Your browser does not seem to support CSS. If images appear below, please disregard them.
It appears that you're running an Ad-Blocker. This site is monetized by Advertising and by User Donations; we ask that if you find this site helpful that you whitelist us in your Ad-Blocker, or make a Donation to help aid in operating costs.
Previous Thread
Next Thread
Print Thread
Rate This Thread
#8486 - 02/12/06 02:50 AM A self-imposed Test  
Joined: Feb 2006
Posts: 5
snuffy Offline
Junior Member
snuffy  Offline
Junior Member

Joined: Feb 2006
Posts: 5
New York
Okay, so I found this forum in which people had posted anonymously about me and my friends. A lot of it was very flattering and some of it was not. However one person was so flattering (wink) that I want to try and find out who they actually are.

Now, I've issued myself a personal challenge. I recently have become interested in hacking/programming, but I know nothing about it. I've read the newbie forums, esp secions like "How to be a Hacker" and the like. However, I feel that my technical knowledge is limited. I don't want to learn these skills to hurt or disrupt peoples lives, but just to stretch my own abilities and see what I can do.

So, based on my understanding, even if the post is made anonymously, the server keeps a record of the IP address the user writes from. So does that mean there is a theoretical link to the physical location of the user? Or the identity of the user? If the user is at a public computer, or on a LAN like a school library, then how can I figure out who it is? A keylogger and then cross-reference the time and the keys?

Basically, I want to teach myself about TCP/IP, the logistics and concepts of hacking, and maybe a language like VB, Perl, or C++ (eventually).

Please Help a Newb

Sponsored Links
#8487 - 02/12/06 08:17 AM Re: A self-imposed Test  
Joined: Feb 2002
Posts: 7,195
Gremelin Online shocked
Community Owner
Gremelin  Online Shocked

Community Owner

Joined: Feb 2002
Posts: 7,195
Likes: 3
Portland, OR; USA
Well, I'll skip though all the "I want to learn to..." randomness...

99% of web applications which allow you to do ANYTHING will log your IP address, for tracking or abuse tracking. This is stored with your post, with your user account, and sometimes in a "full access" file which has every visitor of the site in it.

IP's are purchased in "blocks" of IP's by your ISP, these "blocks" can be traced to that isp; most IPS's then allocate these blocks to differant areas, which most also assign a host name.

Now, an example, say 127.0.0.1 (genaric ip for your loopback to your pc) dns' as "localhost" (or for our explanation here, "localhost.com"); localhost.com as the domain can be traced to a registrant who owns the domain, thus pinpointing the address of the institution (if a school); if there is no domain in the reversal you can still track by the owner of the ip address.

Additionally some isp's give a more "pinpointed" hostname for most users, for example i could have: 127-0-0-1.or.comcast.net showing i'm using comcast.net as an ISP, in their Oregon market, with the IP "127.0.0.1".

Some schools assign hostnames to track users in dorms, skull has "skull.hisschool.tld" for his dns (not sure if they gave it to him or if he requested it, but whatever).

On to programming, if you decide to go the route of computer programming, go C++,, it's what i'd recommend.

If you'd like to go Web Programming go with PHP/MySQL/XHTML/CSS, do it well, you make some green.


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
#8488 - 02/12/06 08:42 AM Re: A self-imposed Test  
Joined: Feb 2006
Posts: 5
snuffy Offline
Junior Member
snuffy  Offline
Junior Member

Joined: Feb 2006
Posts: 5
New York
Okay, so I feel as though I understood most of that, but how does one practically DO it? What do I actually DO to make that happen?

#8489 - 02/12/06 09:44 AM Re: A self-imposed Test  
Joined: Feb 2002
Posts: 7,195
Gremelin Online shocked
Community Owner
Gremelin  Online Shocked

Community Owner

Joined: Feb 2002
Posts: 7,195
Likes: 3
Portland, OR; USA
well, you get an IP address... Any user has an IP... Any domain is on an ip...

