Re: [WEB SECURITY] IP address change: relogin

[clintwill@xxxxxxxxxxx]

Indeed.  (Original message deleted).

>  ...Most proxies will include a "X-Forwarded-For" header that contains the  
> IP address of the "real" requester...  <<

I've been "testing" an SQL personal information database exposed to the public, following complaints from some Users that they've been receiving bogus emails ("You must act now!") from parties claiming to be group members sharing privileged information.

The site's definitely penetrable, and I don't want to share responsibility for "securing" the site.

Once senders login to AOL, they can login to any number of other IP providers, to send from AOL proxies to wherever to wherever to their targets.

Unless one wants to "block" AOL regionally, whole territories, one won't block those legitimate, if annoying, senders.

"Real" requesters can also buy legitimate IP-hiding programs, to access a finite set of proxies.

"Security" can buy identical programs, then catalog, then "block," those, again legitimately sold, proxies.

I don't know but I've been told that real security-conscious websites don't "block," those sites "redirect" suspect queries to innocuous-looking directories, log the traffic, and from that estimate threat-level.

The site I'm inspecting could, at some expense, host a "honey-trap" directory such that any messages sent to that directory's fictional population (all would be routed to ADMIN) would be flagged as a penetration, not as a legitimate user's access.

Again, a great deal of time and money for what good cause?  Chat?

Clint Williams,
Oakland, Michigan USA.

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA