted' IP range will have been compromised, and could be used as a proxy. Also, don't rely on NAT'd RFC1918 addresses. Your web server won't see them (eg - your company uses the network 192.168.25.0/24, so you allow only that, but PHP only sees the external NAT'd address of the user). -- AdamT "Justify my text? I'm sorry, but it has no excuse." -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
