I regularly use another message board, and one of the membes claimed to be able to find the IP adderss, home address, and name of any poster. :Q He then provided some of that information, and claimed he could get the rest in a few days. Is this true? How is it done?
Tracing message board posts...
- Thread starter TheNiceGuy
- Start date
Appledrop
Platinum Member
- Aug 25, 2004
- 2,340
- 0
- 0
erm well when you visit a website, your ip can be logged if set up to do so, and so either he is sending users to his own site with an ip logger, or using the forum's built in ip logs which will only be available to admin/mods so possibly he is one, or 'hacked' one of these accounts.
Getting personal info from an ip, well just do a whois look up
Getting personal info from an ip, well just do a whois look up
There is another method. An attacker could exploit a cross site scripting vulnerability to inject javascript code into a forum post - this code would then be executed by the browser of anyone viewing the post. It would likely include a request to a website owned by the attacker which would then record the origin IP address of the user in the normal way. The name and address could possibly be obtained by a whois search, or social engineering the ISP, plus much more information would be retrievable by compromising the user's PC and browsing through thier files. The compromise of a home PC would be a cakewalk for most people capable of discovering and exploiting XSS holes.
Sorry, you lost me on this bit. So basicaly anyone with the know-how can 'hide' something in a post (javascript code) that will allow him to get the IP of anyone opening (clicking on or viewing) that post?
He is not a mod or admin.
Given that a vulnerability exists in the forum software, yes. These holes are quite common and are often released to the public, (search securityfocus.com for phpbb, a very popular system) but there are many which are kept within the research groups which discover them, or even kept by an individual for personal use. In short - if you _really_ know what you're doing you can perform this trick pretty much anywhere, but even if you don't, you can still do it at a known-vulnerable forum.
Got a link to this guy's posts? I'll tell you if he's using XSS.
It's called a database of what? Every user's IP address? Even if the forum kept such a thing you would still have to penetrate the forum servers - a much more daunting task than injecting a bit of js.
Atheus- Thanks for the offer! Here's the link (don't be put off by the content, there's a lot of work related stuff for me at that site as well):
http://www.bigdaikon.org/board/viewtopi...1281&postdays=0&postorder=asc&start=30
The poster "King Louis" is making the claims.
http://www.bigdaikon.org/board/viewtopi...1281&postdays=0&postorder=asc&start=30
The poster "King Louis" is making the claims.
It doesn't look like he's using cross-site scripting...at least in his posts. He may be using it in a PM. However, it looks to me like what he's doing is PM'ing someone to click a link to some sort of external page. Could possibly be a map that dynamically loads a map based on the IP address of the person who requested it. Once you have someone's IP, you can get a reasonable geographic trace on their IP. The catch is, just because you have someone's IP doesn't mean you have them. I could be proxying through someplace in Japan, and be sitting in my living room in Texas. You'd see the IP of the proxy in Japan as the host IP who requested the web page.
He seems like your typical thug on the web who thinks he's the greatest because he knows how to use tracert and resolve IP's to hostnames. If your IP of 157.100.100.1 resolves to user-1001.tokyo.isp.co.jp then I know that the machine that made the request is in Tokyo, Japan. Ooooh wow. That's rocket science for ya.
This bozo also needs to be careful about those threats he's making. I believe there have been several court cases where people have made death threats or threats to cause bodily harm to someone online and it landed them in jail.
He seems like your typical thug on the web who thinks he's the greatest because he knows how to use tracert and resolve IP's to hostnames. If your IP of 157.100.100.1 resolves to user-1001.tokyo.isp.co.jp then I know that the machine that made the request is in Tokyo, Japan. Ooooh wow. That's rocket science for ya.
This bozo also needs to be careful about those threats he's making. I believe there have been several court cases where people have made death threats or threats to cause bodily harm to someone online and it landed them in jail.
Thanks for the help Boscoh. I think that guy works in IT somewhere. That board is not well moderated, but it's the best info source I can find.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 23K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter