Is it possible to spoof an IP in the change log?

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Is it possible to spoof an IP in the change log?

reason-6
(sorry if you received this message twice--I accidentally sent it to the foundation list)

Hello,

A couple of users on my wiki have been arguing, and it appears that one
of them has resorted to vandalizing the other person's Wikipedia page.
This suspected vandal always accesses my wiki from the same IP, and that
IP was associated with sexual comments that were added to the other
user's Wikipedia page.

I'd just like to know if this is good evidence of misconduct, of if a
savvy user could spoof someone else's IP address and frame them for
misconduct.

Thanks,
AdamRetchless

_______________________________________________
MediaWiki-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: Is it possible to spoof an IP in the change log?

Todd Pederzani
On 6/17/06, reason <[hidden email]> wrote:
>
> I'd just like to know if this is good evidence of misconduct, of if a
> savvy user could spoof someone else's IP address and frame them for
> misconduct.


Depending on what MediaWiki version you're running, your recentchanges table
may have an rc_ip field, containing the IP even in the case of authenticated
users.

Some else more qualified can say whether the User:IP on the history page can
be toyed with.


--
Todd Pederzani
[hidden email]
_______________________________________________
MediaWiki-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: Is it possible to spoof an IP in the change log?

Adrian Overbury
That page may not be able to be faked, but the IP itself, from the
user's end of things, can be spoofed, but only if that IP is associated
with a proxy server, because otherwise the connection data required for
posting something on a page wouldn't be able to get back to the
originating user, so the edit couldn't happen.  As it stands, I think
you could take it as fairly good evidence that this user has been doing
naughty things.

Adrian

Todd Pederzani wrote:

> On 6/17/06, reason <[hidden email]> wrote:
>> I'd just like to know if this is good evidence of misconduct, of if a
>> savvy user could spoof someone else's IP address and frame them for
>> misconduct.
>
>
> Depending on what MediaWiki version you're running, your recentchanges table
> may have an rc_ip field, containing the IP even in the case of authenticated
> users.
>
> Some else more qualified can say whether the User:IP on the history page can
> be toyed with.
>
>
_______________________________________________
MediaWiki-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
Reply | Threaded
Open this post in threaded view
|

Re: Is it possible to spoof an IP in the change log?

Rick DeNatale
On 6/18/06, Adrian Overbury <[hidden email]> wrote:
> That page may not be able to be faked, but the IP itself, from the
> user's end of things, can be spoofed, but only if that IP is associated
> with a proxy server, because otherwise the connection data required for
> posting something on a page wouldn't be able to get back to the
> originating user, so the edit couldn't happen.  As it stands, I think
> you could take it as fairly good evidence that this user has been doing
> naughty things.

These days, when the use of Network Address Translation (NAT) routers
is so prevalent, the IP address only pins things down to an externally
visible network router, not to a particular machine or user.


--
Rick DeNatale

IPMS/USA Region 12 Coordinator
http://ipmsr12.denhaven2.com/

Visit the Project Mercury Wiki Site
http://www.mercuryspacecraft.com/
_______________________________________________
MediaWiki-l mailing list
[hidden email]
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l