function get_ip($as_integer = false) { $ip = $_SERVER['REMOTE_ADDR']; if (CONFIG_TRUST_HTTP_X_FORWARDED_FOR_IP && isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { // in almost all cases, there will only be one IP in this header if (is_valid_ip($_SERVER['HTTP_X_FORWARDED_FOR'], true)) { $ip = $_SERVER['HTTP_X_FORWARDED_FOR']; } else { $forwarded_for_list = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']); foreach ($forwarded_for_list as $forwarded_for) { $forwarded_for = trim($forwarded_for); if (is_valid_ip($forwarded_for, true)) { $ip = $forwarded_for; break; } } } } if ($as_integer) { return inet_aton($ip); } else { return $ip; } }
function check_input($data) { global $request_settings; global $errormessage; prepare_ip($data); if (!isset($request_settings['ip_address']) or !is_valid_ip($request_settings['ip_address'])) { $errormessage = 'Invalid IP Address'; return false; } if (!isset($data['s']) or empty($data['s']) or !validate_md5($data['s'])) { $errormessage = 'No valid Integration Placement ID supplied. (Variable "s")'; return false; } $request_settings['placement_hash'] = $data['s']; prepare_ua($data); if (!isset($request_settings['user_agent']) or empty($request_settings['user_agent'])) { $errormessage = 'No User Agent supplied. (Variable "u")'; return false; } return true; }
function is_valid_ip_filter($ip) { global $global_allow_all_ftp; if ($global_allow_all_ftp) { return true; } if (!is_valid_ip($ip)) { return false; } $ip_values = preg_split("/[.]/", $ip); for ($i = 0; $i < 4; $i++) { $ip_values[$i] = intval($ip_values[$i]); } if ($ip_values[0] == 10) { return false; } if ($ip_values[0] == 172 && $ip_values[1] >= 16 && $ip_values[1] <= 31) { return false; } return true; }
/** * Attempt to get the IP address of the current user * * @param integer The number of groups to include in the IP address (rest will be replaced with *'s). For IP6, this is doubled. * @set 1 2 3 4 * @return IP The users IP address (blank: could not find a valid one) */ function get_ip_address($amount = 4) { // return strval(mt_rand(0,255)).'.'.strval(mt_rand(0,255)).'.'.strval(mt_rand(0,255)).'.'.strval(mt_rand(0,255)); // Nice little test for if sessions break $fw = ocp_srv('HTTP_X_FORWARDED_FOR'); if (ocp_srv('HTTP_CLIENT_IP') != '') { $fw = ocp_srv('HTTP_CLIENT_IP'); } if ($fw != '' && $fw != '127.0.0.1' && substr($fw, 0, 8) != '192.168.' && substr($fw, 0, 3) != '10.' && is_valid_ip($fw) && $fw != ocp_srv('SERVER_ADDR')) { $ip = $fw; } else { $ip = ocp_srv('REMOTE_ADDR'); } // Bizarro-filter (found "in the wild") $pos = strpos($ip, ','); if ($pos !== false) { $ip = substr($ip, 0, $pos); } $ip = preg_replace('#%14$#', '', $ip); if (!is_valid_ip($ip)) { return ''; } if (strpos($ip, '.') === false) { if (substr_count($ip, ':') < 7) { $ip = str_replace('::', str_repeat(':', 7 - substr_count($ip, ':') + 2), $ip); } $parts = explode(':', $ip); for ($i = 0; $i < $amount * 2; $i++) { $parts[$i] = isset($parts[$i]) ? str_pad($parts[$i], 4, '0', STR_PAD_LEFT) : '0000'; } for ($i = $amount * 2; $i < 8; $i++) { $parts[$i] = '*'; } return implode(':', $parts); } else { $parts = explode('.', $ip); for ($i = 0; $i < $amount; $i++) { if (!array_key_exists($i, $parts)) { $parts[$i] = '0'; } } for ($i = $amount; $i < 4; $i++) { $parts[$i] = '*'; } return implode('.', $parts); } }
<?php require '../../include/mellivora.inc.php'; enforce_authentication(CONST_USER_CLASS_MODERATOR); head('IP log'); menu_management(); $where = array(); if (is_valid_ip(array_get($_GET, 'ip'))) { section_head('Teams using IP ' . $_GET['ip']); $where['ip'] = ip2long($_GET['ip']); } else { if (is_valid_id(array_get($_GET, 'user_id'))) { section_head('IP log for user'); $where['user_id'] = $_GET['user_id']; } else { message_error('Must supply either IP or user ID'); } } echo ' <table id="files" class="table table-striped table-hover"> <thead> <tr> <th>Team name</th> <th>Hostname</th> <th>First used</th> <th>Last used</th> <th>Times used</th> </tr> </thead> <tbody> ';
