Page 1 of 1

User Posted Information Regarding IP's of Other Users

Posted: Wed May 21, 2008 11:56 pm
by Steve E
I'm helping out a friend (forum garbage man, essentially) and have administrator privileges. Currently we're using 2.0.23, but the owner of the forum will be making a move to 3.0 sometime later this year.

One of our users mentioned multiple IP information regarding other users. As far as I'm aware, only the owner, myself, and another person have access to the IP's. Although they didn't list the actual IP addresses, they made a comment that I know to likely be true based on their information.

They also did some research on another user, making mention that Rx records are on file and public - that $29.95 can buy all sorts of information. So this person is doing this maliciously, and may be using people with more knowledge in how to get this information than we have to keep it from happening.

How is it that a user can gain IP address information such as this? Is it rather easy and I haven't figured it out yet, or did they likely employ someone with some hacking abilities to look beyond the page itself to get the info?

Thanks.

SE

Re: User Posted Information Regarding IP's of Other Users

Posted: Fri May 23, 2008 4:47 pm
by Dog Cow
There is more than one way to get information about a user. Let's imagine this scenario:

A person named Bobby uses that same username across multiple forums, including yours. A user named Manny has his own forum which he is the administrator of. Manny is a regular member of your forum, and Bobby is a member of Manny's forum.

Because Bobby is a member at Manny's forum as well as yours, Manny the administrator can view his IP addresses. Manny of course can't view Bobby's IP addresses at your forums, but he can still be reasonably confident with his information. He can then take this information over to your forums, where he is not an administrator, and post it publicly and/or do other unpleasant things.

Re: User Posted Information Regarding IP's of Other Users

Posted: Fri May 23, 2008 4:50 pm
by KevC
It's not unusual for a user to have more than one IP address. I have over 1500 for my posts on here.

There also isn't a lot you can do with an IP address anyway.

Re: User Posted Information Regarding IP's of Other Users

Posted: Fri May 23, 2008 6:44 pm
by Steve E
Thanks Dog Cow and Kevin,

I understand your scenario, although it's unlikely that it applies in this situation. Knowing some background on the situation (which included several other attacks) what they are saying is true (multiple posters from the same IP). I do know that several people can share an IP, etc... but I don't understand how they were able to see the IP to know whom it was coming from.

So the accusation that X number of 'users' all posted from the same IP isn't really the issue, not is how many IP's they've used - but that they knew X number of 'users' were posting from the same IP is what is confusing. And they got the number correct.

The way the board is configured, the IP's aren't visible, within the thread. But by clicking the IP link, I can see the IP as well as anyone who's posted from it and any others used by that person (relating to Kevin's comment). It seems like this person may be accessing this information also.

Re: User Posted Information Regarding IP's of Other Users

Posted: Fri May 23, 2008 7:24 pm
by KevC
Get the starfox admin toolkit in my sig below.
That will allow you to see if anyone else has a mod or admin account that shouldn't.

Also as DC says, it's feasible they know the account names from another board and knew the information already.

Re: User Posted Information Regarding IP's of Other Users

Posted: Sat May 24, 2008 1:07 am
by ckwalsh
This is a stab in the dark (and probably wrong), but does that user have an image in their signature?

Theoretically (I'm not sure why someone would want to), it is possible for someone to use their own server and an image to track how many different users have viewed the image, like a counter, but not displaying the count publicly. From this information, they would not be able to see who the users are however.

You should take all steps to try figure out how they are doing this, but it may just be someone trying to scare you.

Re: User Posted Information Regarding IP's of Other Users

Posted: Sat May 24, 2008 1:35 am
by 3Di
Ditto. :geek:

It is a film I've already saw. :)

Re: User Posted Information Regarding IP's of Other Users

Posted: Sat May 24, 2008 4:49 pm
by Dog Cow
Steve E wrote:Thanks Dog Cow and Kevin,

I understand your scenario, although it's unlikely that it applies in this situation. Knowing some background on the situation (which included several other attacks) what they are saying is true (multiple posters from the same IP). I do know that several people can share an IP, etc... but I don't understand how they were able to see the IP to know whom it was coming from.

So the accusation that X number of 'users' all posted from the same IP isn't really the issue, not is how many IP's they've used - but that they knew X number of 'users' were posting from the same IP is what is confusing. And they got the number correct.

The way the board is configured, the IP's aren't visible, within the thread. But by clicking the IP link, I can see the IP as well as anyone who's posted from it and any others used by that person (relating to Kevin's comment). It seems like this person may be accessing this information also.
Well, you have two options:

1.) Run some tests on him: ask this guy to confirm some information that you know. For example, since he guessed the number of different IPs, ask him to tell you what they are.

Play with his mind. Tell him there's another, new IP address that is in use and ask him to tell you what it is. Or, tell him he's got some wrong IPs, or the wrong number of them. See what his reaction is.

The point here is to get the most information from him, while giving him the least information.

2.) It could be possible this guy has moderator permissions and really is clicking that IP button on your forums. Check carefully his user-assigned permissions, then check if he's in any groups with moderator permissions. I had acase years ago where some really old member got assigned to be a moderator by mistake. I fixed it, of course, but it still can happen.