检测伪造的IP地址?
如何检测通过 Web 表单接收的数据的 IP 地址是否来自欺骗性 IP 地址?
如果可以在 PHP 中进行检测,是否有一个库也会尝试查找真实的 IP 地址?
How do you detect if the IP address for data received via a web form has come from a spoofed IP address?
If detection is possible in PHP, is there a library that will also attempt to find the real IP address?
啊 - 你不能。不能有欺骗性的IP地址。
请注意,HTTP(Web 表单的基础)运行在 TCP 之上。
如果我在 TCP 过程中欺骗我的 IP 地址,我将永远无法建立 TCP 连接。如果没有建立 TCP 连接,我无法向您的服务器发送任何数据。
您这边的连接一直处于半开状态 - 顺便说一句,这是不久前拒绝服务攻击的攻击媒介之一(半开连接使服务器过载,因此无法建立真正的连接):
因此:为了完成表单数据提交,我需要打开TCP通道,为此我的IP数据包需要提供真实的IP地址。
您从哪里得知您提交的内容来自欺骗性 IP 地址?
Äh - you can not. There can not be a spoofed IP address.
See, HTTP (which is the b asis for web forms) runs on top of TCP.
If I spoofe my IP address in the TCP process, I will never manage to establish the TCP connection. WIthout an established TCP connection, I can not send any data to your server.
THe connection on your side keeps stuck in a half open state - which, btw., was one of the attack vectors some time ago for a denial of service attack (overloading servers with half open connections so real ones do not get established):
Ergo: In order to complete the form data submission, I need to open the TCP channel, for which my IP packets need to provide the real IP address.
Where did you get the idea that your submissions come from spoofed IP addresses?