Just recommending to fix some things here… and just to be honest; No server admin in the world wants that User are able to expose their hidden IP addresses, but the weblist won’t avoid it.
Just like said… quite some work.
The address can be hidden into the client protocol and weblist aswell, since it’s just able to hide it in some ways. Maybe not a total solution, but a way to make it stronger.