/** * Validate IPv4 Address (Check if it is a public IP). * * @param string $ip IP address * * @return bool */ function is_public_ip($ip) { if (!is_valid_ip($ip)) { return false; } return (bool) filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE); }
/** * Log a hackattack, then displays an error message. It also attempts to send an e-mail to the staff alerting them of the hackattack. * * @param ID_TEXT The reason for the hack attack. This has to be a language string codename * @param SHORT_TEXT A parameter for the hack attack language string (this should be based on a unique ID, preferably) * @param SHORT_TEXT A more illustrative parameter, which may be anything (e.g. a title) */ function _log_hack_attack_and_exit($reason, $reason_param_a = '', $reason_param_b = '') { if (function_exists('set_time_limit')) { @set_time_limit(4); } global $EXTRA_HEAD; if (!isset($EXTRA_HEAD)) { $EXTRA_HEAD = new ocp_tempcode(); } $EXTRA_HEAD->attach('<meta name="robots" content="noindex" />'); // XHTMLXHTML $GLOBALS['HTTP_STATUS_CODE'] = '403'; if (!headers_sent()) { if (!browser_matches('ie') && strpos(ocp_srv('SERVER_SOFTWARE'), 'IIS') === false) { header('HTTP/1.0 403 Forbidden'); } // Stop spiders ever storing the URL that caused this } if (!addon_installed('securitylogging')) { warn_exit(do_lang_tempcode('HACK_ATTACK_USER')); } $ip = get_ip_address(); $ip2 = ocp_srv('REMOTE_ADDR'); if (!is_valid_ip($ip2)) { $ip2 = ''; } if ($ip2 == $ip || $ip2 == '' || ocp_srv('SERVER_ADDR') == $ip2) { $ip2 = NULL; } if (function_exists('get_member')) { $id = get_member(); $username = $GLOBALS['FORUM_DRIVER']->get_username($id); if (is_null($username)) { $username = do_lang('UNKNOWN'); } } else { $id = db_get_first_id(); $username = function_exists('do_lang') ? do_lang('UNKNOWN') : 'Unknown'; } $url = ocp_srv('PHP_SELF') . '?' . ocp_srv('QUERY_STRING'); $post = ''; foreach ($_POST as $key => $val) { if (!is_string($val)) { continue; } $post .= $key . ' => ' . $val . "\n\n"; } $count = $GLOBALS['SITE_DB']->query_value('hackattack', 'COUNT(*)', array('ip' => $ip)); $alt_ip = false; if (!is_null($ip2)) { $count2 = $GLOBALS['SITE_DB']->query_value('hackattack', 'COUNT(*)', array('ip' => $ip2)); if ($count2 > $count) { $count = $count2; $alt_ip = true; } } $hack_threshold = 5; if (array_key_exists('FORUM_DRIVER', $GLOBALS) && function_exists('get_member') && $GLOBALS['FORUM_DRIVER']->is_super_admin(get_member())) { $count = 0; } $new_row = array('user_agent' => substr(get_browser_string(), 0, 255), 'referer' => substr(ocp_srv('HTTP_REFERER'), 0, 255), 'user_os' => substr(get_os_string(), 0, 255), 'reason' => $reason, 'reason_param_a' => substr($reason_param_a, 0, 255), 'reason_param_b' => substr($reason_param_b, 0, 255), 'url' => substr($url, 0, 255), 'data_post' => $post, 'the_user' => $id, 'date_and_time' => time(), 'ip' => $ip); $ip_ban_todo = NULL; if ($count >= $hack_threshold && get_option('autoban') != '0') { // Test we're not banning a good bot $se_ip_lists = array('http://www.iplists.com.nyud.net/nw/google.txt', 'http://www.iplists.com.nyud.net/nw/msn.txt', 'http://www.iplists.com.nyud.net/infoseek.txt', 'http://www.iplists.com.nyud.net/nw/inktomi.txt', 'http://www.iplists.com.nyud.net/nw/lycos.txt', 'http://www.iplists.com.nyud.net/nw/askjeeves.txt', 'http://www.iplists.com.nyud.net/northernlight.txt', 'http://www.iplists.com.nyud.net/nw/altavista.txt', 'http://www.iplists.com.nyud.net/nw/misc.txt'); $ip_stack = array(); $ip_bits = explode(strpos($alt_ip ? $ip2 : $ip, '.') !== false ? '.' : ':', $alt_ip ? $ip2 : $ip); foreach ($ip_bits as $i => $ip_bit) { $buildup = ''; for ($j = 0; $j <= $i; $j++) { if ($buildup != '') { $buildup .= strpos($alt_ip ? $ip2 : $ip, '.') !== false ? '.' : ':'; } $buildup .