Problem With IP Logging In Invision Power Board?

2004-06-17T00:00:00
ID SECURITYVULNS:DOC:6356
Type securityvulns
Reporter Securityvulns
Modified 2004-06-17T00:00:00

Description

IPB like many other forum systems logs visitors IP's However I have noticed in the past that people who are surfing through some proxies have their internal (private) IP logged instead of their "real" IP Address. Here are a few screenshots I took of my LAN IP being logged instead of my internet IP.

http://images.gulftech.org/ipb_1.png http://images.gulftech.org/ipb_2.png

As far as I can tell it is using the X_FORWARDED_FOR IP, which might be a good thing as it could get the IP of a person using a non anonymous proxy or the like to cause some mischief, but it should definitely check for private IP's and if it finds one present go with the REMOTE_ADDR IP instead, or something different because IP's of private networks are pretty much useless to admins etc.

I have not taken time to look at the code responsible for this behavior, but I did contact Invision a while back and was basically told to purchase a license if I wanted technical support. hmmmmm, great response :P BTW, the particular IPB version I have experienced this behavior on is the latest 1.3 release.

Anyway, anyone else have this issue?

James B.