Support

Admin Tools

#15350 IPv6 IP address not blocked?

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Friday, 08 March 2013 04:20 CST

Friday, 08 March 2013 02:18 CST

Spark

Joomla! version: 2.5.9
Admin Tools version: 2.5.2 Pro

Goodmorning Nicholas,

I had a hackattempt (AdminIP whitelist) from a IPv6 IP address (2a02:be8:2:d00:222:19ff:XXXX:XXXX). The auto IP block feature blocked however the IP address 0.0.0.0. Perhaps something to give a look at?

Cheers,
Jurian

Edit: last two dwords of the IP address replaced with XXXX

Edited by nicholas on 2013-03-08 04:20 CST

Friday, 08 March 2013 02:32 CST

nicholas

IPv6 is currently not supported. There are two missing ingredients:

  1. Detecting whether an IP is v4 or v6. This is tricky, given the very loose format of IPv6 addresses
  2. Parsing IPv6 addresses requires PHP to be compiled with IPv6 support (otherwise inet_ntop() and inet_pton() are not available). If we rely on inet_pton/_ntop and IPv6 isn't compiled in then IPv4 operations will also fail. Bummer. So we still have to overcome #1 in order to use ip2long with IPv4 and inet_* with IPv6.
  3. inet_pton does not accept shorthand addresses like ff05::1 or ::127.0.0.1
  4. inet_pton() does not recognize netmask notation which makes it useless for our purpose. We'd have to expand the IPv6 into a binary string and do slow, text-based, binary manipulation for each IP. Consider a blacklist with 200 addresses in IPv6 format, times 25msec each, on each page load.

So, my conclusion is that PHP must first provide solid IPv6 handling before I can add IPv6 support to Admin Tools.

PS: You may want to make this ticket public (after editing out the IPv6 address of the attacker). It's the best explanation I've written as to why IPv6 is not supported by Admin Tools ;)

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Friday, 08 March 2013 02:38 CST

Spark

Thanks for the detailed explanation Nicholas!

PS: You may want to make this ticket public (after editing out the IPv6 address of the attacker). It's the best explanation I've written as to why IPv6 is not supported by Admin Tools ;)

No problem, you can make it public after deleting the IP address (we're too kind to hackers, aren't we? ;).

Have a nice day,
Jurian

Friday, 08 March 2013 04:20 CST

nicholas

OK, made public :)

Nicholas K. Dionysopoulos

Lead Developer and Director

πŸ‡¬πŸ‡·Greek: native πŸ‡¬πŸ‡§English: excellent πŸ‡«πŸ‡·French: basic β€’ πŸ• My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!