= $ip_bits[$j]; } $ip_stack[] = $buildup; } $is_se = false; foreach ($se_ip_lists as $ip_list) { $ip_list_file = http_download_file($ip_list, NULL, false); if (is_string($ip_list_file)) { $ip_list_array = explode(chr(10), $ip_list_file); foreach ($ip_stack as $ip_s) { if (in_array($ip_s, $ip_list_array)) { $is_se = true; } } if ($is_se) { break; } } } $dns = @gethostbyaddr($alt_ip ? $ip2 : $ip); if (preg_match('#(\\s|,|^)gethostbyname(\\s|$|,)#i', @ini_get('disable_functions')) != 0 || @gethostbyname($dns) === ($alt_ip ? $ip2 : $ip)) { $se_domain_names = array('googlebot.com', 'google.com', 'msn.com', 'yahoo.com', 'ask.com', 'aol.com'); foreach ($se_domain_names as $domain_name) { if (substr($dns, -strlen($domain_name) - 1) == '.' . $domain_name) { $is_se = true; break; } } } if (!$is_se && ($alt_ip ? $ip2 : $ip) != '127.0.0.1') { $rows = $GLOBALS['SITE_DB']->query_select('hackattack', array('*'), array('ip' => $alt_ip ? $ip2 : $ip)); $rows[] = $new_row; $summary = ''; foreach ($rows as $row) { $full_reason = do_lang($row['reason'], $row['reason_param_a'], $row['reason_param_b'], NULL, get_site_default_lang()); $summary .= "\n" . ' - ' . $full_reason . ' [' . $row['url'] . ']'; } add_ip_ban($alt_ip ? $ip2 : $ip, $full_reason); $_ip_ban_url = build_url(array('page' => 'admin_ipban', 'type' => 'misc'), get_module_zone('admin_ipban'), NULL, false, false, true); $ip_ban_url = $_ip_ban_url->evaluate(); $ip_ban_todo = do_lang('AUTO_BAN_HACK_MESSAGE', $alt_ip ? $ip2 : $ip, integer_format($hack_threshold), array($summary, $ip_ban_url), get_site_default_lang()); } } $GLOBALS['SITE_DB']->query_insert('hackattack', $new_row); if (!is_null($ip2)) { $new_row['ip'] = $ip2; $GLOBALS['SITE_DB']->query_insert('hackattack', $new_row); } if (function_exists('do_lang')) { $reason_full = do_lang($reason, $reason_param_a, $reason_param_b, NULL, get_site_default_lang()); $_stack_trace = get_html_trace(); $stack_trace = str_replace('html', 'html', $_stack_trace->evaluate()); $time = get_timezoned_date(time(), true, true, true); $message = do_template('HACK_ATTEMPT_MAIL', array('_GUID' => '6253b3c42c5e6c70d20afa9d1f5b40bd', 'STACK_TRACE' => $stack_trace, 'USER_AGENT' => get_browser_string(), 'REFERER' => ocp_srv('HTTP_REFERER'), 'USER_OS' => get_os_string(), 'REASON' => $reason_full, 'IP' => $ip, 'ID' => strval($id), 'USERNAME' => $username, 'TIME_RAW' => strval(time()), 'TIME' => $time, 'URL' => $url, 'POST' => $post), get_site_default_lang()); require_code('notifications'); $subject = do_lang('HACK_ATTACK_SUBJECT', $ip, NULL, NULL, get_site_default_lang()); dispatch_notification('hack_attack', NULL, $subject, $message->evaluate(get_site_default_lang(), false), NULL, A_FROM_SYSTEM_PRIVILEGED); if (!is_null($ip_ban_todo)) { $subject = do_lang('AUTO_BAN_SUBJECT', $ip, NULL, NULL, get_site_default_lang()); dispatch_notification('auto_ban', NULL, $subject, $ip_ban_todo, NULL, A_FROM_SYSTEM_PRIVILEGED); } } if (preg_match('#^localhost[\\.\\:$]#', ocp_srv('HTTP_HOST')) != 0 && substr(get_base_url(), 0, 17) == 'http://localhost/') { fatal_exit(do_lang('HACK_ATTACK')); } warn_exit(do_lang_tempcode('HACK_ATTACK_USER')); }
protected function is_valid_ip($address) { if (defined('STRICT_TYPES') && CAMEL_CASE == '1') { return (bool) self::parameters(['address' => DT::STRING])->call(__FUNCTION__)->with($address)->returning(DT::BOOL); } else { return (bool) is_valid_ip($address); } }
function getIPAddress() { if ($this->ipAddress !== FALSE) { return $this->ipAddress; } if ($this->server('REMOTE_ADDR') and $this->server('HTTP_CLIENT_IP')) { $this->ipAddress = $_SERVER['HTTP_CLIENT_IP']; } elseif ($this->server('REMOTE_ADDR')) { $this->ipAddress = $_SERVER['REMOTE_ADDR']; } elseif ($this->server('HTTP_CLIENT_IP')) { $this->ipAddress = $_SERVER['HTTP_CLIENT_IP']; } elseif ($this->server('HTTP_X_FORWARDED_FOR')) { $this->ipAddress = $_SERVER['HTTP_X_FORWARDED_FOR']; } if ($this->ipAddress === FALSE) { $this->ipAddress = '0.0.0.0'; return $this->ipAddress; } if (strstr($this->ipAddress, ',')) { $x = explode(',', $this->ipAddress); $this->ipAddress = end($x); } if (!is_valid_ip($this->ipAddress)) { $this->ipAddress = '0.0.0.0'; } return $this->ipAddress; }