| Author |
 Topic  |
|
Nanaki
Starting Member
4 Posts |
 Posted - 06 December 2001 : 20:29:03
|
Do you want to know your user's ISP? A general idea of where they (actually) live? The user's IP address can tell you all of this, but unfortunately most don't know how to go about it. Those that do consider it a pain because you have to go to a site, and manually type in the address.
This very simple mod will tell you this without leaving your snitz forum. When installed, you can view the information described above with a single click (no typing in IPs). This can be useful if your spammer uses several different computers, or keeps on registering with a different IP address. Through different mods, you can use this tool to ban the geographical location that your spammer is from.
Here it is. You only need to edit one file, and only need to paste one line.
############
OPEN TOPIC.ASP
############
Around line 650 you should see the following:
---
<P align=center><b>User's IP address:</b><br>
<% =ip %></P>
###
Paste this code on the line below (make sure not to erase any existing code)
---
<FORM METHOD="POST" ACTION="http://www.arin.net/cgi-bin/whois.pl">
<INPUT TYPE="hidden" NAME="queryinput" SIZE="20" Value=<%=ip%>> <INPUT TYPE="submit" VALUE="REVERSE IP LOOKUP">
###
Save the file and upload it to your server.
USING THE MOD:
- simply click the "view IP address" button next to anyone's post (must be logged in as admin)
- click the "REVERSE IP LOOKUP" button, and viola!
|
|
|
dayve
Forum Moderator
USA
5820 Posts |
Posted - 06 December 2001 : 21:07:14
|
this relies on your PERL program running on someone else's server and we do not know what else the source code is doing so I would not recommend anyone using this because it truly is a security risk!!
____________
dayve
http://forum.nineinchnailz.com |
 |
|
|
dayve
Forum Moderator
USA
5820 Posts |
|
|
Nanaki
Starting Member
4 Posts |
Posted - 06 December 2001 : 21:18:08
|
If you know of a whois server that is "safe", I'd be happy to change my code to work with it. But yeah, and its only a security risk to the member who had the IP really...and if they're spammers then who cares?
|
|
|
|
dayve
Forum Moderator
USA
5820 Posts |
Posted - 06 December 2001 : 21:42:49
|
I think my biggest concern is that you are referring everyone to code they have no control over and is not part of the ASP model that snitz uses. If your server goes down or you discontinue the domain name the mod will not work. Open Source should never have to rely on a module that you never have control over. Although your input is probably appreciated by some around here, it is not a module that I believe is of standard use nor value in an ASP/VBScript community. However, that is just my personal opinion.
____________
dayve
http://forum.nineinchnailz.com |
|
|
|
RichardKinser
Snitz Forums Admin
USA
16655 Posts |
|
|
dayve
Forum Moderator
USA
5820 Posts |
Posted - 07 December 2001 : 00:20:51
|
quote:
dayve, do you know who http://www.arin.net is?
yes I do but I'd rather see a whois lookup using ASP without the use of a component that can integrate with Snitz. The comment I made was only to note that people should be leary of pointing to code that exists on other servers for stability and security reasons. I did not want to attempt to condemn anyone's initiative nor hard work... Hope I did not come across that way, I'm just anal about not being able to see source code. Sorry...
____________
dayve
http://forum.nineinchnailz.com |
|
|
|
Nathan
Help Moderator
USA
7664 Posts |
Posted - 07 December 2001 : 00:37:07
|
Well, you can never trust a server that is not your own. What is there this week may have moved by next month.
Nathan Bales - Romans 15:13
-------------------------------
Test Site | Mod Resource |
|
|
|
bjlt
Senior Member
1144 Posts |
Posted - 07 December 2001 : 04:16:27
|
the wohis info is stored in those NIC dbs, we are limited to rely on their services anyway.
Talking about using their componet, well, is whois a standard service, I mean, you can use the same query on every whois server, without using their component? I'm not familiar with this but I think whois is just like or similar to ping/dns/time/finger/quote/trace etc or ICMP. same query can be used in any whois server. I wonder if there is a standard for the whois service for this.
well, got this:
The database is the so called WHOIS database and it has one distinct property: it provides us with a query interface via TCP port 43!
I use an old windows program named netlab 1.4. (the official site for the samll program has moved or gone) it listed whois servers:
whois.ripe.net
whois.arin.net
rs.internic.net
whois.apnic.net
nic.ddn.mil
years has passed only the millitary nic changed.
however, you can manually add new url for a whois server, I tried several domain name registrars's whois server, all worked.
whois.register.com
whois.itsyourdomain.com
whois.alldomains.com
whois.enom.com
whois.registrars.com
......
I think it just send the query to the tcp port for whois. it should work as long as there is such a whois server.
here's a link on how to do it in .net.
http://www.aspheute.com/english/20000825.asp
but how to do it with asp?
