Different types of ret strings when using gethostbyaddr() and REMOTE_ADDR

General PHP Help
#1

per the title you guys, can someone explain to me why PHP returns so many different variants when throwing out visitor info using this piece of code?

$ip = gethostbyaddr($_SERVER['REMOTE_ADDR']);

here are some examples I have seen recently:

planetlab24.gino-research.net.in.tum.de
10.32.64.124
49.129.197.35.bc.googleusercontent.com
abts-north-dynamic-142.110.68.182.airtelbroadband.in
173-20-152-84.client.mchsi.com

now, obviously i can understand the google one, and a few others. but, given the info and insight on these pages: https://www.php.net/manual/en/function.gethostbyaddr.php , and https://www.php.net/reserved.variables.server , why are the returns so different for different people? why does PHP see all different kinds of things? is the cause the way the user’s server is configured? some identifying info OF the server? and what about reserved IPs? like the “10.xx…” one I listed above? I’ve seen hundreds from that pool, and other blocks of reserved ones, and they have never had alpha-chars included in their captures. it’s always only the IP numbers. there a reason for that? really, all I’m looking for is why I see what I see. anyone help? furthermore, does anyone know if other server-side languages like c#, python, ruby or any js frameworks return different results than PHP ever would? thanks.

#2

As they’re decided on by humans, host names are not always meaningful or consistent. It depends on the configuration of the remote server (the "host); the configuration of the different layers of network your request travels through; and even the configuration of your local machine in some cases.

  • The remote server (the “host”) can simply decide it’s now called something else.
  • Your local network can direct IPs to different hosts.
  • Your local machine can be configured to look at different IPs when asked for a certin host, and vice versa.

What are you trying to do with your result?

#3

i’m trying to get ANYTHING meaningful as to who these people are that are hitting it. most are irrelevant, I know that. that goes for all sites. every country, school, government, big tech firm and even business people buying cheap crap are running bots all over the world to spy, try to get rich quick and anything else that is not legitimate. that’s good old USA’s influence for ya! it never stops. i see it all day long. so, point being: I want the best way to get reports of who hits my pages. if PHP is the best, fine. automation is so pointless now anyway, that I rarely communicate without a phone anymore. the bird has flown. big data to me means nothing. but then again, my customers are not typical corporate ones. that’s probably why it means nothing to me. here’s an example of a cPanel report of 2-day traffic, inside of a hosting company’s backend panel. as you can see, most hits are irrelevant, come from anywhere, are trying to get stuff that doesn’t mean ANYTHING to a human, and many others. so many 404 server errors! that’s why i’m thinking this effort is pointless, and it’s back to basics of human vs. human. what do ya think? who looks at a robots file!? all the wordpress hits too? those files weren’t even on the server at that time! LOL.

1
13520×1080 467 KB

#4

You’ve got absolutely no chance. The only thing you can do is log the IPs that hit your site to see frequent offenders, and maybe add rate limiting to control how often a single IP can make requests. This will increase your support burden though, as you’ll inevitably rate limit a legitimate user by accident; I’d only look into this if the unknown requests are actually causing you a problem.

#5

you missed the point, skawid. i’m not looking to thwart the useless people. I’m looking to get as much details about the people who want to look at the content! make sense? I have a next door neighbor that tells me constantly about his 40 year career in IT. he once told me that he spent countless hours blocking french IP addresses because hackers underground in Paris run rampant, even worse than in NYC and LA here in the US! I know it’s waste of time. I talk to many who know a lot more than me, and/or, prossibly don’t even care anymore because there is so much crap out there that can’t be stopped thanks to america =(. my neighbor, @astonecipher, @ErnieAlex and many others here that know what they’re doing. but let us not forget about those that hate me. they’re around too! =(

#6

Well, I did a little research on the GetHost functions for you. There are really three of them. Here is what I found and it uses SlashDot and Microsoft as an example: (Note using the L will get you an array of all of the IP’s used by Microsoft. So, you have to display it differently in your display page.)

Host and IP resolution

string gethostbyaddr ( string ip_address )

string gethostbyname ( string hostname )

string gethostbynamel ( string hostname )

There are three functions designed to specifically resolve web host information, and these are gethostbyaddr() , gethostbyname() and gethostbynamel() (that is a lower-case L, by the way). All three take one parameter, and the first two complement each other perfectly - gethostbyname() returns the IP address of a server you specify, and gethostbyaddr() returns the domain name of an IP address you specify. Here is an example of their usage:

<?php
    $sdip = gethostbyname("slashdot.org");
    $sddomain = gethostbyaddr($sdip);
    print "IP: $sdip\n";
    print "Domain: $sddomain\n";
?>

That should output the following:

IP: 66.35.250.150

Domain: slashdot.org

By default, gethostbyname() returns the first value IP address for a host, but it is possible that one host has several. This is particularly common for large websites such as microsoft.com, where the site load is typically distributed across seven or eight web servers. If you want more detailed information about all the IP addresses backing a site, use gethostbynamel() , like this:

