Obama site encourages IP address forgery from Donors
Obama Donor IP address fraud
DougRoss@journal.com, October 30,2008
Will the innovations never cease? Yesterday I described several, eh, unique capabilities pioneered by the Obama campaign in the area of campaign contributions.
Among them, failure to do even basic credit-card validation; accepting untraceable prepaid credit cards; and sharing donor lists with suspect groups like ACORN. Heck, Barack’s campaign wouldn’t even share those lists with Hillary!
Anyhow, an anonymous tipster mentioned that checking out the source code of the Obama donation website (https://donate.barackobama.com/page/contribute/ – not hyperlinked for obvious reasons) would reveal some interesting logic. Specifically that IP addresses of the donors can be easily spoofed through a hidden field in the form. The tipster’s guess was (and I concur) that the Obama campaign is recording the spoofable IP address… not the real IP address as delivered by the web server.
It’s web security 101, folks. Because IP addresses usually map back to a real client network (your ISP, your company, etc.), server logs record the actual source IP address of the request. They certainly don’t record anything that the client machine provides as the genuine address. (Continue Reading this Article)