1

I track downloads from my website by adding a database entry for each download that contains the IP address and host of the downloading person.

I use this PHP code to retrieve the IP address 

isset($_SERVER["HTTP_X_FORWARDED_FOR"]) ? $_SERVER["HTTP_X_FORWARDED_FOR"] : $_SERVER["REMOTE_ADDR"]

and the host with the PHP function gethostbyaddr, passing the IP address.

This has been working perfectly fine for years, until something weird happened:

Today I saw two download entries for which both the IP address and host are 2a02:2028:1aa:2dc1:854e:9ccc:b423:7c93.

Domaintools says it's a "Malformed Domain or IP".

Could someone tell me what that thing is and why it's malformed?

I don't think it's a bot or something because my stuff can only be downloaded by real persons, so I'm really confused?!

A. D.
  • 728
  • 1
  • 9
  • 27
  • 2
    http://en.wikipedia.org/wiki/IPv6_address – Oliver Charlesworth Sep 26 '14 at 22:23
  • 2
    The `HTTP_X_FORWARDED_FOR` header can be manually changed, `REMOTE_ADDR` cannot. – Mandera Sep 26 '14 at 22:24
  • 1
    Using a proxy or TOR will change REMOTE_ADDR just fine. In this case @OliverCharlesworth is absolutely right. It's simply an IPv6 address and nothing to worrie about. – icecub Sep 26 '14 at 22:27
  • 1
    You cannot change `REMOTE_ADDR` to whatever you'd like to though? It's always an IP address, `HTTP_X_FORWARDED_FOR` can be changed to any string you'd like. – Mandera Sep 26 '14 at 22:29
  • It should contain an IP address yes. I'm sure there are exceptions to the rule (hacked PHP server), but normally it's safe to assume there's an IP address inside. Doesn't mean you can't change it though. – icecub Sep 26 '14 at 22:37

1 Answers1

1
  1. It's not malformed.
  2. It's an IPv6 address.
  3. It's probably someone tunnelling or proxying from their IPv6 network into the IPv4 internet.
  4. DomainTools doesn't seem to be IPv6 aware, or at least not the tool you used, but this one is.
Sammitch
  • 30,782
  • 7
  • 50
  • 77