in reply to
Resolve addresses in web access logs
Maybe I'm wrong about this, but it looks like you don't
verify the name returned by gethostbyaddr. You probably
don't need to if it's just for web statistics, but if
you, like me, are in the habit of looking back over old
code to remember how to do something, it might be a good
idea to put that in or at least put in a comment about
it, in case you need a more certain resolution for the ip
in the future.
There's a discussion of this in Perl Cookbook,
section 17.7 ('Identifying the Other End of a Socket').
It basically says that because a name lookup goes to the
name owner's DNS server, there's the possibility that the
machine could give false information. Using gethostbyname
and comparing the answer to find the original ip checks
that. It also mentions that it's still not 100% secure.
I wish I'd checked the code catacombs yesterday before I
wrote my own version of this for exactly the same purpose.
Bleh. Bad Kudra.