Discuz forum has an injection vulnerability.

The term "伪装IP地址" mentioned here does not refer to "fake IP address," but rather to hackers disguising their own IP addresses as special strings for the purpose of launching attacks.

Now let's consider PHP programs, such as forums or guestbooks. When a user posts an article, information like the username, article title, and article content all go through validity checks during processing. However, the user's IP address is often directly obtained using variables like $_SERVER['REMOTE_ADDR'] without any checks, which is something many people tend to do.