You then go to a service which looks up IP addresses, SilentRage has one of these available at:
http://whois.dollardns.net/ip.pl

My example:
http://whois.dollardns.net/ip.pl?query=www.undergroundnews.com

shows that our domain us using the ip 65.19.133.39, which belongs to Hurricane Electric (ISP) in California...


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
#8490 - 02/16/06 01:05 AM Re: A self-imposed Test  
Joined: Feb 2006
Posts: 5
snuffy Offline
Junior Member
snuffy  Offline
Junior Member

Joined: Feb 2006
Posts: 5
New York
okay, so I've experimented with querying the IP of various hosts, and I think I understand. But how would I find the IP of the user who posts on a site? For example, I might look up
http://whois.dollardns.net/ip.pl?query=www.undergroundnews.com

I would get the IP, the hosting information and what not, but how would I find the IP address of a specific poster, for example, you (please don't take that as an actual threat of some kind). And more importantly how do I get to that point if the user is anonymous?

Sponsored Links
#8491 - 02/16/06 02:00 AM Re: A self-imposed Test  
Joined: Feb 2002
Posts: 7,195
Gremelin Online shocked
Community Owner
Gremelin  Online Shocked

Community Owner

Joined: Feb 2002
Posts: 7,195
Likes: 3
Portland, OR; USA
You wouldn't, the forum software which stores the IP stores it for privacy, only the admin and staff have access to addresses; no site should allow public viewing of user ip addresses for as little as privacy concerns.


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
#8492 - 02/20/06 03:26 PM Re: A self-imposed Test  
Joined: Feb 2006
Posts: 5
snuffy Offline
Junior Member
snuffy  Offline
Junior Member

Joined: Feb 2006
Posts: 5
New York
so you're saying that there is no legal way that someone could find the user IP on the site?

#8493 - 02/21/06 09:26 AM Re: A self-imposed Test  
Joined: Feb 2002
Posts: 7,195
Gremelin Online shocked
Community Owner
Gremelin  Online Shocked

Community Owner

Joined: Feb 2002
Posts: 7,195
Likes: 3
Portland, OR; USA
Legality isn't the issue with "SEEING" it, it's mainly FEATURE wise that it'd be near impossible..

It is bad business practice to allow the public display of user ip addresses as it would allow anyone to preform a DDoS on someones IP address (or any other array of things, including attempting to "hack" a user, or threatening to do so as well).

I know of no web forum which archives IP's which allow a public display of the IP in their stock code; well, the UBB DOES have the option, but i know of not one admin who utilises it.

Additionally, it's bad business practice to display ip's as users are not interested in having their information displayed for public use, that can be traced back to them, and only them.


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
#8494 - 03/13/06 02:05 PM Re: A self-imposed Test  
Joined: Feb 2006
Posts: 5
snuffy Offline
Junior Member
snuffy  Offline
Junior Member

Joined: Feb 2006
Posts: 5
New York
So the host server would store the IP locally and include it in HTML code available only to the admin? Obviously the host needs to have access to that information in order to ban that user if the need were to arise right?
So if you were to gain admin access to that server you could view it?
By the way, thank you for being so patient/informative


Member Spotlight
Gremelin
Gremelin
Portland, OR; USA
Posts: 7,195
Joined: February 2002
Show All Member Profiles 
Forum Statistics
Forums45
Topics46,824
Posts81,994
Average Daily Posts10
Members2,159
Most Online1,567
Apr 25th, 2010
Latest Postings
Top Posters(All Time)
UGN Security 39,988
Gremelin 7,195
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Top Liked Users (All Time)
§intå× Likes: 1
Cold Sunn Likes: 1
Crime Likes: 1
Cyrez Likes: 1
Ghost Likes: 1
Gremelin Likes: 4
Ice Likes: 1
unreal Likes: 1
Top Liked Users (30 Days)
No Data Found
Powered by UBB.threads™ PHP Forum Software 7.6.0
(Snapshot build 20160902)