Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 Snitz Forums 2000 MOD-Group
 MOD Add-On Forum (W/Code)
 Reverse IP Lookup (very simple)
 New Topic  Topic Locked
 Printer Friendly
Next Page
Author Previous Topic Topic Next Topic
Page: of 2

Nanaki
Starting Member

4 Posts

Posted - 06 December 2001 :  20:29:03  Show Profile
Do you want to know your user's ISP? A general idea of where they (actually) live? The user's IP address can tell you all of this, but unfortunately most don't know how to go about it. Those that do consider it a pain because you have to go to a site, and manually type in the address.

This very simple mod will tell you this without leaving your snitz forum. When installed, you can view the information described above with a single click (no typing in IPs). This can be useful if your spammer uses several different computers, or keeps on registering with a different IP address. Through different mods, you can use this tool to ban the geographical location that your spammer is from.

Here it is. You only need to edit one file, and only need to paste one line.


############
OPEN TOPIC.ASP
############
Around line 650 you should see the following:
---
<P align=center><b>User's IP address:</b><br>
<% =ip %></P>
###
Paste this code on the line below (make sure not to erase any existing code)
---
<FORM METHOD="POST" ACTION="http://www.arin.net/cgi-bin/whois.pl">
<INPUT TYPE="hidden" NAME="queryinput" SIZE="20" Value=<%=ip%>> <INPUT TYPE="submit" VALUE="REVERSE IP LOOKUP">
###
Save the file and upload it to your server.


USING THE MOD:
- simply click the "view IP address" button next to anyone's post (must be logged in as admin)
- click the "REVERSE IP LOOKUP" button, and viola!


dayve
Forum Moderator

USA
5820 Posts

Posted - 06 December 2001 :  21:07:14  Show Profile  Visit dayve's Homepage
this relies on your PERL program running on someone else's server and we do not know what else the source code is doing so I would not recommend anyone using this because it truly is a security risk!!



____________
dayve
http://forum.nineinchnailz.com
Go to Top of Page

dayve
Forum Moderator

USA
5820 Posts

Posted - 06 December 2001 :  21:12:46  Show Profile  Visit dayve's Homepage
Again, I would not recommend having to rely on a program located on an unknown server, especially without being able to see the source code, but here is an example of what will be displayed:

http://www.arin.net/cgi-bin/whois.pl?queryinput=216.157.28.45

____________
dayve
http://forum.nineinchnailz.com
Go to Top of Page

Nanaki
Starting Member

4 Posts

Posted - 06 December 2001 :  21:18:08  Show Profile
If you know of a whois server that is "safe", I'd be happy to change my code to work with it. But yeah, and its only a security risk to the member who had the IP really...and if they're spammers then who cares?

Go to Top of Page

dayve
Forum Moderator

USA
5820 Posts

Posted - 06 December 2001 :  21:42:49  Show Profile  Visit dayve's Homepage
I think my biggest concern is that you are referring everyone to code they have no control over and is not part of the ASP model that snitz uses. If your server goes down or you discontinue the domain name the mod will not work. Open Source should never have to rely on a module that you never have control over. Although your input is probably appreciated by some around here, it is not a module that I believe is of standard use nor value in an ASP/VBScript community. However, that is just my personal opinion.

____________
dayve
http://forum.nineinchnailz.com
Go to Top of Page

RichardKinser
Snitz Forums Admin

USA
16655 Posts

Posted - 06 December 2001 :  21:45:13  Show Profile
dayve, do you know who http://www.arin.net is?
Go to Top of Page

dayve
Forum Moderator

USA
5820 Posts

Posted - 07 December 2001 :  00:20:51  Show Profile  Visit dayve's Homepage
quote:

dayve, do you know who http://www.arin.net is?



yes I do but I'd rather see a whois lookup using ASP without the use of a component that can integrate with Snitz. The comment I made was only to note that people should be leary of pointing to code that exists on other servers for stability and security reasons. I did not want to attempt to condemn anyone's initiative nor hard work... Hope I did not come across that way, I'm just anal about not being able to see source code. Sorry...

____________
dayve
http://forum.nineinchnailz.com
Go to Top of Page

Nathan
Help Moderator

USA
7664 Posts

Posted - 07 December 2001 :  00:37:07  Show Profile  Visit Nathan's Homepage
Well, you can never trust a server that is not your own. What is there this week may have moved by next month.

Nathan Bales - Romans 15:13
-------------------------------

    Test Site | Mod Resource
Go to Top of Page

bjlt
Senior Member

1144 Posts

Posted - 07 December 2001 :  04:16:27  Show Profile
the wohis info is stored in those NIC dbs, we are limited to rely on their services anyway.

Talking about using their componet, well, is whois a standard service, I mean, you can use the same query on every whois server, without using their component? I'm not familiar with this but I think whois is just like or similar to ping/dns/time/finger/quote/trace etc or ICMP. same query can be used in any whois server. I wonder if there is a standard for the whois service for this.

well, got this:
The database is the so called WHOIS database and it has one distinct property: it provides us with a query interface via TCP port 43!



I use an old windows program named netlab 1.4. (the official site for the samll program has moved or gone) it listed whois servers:

whois.ripe.net
whois.arin.net
rs.internic.net
whois.apnic.net
nic.ddn.mil

years has passed only the millitary nic changed.
however, you can manually add new url for a whois server, I tried several domain name registrars's whois server, all worked.
whois.register.com
whois.itsyourdomain.com
whois.alldomains.com
whois.enom.com
whois.registrars.com
......

