diff --git a/api.php b/api.php
index d0b519a..545d20b 100755
--- a/api.php
+++ b/api.php
@@ -72,6 +72,8 @@ OR OTHER DEALINGS IN THE SOFTWARE.
 require_once("include/init.inc.php");
 error_reporting(0);
 $ip=$_SERVER['REMOTE_ADDR'];
+$ip=filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE);
+
 if($_config['public_api']==false&&!in_array($ip,$_config['allowed_hosts'])){
     api_err("private-api");
 }
diff --git a/mine.php b/mine.php
index d9ba799..641657f 100755
--- a/mine.php
+++ b/mine.php
@@ -30,6 +30,8 @@ set_time_limit(360);
 $q=$_GET['q'];
 
 $ip=$_SERVER['REMOTE_ADDR'];
+$ip=filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE);
+
 // in case of testnet, all IPs are accepted for mining
 if($_config['testnet']==false&&!in_array($ip,$_config['allowed_hosts'])) api_err("unauthorized");