Your browser does not seem to support CSS. If images appear below, please disregard them.
Topic Options
Rate This Topic
#8486 - 02/12/06 02:50 AM A self-imposed Test
Joined: Feb 2006
Posts: 5
snuffy Offline
Junior Member
snuffy Offline
Junior Member

Joined: Feb 2006
Posts: 5
New York
Okay, so I found this forum in which people had posted anonymously about me and my friends. A lot of it was very flattering and some of it was not. However one person was so flattering (wink) that I want to try and find out who they actually are.

Now, I've issued myself a personal challenge. I recently have become interested in hacking/programming, but I know nothing about it. I've read the newbie forums, esp secions like "How to be a Hacker" and the like. However, I feel that my technical knowledge is limited. I don't want to learn these skills to hurt or disrupt peoples lives, but just to stretch my own abilities and see what I can do.

So, based on my understanding, even if the post is made anonymously, the server keeps a record of the IP address the user writes from. So does that mean there is a theoretical link to the physical location of the user? Or the identity of the user? If the user is at a public computer, or on a LAN like a school library, then how can I figure out who it is? A keylogger and then cross-reference the time and the keys?

Basically, I want to teach myself about TCP/IP, the logistics and concepts of hacking, and maybe a language like VB, Perl, or C++ (eventually).

Please Help a Newb

Top
Sponsored Links
#8487 - 02/12/06 08:17 AM Re: A self-imposed Test
Joined: Feb 2002
Posts: 7,195
Gremelin Offline
Community Owner
Gremelin Offline

Community Owner

Joined: Feb 2002
Posts: 7,195
Portland, OR; USA
Well, I'll skip though all the "I want to learn to..." randomness...

99% of web applications which allow you to do ANYTHING will log your IP address, for tracking or abuse tracking. This is stored with your post, with your user account, and sometimes in a "full access" file which has every visitor of the site in it.

IP's are purchased in "blocks" of IP's by your ISP, these "blocks" can be traced to that isp; most IPS's then allocate these blocks to differant areas, which most also assign a host name.

Now, an example, say 127.0.0.1 (genaric ip for your loopback to your pc) dns' as "localhost" (or for our explanation here, "localhost.com"); localhost.com as the domain can be traced to a registrant who owns the domain, thus pinpointing the address of the institution (if a school); if there is no domain in the reversal you can still track by the owner of the ip address.

Additionally some isp's give a more "pinpointed" hostname for most users, for example i could have: 127-0-0-1.or.comcast.net showing i'm using comcast.net as an ISP, in their Oregon market, with the IP "127.0.0.1".

Some schools assign hostnames to track users in dorms, skull has "skull.hisschool.tld" for his dns (not sure if they gave it to him or if he requested it, but whatever).

On to programming, if you decide to go the route of computer programming, go C++,, it's what i'd recommend.

If you'd like to go Web Programming go with PHP/MySQL/XHTML/CSS, do it well, you make some green.


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
Top
#8488 - 02/12/06 08:42 AM Re: A self-imposed Test
Joined: Feb 2006
Posts: 5
snuffy Offline
Junior Member
snuffy Offline
Junior Member

Joined: Feb 2006
Posts: 5
New York
Okay, so I feel as though I understood most of that, but how does one practically DO it? What do I actually DO to make that happen?

Top
#8489 - 02/12/06 09:44 AM Re: A self-imposed Test
Joined: Feb 2002
Posts: 7,195
Gremelin Offline
Community Owner
Gremelin Offline

Community Owner

Joined: Feb 2002
Posts: 7,195
Portland, OR; USA
well, you get an IP address... Any user has an IP... Any domain is on an ip...

You then go to a service which looks up IP addresses, SilentRage has one of these available at:
http://whois.dollardns.net/ip.pl

My example:
http://whois.dollardns.net/ip.pl?query=www.undergroundnews.com

shows that our domain us using the ip 65.19.133.39, which belongs to Hurricane Electric (ISP) in California...


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
Top
#8490 - 02/16/06 01:05 AM Re: A self-imposed Test
Joined: Feb 2006
Posts: 5
snuffy Offline
Junior Member
snuffy Offline
Junior Member

Joined: Feb 2006
Posts: 5
New York
okay, so I've experimented with querying the IP of various hosts, and I think I understand. But how would I find the IP of the user who posts on a site? For example, I might look up
http://whois.dollardns.net/ip.pl?query=www.undergroundnews.com

I would get the IP, the hosting information and what not, but how would I find the IP address of a specific poster, for example, you (please don't take that as an actual threat of some kind). And more importantly how do I get to that point if the user is anonymous?

Top
#8491 - 02/16/06 02:00 AM Re: A self-imposed Test
Joined: Feb 2002
Posts: 7,195
Gremelin Offline
Community Owner
Gremelin Offline

Community Owner

Joined: Feb 2002
Posts: 7,195
Portland, OR; USA
You wouldn't, the forum software which stores the IP stores it for privacy, only the admin and staff have access to addresses; no site should allow public viewing of user ip addresses for as little as privacy concerns.


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
Top
#8492 - 02/20/06 03:26 PM Re: A self-imposed Test
Joined: Feb 2006
Posts: 5
snuffy Offline
Junior Member
snuffy Offline
Junior Member

Joined: Feb 2006
Posts: 5
New York
so you're saying that there is no legal way that someone could find the user IP on the site?

Top
#8493 - 02/21/06 09:26 AM Re: A self-imposed Test
Joined: Feb 2002
Posts: 7,195
Gremelin Offline
Community Owner
Gremelin Offline

Community Owner

Joined: Feb 2002
Posts: 7,195
Portland, OR; USA
Legality isn't the issue with "SEEING" it, it's mainly FEATURE wise that it'd be near impossible..

It is bad business practice to allow the public display of user ip addresses as it would allow anyone to preform a DDoS on someones IP address (or any other array of things, including attempting to "hack" a user, or threatening to do so as well).

I know of no web forum which archives IP's which allow a public display of the IP in their stock code; well, the UBB DOES have the option, but i know of not one admin who utilises it.

Additionally, it's bad business practice to display ip's as users are not interested in having their information displayed for public use, that can be traced back to them, and only them.


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner
Top
#8494 - 03/13/06 02:05 PM Re: A self-imposed Test
Joined: Feb 2006
Posts: 5
snuffy Offline
Junior Member
snuffy Offline
Junior Member

Joined: Feb 2006
Posts: 5
New York
So the host server would store the IP locally and include it in HTML code available only to the admin? Obviously the host needs to have access to that information in order to ban that user if the need were to arise right?
So if you were to gain admin access to that server you could view it?
By the way, thank you for being so patient/informative

Top

Member Spotlight
Crime

Crime
SC, usa
Posts: 506
Joined: March 2002
Show All Member Profiles 
Sponsored Links
Forum Statistics
Forums46
Topics46,477
Posts81,647
Members2,157
Most Online1,567
Apr 25th, 2010
Latest Postings
Top Posters(All Time)
UGN Security 39,641
Gremelin 7,195
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860