<?php
    $msips = gethostbynamel("www.microsoft.com");
    var_dump($msips);
?>

That should output something like this:

array(8) { [0]=> string(14) "207.46.156.252" [1]=> string(14) "207.46.144.222" [2]=> string(14) "207.46.250.252" [3]=> string(14) "207.46.245.156" [4]=> string(14) "207.46.144.188" [5]=> string(14) "207.46.134.221" [6]=> string(14) "207.46.244.188" [7]=> string(14) "207.46.249.252" }

#7

hey hey! wonderful. good man, ernie. dearly appreciate your wisdom. that’s why I’m here. =) need clarify for something though. how can I prevent just like this from happening, and get the inner strings out of it that make sense, and what you have just educated me on? (sample hit on a page of mine…)

92.118.160.5.netsystemsresearch.com

can I get the right and left out of that by using what you just talked about? am I getting the consolidation of the 2 that I can’t use because this is my code?

$ip = gethostbyaddr($_SERVER['REMOTE_ADDR']);

kind of sounds like a stupid question that’s already been answered. but, worth asking to nail it in a brain. thanks! =)

#8

Well, Adam, the $_SERVER[‘REMOTE_ADDR’] function does NOT always get the correct IP address.
This has to do with local networks, multiple routers and proxy servers. I used to have a routine which
would attempt to get the correct IP out of the list. And, then, you would add in the code I just showed
to pull out the details. I have it on another system somewhere. I will track it down later today for you
and create a test script to explain it. But, might take me awhile to locate it. Check back in a few hours…

#9

no need. but if you want to for another reason, go for it. do any of these faults have to do with the fact that the people at ZEND are never perfect? they created PHP, right?

by the way, can you tell me why Spotify has played a Honda advertisement to me on EVERY single ad break, 56 times in a row now? LOL. I have never liked hondas and have never owned one! Geez…California business people. I SWEAR. =) obviously the code out there makes no sense at this point! funny thing is though, I found a way to skip all the ads. don’t tell.

#10

Zend is a “Platform” company, nothing to do with creating PHP at all.

Spotify and ALL other apps use Google Ads mostly or Facebook Ads to know what you like. If you looked at a Honda advert or page recently, then, that is locked into your personal data somewhere and it is used to feed you ads that you , meaning YOU, might like. Hee! I looked at a nice dress the other day and now I keep getting dress ads on my feeds. I’m an old man, but, just happened to see a dress with a nice girl in it and wanted to see the full picture. Sorry I did that! Ha!

#11

Actually, I found one routine that is mostly the same as the one on my other machine. Basically, it checks for shared servers which do not give the user’s IP correctly as it gives just the shared server IP. But, this version checks for that and works well. You would need to add in the other code I posted before and combine it so it shows the IP and domain name if needed. And, if you want to see all of the possible servers such as microsoft’s 12 servers, you can add in the"L" version above.

I think this might help you…

function getIPAddress() {  
	//whether ip is from the share internet  
 	if(!emptyempty($_SERVER['HTTP_CLIENT_IP'])) {  
        	$ip = $_SERVER['HTTP_CLIENT_IP'];  
    	} elseif (!emptyempty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
          //whether ip is from the proxy
  		$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];  
 	} else {
  	//whether ip is from the remote address
  	$ip = $_SERVER['REMOTE_ADDR'];  
 	}
 	return $ip;

}
$ip = getIPAddress();
echo 'User Real IP Address - '.$ip;

It is set up as a function, but, just alter it as you need…

#12

i know you’re old. that’s EXACTLY why I keep asking you things. I have countless friends who are senior citizens, for the specific reason that they aren’t young, controlled by software, ignorant, bored with life because corporations have dup’ed them into america’s stupidity of “now now now”, and many other things. I actually asked a friend in Singapore if they wanted another citizen. LOL. a conn of mine of linkedIn. he’s a wonderful philanthopist, intelligent man and says Singapore doesn’t brainwash people with news and deceit. may be true, may not be. I would say probably true.

anyway, you’re wrong about the ads. yes, the source is right, but I have NEVER looked at a honda ad. EVER. there’s a reason why the repetitive bombardment is coming to me. and it obviously is dumb and makes no sense. but then again, who are spotify listeners? where did it start? CA. what’s out in CA? few tech elitists that take advantage of uninformed consumers that are controlled by corporate software and don’t even know it. is that not true? well of course it is! like my friend working for Honeywell in Tokyo once said: they love to click buttons. right there tells ya that ANYONE can get rich by marketing to the masses. maybe I should? well, I guess I have more respect for intelligence than that. and I also don’t need millions. don’t care.

by the way, you aren’t the first old guy I’ve heard of that “wanted to peek” at the “full image” when seeing something come through his eye that included a model in a dress. =)

#13

by the way, cypher told me about Zend a long time ago. I think he said they maintain PHP?

#14

noted. I’ll get back to you on your offering. tx

Sponsor our Newsletter | Privacy Policy | Terms of Service