I think it just send the query to the tcp port for whois. it should work as long as there is such a whois server.



here's a link on how to do it in .net.
http://www.aspheute.com/english/20000825.asp

but how to do it with asp?

Edited by - bjlt on 07 December 2001 04:31:33

Edited by - bjlt on 07 December 2001 04:35:28

Edited by - bjlt on 07 December 2001 04:39:01
Go to Top of Page

bjlt
Senior Member

1144 Posts

Posted - 07 December 2001 :  04:48:07  Show Profile
interesting.

here's the code in php


<?
function whois_request($server, $query) {
$data = "";
$fp = fsockopen($server, 43);
if($fp) {
fputs($fp, $query."rn");
while(!feof($fp)) {
$data .= fread($fp, 1000);
}
fclose($fp);
}
return $data;
}
?>
<FORM>
<INPUT TYPE=HIDDEN NAME=action VALUE=query>
Server: <INPUT TYPE=TEXT NAME=server VALUE="<?echo $server?>"> <SMALL>(ie: whois.networksolutions.com)</SMALL><BR>
Domain: <INPUT TYPE=TEXT NAME=query VALUE="<?echo $query?>"> <SMALL>(ie: wackowoh.com)</SMALL><BR>
<INPUT TYPE=SUBMIT VALUE=" OK ">
</FORM>
<?
if($action == "query") {
$data = whois_request($server, $query);
echo "Sent $query to $server.<p>";
echo "Output: <p><pre>$data</pre><p>";
}



i know nothing about php or .net and just a little about asp.

did a little more search on this. if you want to use port43 on this, you need to use winsock. unlike php/jsp, asp does not have build in winsock support.



you need a component for this

Edited by - bjlt on 07 December 2001 04:54:40

Edited by - bjlt on 07 December 2001 04:57:10
Go to Top of Page

SimonT
Junior Member

United Kingdom
202 Posts

Posted - 09 December 2001 :  09:36:03  Show Profile
I am lucky my host runs perl as well as ASP so i could download any given mumner of perl based whois scripts and run it on my site.
But I have no problem with running a script on a differnt site (of cause I have to make a judge if I think it is a site i can trust)

I picked http://www.ripe.net/ as this is geared more towards Europe than the US and as most of my hits come from Europe. I wanted a whois lookup for that part for the world because I found that arin.net is for the US and when it gives info about ip address in the Europe it does not give out as much info as ripe does so here is the code for ripe.

<FORM METHOD="GET" ACTION="http://www.ripe.net/perl/whois">
<INPUT TYPE="hidden" NAME="query" SIZE="20" Value=-a+<%=ip%>> <INPUT TYPE="submit" VALUE="REVERSE IP LOOKUP">



The reason why i think this is better than the first post is that I was able to use the -a flag that will search all 3 of RIP datdabases so it does not mater where in the world the ip address is

Dayve points

ok the script could moved
Impact on my website, well I am the only admin so it would only effect me and not all the other members so I am not to bothered a site like the ripe are not likely to be moving the script round alot as they know that would cause problems. I have seen that when they last moved the page the query string was still passed to the new page.

Security.
Mmm I have seen other security risks with other mods that are for more serious than this. also if you can trust some one like ripe who can you trust :-)
Go to Top of Page

bjlt
Senior Member

1144 Posts

Posted - 09 December 2001 :  09:49:53  Show Profile
quote:


Security.
Mmm I have seen other security risks with other mods that are for more serious than this. also if you can trust some one like ripe who can you trust :-)



eh? would you like to tell us what those more serious security risks are?

thanks.

Go to Top of Page

SimonT
Junior Member

United Kingdom
202 Posts

Posted - 09 December 2001 :  11:45:55  Show Profile
well the last one was the private message that had a bug in that allowed any one to read each others messages, allowing flash files to be used in posts, viewing of sorce code, to name a few now all of these if not setup correctly could lead to security holes that I belive are bigger holes than running my code above.

Go to Top of Page

dayve
Forum Moderator

USA
5820 Posts

Posted - 09 December 2001 :  14:42:29  Show Profile  Visit dayve's Homepage
I've witnessed the Private Message risk, but no one
has proven to me yet that Flash could do anything
harmful to me. If there is some resources to how
Flash can be a security risk, please do point me
to a link because I am quite interested.

I have decided to use a DYNU.com component since
I am hosting my own forum and can install the necessary
dll's to open ports for information to whois and other
great utilities.

Is there any concerns I should have with http://www.dynu.com ?

____________
dayve@burningsouls.com

Go to Top of Page

SimonT
Junior Member

United Kingdom
202 Posts

Posted - 10 December 2001 :  06:59:18  Show Profile
Ok would you mind if I tried some thing on your site eg a flash hack dayve ?

Ps so you are not happy to run a script on some one else site becuase you are not sure what else the source code could hide but you are happy to use a dll where you can not see the sorce code (ok I am taking it a bit far just playing Devils advocate) ps you can buy the sorce codeso thats good but.
Was it napster and real media that conducted surveys/stats of users who used there applications with out informing the users. Then there is spywear...
Go to Top of Page

Grunthor
Starting Member

USA
27 Posts

Posted - 10 December 2001 :  09:23:16  Show Profile  Visit Grunthor's Homepage  Send Grunthor an AOL message  Send Grunthor an ICQ Message
This may be a stupid question. But is there a way to make the results of the whois search come back in a larger window?

Grunthor
Go to Top of Page
Page: of 2 Previous Topic Topic Next Topic  
Next Page
 New Topic  Topic Locked
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.18 seconds. Powered By: Snitz Forums 2000 Version 3.4.07