Andrew Garrett wrote: > On 16/09/2009, at 4:48 PM, Aryeh Gregor wrote: > >> On Wed, Sep 16, 2009 at 11:29 AM, Anthony <[email protected]> wrote: >>> The only one I can think of that I know of directly would be the IP >>> spoofing >>> one where the attacker pretended to be a proxy and sent a false "IP >>> forwarded" or whatever. >> That shouldn't work if MediaWiki is configured with a correct list of >> trusted proxies. > > We were checking $_SERVER['X_FORWARDED_FOR'], which reads the X- > Forwarded-For header. Unfortunately, it could be overridden by sending > an X_Forwarded_For header. > > We resolved it by using the apache-specific header retrieval functions > instead of PHP's broken internal implementation.
The attack documentation: http://en.wikipedia.org/wiki/User:Brion_VIBBER/Cool_Cat_incident_report _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