Edited by - bjlt on 07 December 2001 04:31:33
Edited by - bjlt on 07 December 2001 04:35:28
Edited by - bjlt on 07 December 2001 04:39:01 |
|
|
|
bjlt
Senior Member
1144 Posts |
Posted - 07 December 2001 : 04:48:07
|
interesting.
here's the code in php
<?
function whois_request($server, $query) {
$data = "";
$fp = fsockopen($server, 43);
if($fp) {
fputs($fp, $query."rn");
while(!feof($fp)) {
$data .= fread($fp, 1000);
}
fclose($fp);
}
return $data;
}
?>
<FORM>
<INPUT TYPE=HIDDEN NAME=action VALUE=query>
Server: <INPUT TYPE=TEXT NAME=server VALUE="<?echo $server?>"> <SMALL>(ie: whois.networksolutions.com)</SMALL><BR>
Domain: <INPUT TYPE=TEXT NAME=query VALUE="<?echo $query?>"> <SMALL>(ie: wackowoh.com)</SMALL><BR>
<INPUT TYPE=SUBMIT VALUE=" OK ">
</FORM>
<?
if($action == "query") {
$data = whois_request($server, $query);
echo "Sent $query to $server.<p>";
echo "Output: <p><pre>$data</pre><p>";
}
i know nothing about php or .net and just a little about asp.
did a little more search on this. if you want to use port43 on this, you need to use winsock. unlike php/jsp, asp does not have build in winsock support.
you need a component for this
Edited by - bjlt on 07 December 2001 04:54:40
Edited by - bjlt on 07 December 2001 04:57:10 |
|
|
|
SimonT
Junior Member
United Kingdom
202 Posts |
Posted - 09 December 2001 : 09:36:03
|
I am lucky my host runs perl as well as ASP so i could download any given mumner of perl based whois scripts and run it on my site.
But I have no problem with running a script on a differnt site (of cause I have to make a judge if I think it is a site i can trust)
I picked http://www.ripe.net/ as this is geared more towards Europe than the US and as most of my hits come from Europe. I wanted a whois lookup for that part for the world because I found that arin.net is for the US and when it gives info about ip address in the Europe it does not give out as much info as ripe does so here is the code for ripe.
<FORM METHOD="GET" ACTION="http://www.ripe.net/perl/whois">
<INPUT TYPE="hidden" NAME="query" SIZE="20" Value=-a+<%=ip%>> <INPUT TYPE="submit" VALUE="REVERSE IP LOOKUP">
The reason why i think this is better than the first post is that I was able to use the -a flag that will search all 3 of RIP datdabases so it does not mater where in the world the ip address is
Dayve points
ok the script could moved
Impact on my website, well I am the only admin so it would only effect me and not all the other members so I am not to bothered a site like the ripe are not likely to be moving the script round alot as they know that would cause problems. I have seen that when they last moved the page the query string was still passed to the new page.
Security.
Mmm I have seen other security risks with other mods that are for more serious than this. also if you can trust some one like ripe who can you trust :-)
|
|
|
|
bjlt
Senior Member
1144 Posts |
Posted - 09 December 2001 : 09:49:53
|
quote:
Security.
Mmm I have seen other security risks with other mods that are for more serious than this. also if you can trust some one like ripe who can you trust :-)
eh? would you like to tell us what those more serious security risks are?
thanks.
|
|
|
|
SimonT
Junior Member
United Kingdom
202 Posts |
Posted - 09 December 2001 : 11:45:55
|
well the last one was the private message that had a bug in that allowed any one to read each others messages, allowing flash files to be used in posts, viewing of sorce code, to name a few now all of these if not setup correctly could lead to security holes that I belive are bigger holes than running my code above.
|
|
|
|
dayve
Forum Moderator
USA
5820 Posts |
Posted - 09 December 2001 : 14:42:29
|
I've witnessed the Private Message risk, but no one
has proven to me yet that Flash could do anything
harmful to me. If there is some resources to how
Flash can be a security risk, please do point me
to a link because I am quite interested.
I have decided to use a DYNU.com component since
I am hosting my own forum and can install the necessary
dll's to open ports for information to whois and other
great utilities.
Is there any concerns I should have with http://www.dynu.com ?
____________
dayve@burningsouls.com
 |
|
|
|
SimonT
Junior Member
United Kingdom
202 Posts |
Posted - 10 December 2001 : 06:59:18
|
Ok would you mind if I tried some thing on your site eg a flash hack dayve ?
Ps so you are not happy to run a script on some one else site becuase you are not sure what else the source code could hide but you are happy to use a dll where you can not see the sorce code (ok I am taking it a bit far just playing Devils advocate) ps you can buy the sorce codeso thats good but.
Was it napster and real media that conducted surveys/stats of users who used there applications with out informing the users. Then there is spywear... |
|
|
|
Grunthor
Starting Member
USA
27 Posts |
Posted - 10 December 2001 : 09:23:16
|
This may be a stupid question. But is there a way to make the results of the whois search come back in a larger window?
Grunthor
|
|
|
|
Topic |
|
Topic Locked
