• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Tracing message board posts...

T

TheNiceGuy

Golden Member
I regularly use another message board, and one of the membes claimed to be able to find the IP adderss, home address, and name of any poster. :Q He then provided some of that information, and claimed he could get the rest in a few days. Is this true? How is it done?
 
erm well when you visit a website, your ip can be logged if set up to do so, and so either he is sending users to his own site with an ip logger, or using the forum's built in ip logs which will only be available to admin/mods so possibly he is one, or 'hacked' one of these accounts.
Getting personal info from an ip, well just do a whois look up
 
There is another method. An attacker could exploit a cross site scripting vulnerability to inject javascript code into a forum post - this code would then be executed by the browser of anyone viewing the post. It would likely include a request to a website owned by the attacker which would then record the origin IP address of the user in the normal way. The name and address could possibly be obtained by a whois search, or social engineering the ISP, plus much more information would be retrievable by compromising the user's PC and browsing through thier files. The compromise of a home PC would be a cakewalk for most people capable of discovering and exploiting XSS holes.
 
An attacker could exploit a cross site scripting vulnerability to inject javascript code into a forum post - this code would then be executed by the browser of anyone viewing the post.
Click to expand...

Sorry, you lost me on this bit. So basicaly anyone with the know-how can 'hide' something in a post (javascript code) that will allow him to get the IP of anyone opening (clicking on or viewing) that post?

He is not a mod or admin.
 
Originally posted by: TheNiceGuy
An attacker could exploit a cross site scripting vulnerability to inject javascript code into a forum post - this code would then be executed by the browser of anyone viewing the post.
Click to expand...

Sorry, you lost me on this bit. So basicaly anyone with the know-how can 'hide' something in a post (javascript code) that will allow him to get the IP of anyone opening (clicking on or viewing) that post?

He is not a mod or admin.
Click to expand...

Given that a vulnerability exists in the forum software, yes. These holes are quite common and are often released to the public, (search securityfocus.com for phpbb, a very popular system) but there are many which are kept within the research groups which discover them, or even kept by an individual for personal use. In short - if you _really_ know what you're doing you can perform this trick pretty much anywhere, but even if you don't, you can still do it at a known-vulnerable forum.

Got a link to this guy's posts? I'll tell you if he's using XSS.

Originally posted by: Thor86
It's called a database.
Click to expand...

It's called a database of what? Every user's IP address? Even if the forum kept such a thing you would still have to penetrate the forum servers - a much more daunting task than injecting a bit of js.



 
It doesn't look like he's using cross-site scripting...at least in his posts. He may be using it in a PM. However, it looks to me like what he's doing is PM'ing someone to click a link to some sort of external page. Could possibly be a map that dynamically loads a map based on the IP address of the person who requested it. Once you have someone's IP, you can get a reasonable geographic trace on their IP. The catch is, just because you have someone's IP doesn't mean you have them. I could be proxying through someplace in Japan, and be sitting in my living room in Texas. You'd see the IP of the proxy in Japan as the host IP who requested the web page.

He seems like your typical thug on the web who thinks he's the greatest because he knows how to use tracert and resolve IP's to hostnames. If your IP of 157.100.100.1 resolves to user-1001.tokyo.isp.co.jp then I know that the machine that made the request is in Tokyo, Japan. Ooooh wow. That's rocket science for ya.

This bozo also needs to be careful about those threats he's making. I believe there have been several court cases where people have made death threats or threats to cause bodily harm to someone online and it landed them in jail.
 
Originally posted by: TheNiceGuy
Did I scare you off?
😱
Click to expand...
Scare Off?

Disgust would be much better.:disgust:

A link to a forum that features a Guy that make himself (Avatar) looks like Hitler.:|

:sun:
 
Thanks for the help Boscoh. I think that guy works in IT somewhere. That board is not well moderated, but it's the best info source I can find.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top