I get a lot of attacks using the X-Forwarded-For header, i.e.:
}__test|O:21:"JDatabaseDriverMysqli":3:{s:2:"fc";O:17:"JSimplepieFactory":0:{}s:21:"\0\0\0disconnectHandlers";a:1:{i:0;a:2:{i:0;O:9:"SimplePie":5:{s:8:"sanitize";O:20:"JDatabaseDriverMysql":0:{}s:8:"feed_url";s:56:"die(md5(DIRECTORY_SEPARATOR));JFactory::getConfig();exit";s:19:"cache_name_function";s:6:"assert";s:5:"cache";b:1;s:11:"cache_class";O:20:"JDatabaseDriverMysql":0:{}}i:1;s:4:"init";}}s:13:"\0\0\0connection";b:1;}�
This produces a 500 error in AttackBlocker.php on line 450:
gethostbyaddr(): Address is not a valid IPv4 or IPv6 address
Can we handle the error to avoid the 500? Also, could we add an option to firewall these attackers? Although, given the fake X-Forwarded-For we would have to use a different method of determining their IP.
I get a lot of attacks using the X-Forwarded-For header, i.e.:
}__test|O:21:"JDatabaseDriverMysqli":3:{s:2:"fc";O:17:"JSimplepieFactory":0:{}s:21:"\0\0\0disconnectHandlers";a:1:{i:0;a:2:{i:0;O:9:"SimplePie":5:{s:8:"sanitize";O:20:"JDatabaseDriverMysql":0:{}s:8:"feed_url";s:56:"die(md5(DIRECTORY_SEPARATOR));JFactory::getConfig();exit";s:19:"cache_name_function";s:6:"assert";s:5:"cache";b:1;s:11:"cache_class";O:20:"JDatabaseDriverMysql":0:{}}i:1;s:4:"init";}}s:13:"\0\0\0connection";b:1;}�This produces a 500 error in AttackBlocker.php on line 450:
gethostbyaddr(): Address is not a valid IPv4 or IPv6 addressCan we handle the error to avoid the 500? Also, could we add an option to firewall these attackers? Although, given the fake X-Forwarded-For we would have to use a different method of determining their IP.