Finding location of ip address

Discussion of non-phpBB related topics with other phpBB.com users.
Forum rules
General Discussion is a bonus forum for discussion of non-phpBB related topics with other phpBB.com users. All site rules apply.
rickf
Registered User
Posts: 50
Joined: Sat May 18, 2019 2:39 pm

Finding location of ip address

Post by rickf »

What apps do you guys use to find locations of ip's that you suspect may be causing issues with your sites?
I am currently using Arul and Adminkit ip 2 location tool. The problem is that they do not seem to agree with each other and I don't know which one to believe. I have one ip that shows in Herndon Virginia on one of them and in the middle of a lake in the state of Michigan on the other! Half the country away. A different example shows the same ip in Angola or Germany. Does anybody have one that is kind of accurate? I know where 99% of my clientele is from so if I am getting 1,000 hits from some other oddball country I can just block that ip.
User avatar
P_I
Community Team Member
Community Team Member
Posts: 2401
Joined: Tue Mar 01, 2011 8:35 pm
Location: Western Canada 🇨🇦

Re: Finding location of ip address

Post by P_I »

Normal people… believe that if it ain’t broke, don’t fix it. Engineers believe that if it ain’t broke, it doesn’t have enough features yet. – Scott Adams
User avatar
AmigoJack
Registered User
Posts: 6115
Joined: Tue Jun 15, 2010 11:33 am
Location: グリーン ヒル ゾーン

Re: Finding location of ip address

Post by AmigoJack »

The one is reporting the address of my ISP, the other is 150+ km off. Not even https://www.maxmind.com/en/geoip2-precision-demo is anywhere near my actual home. One reason might be that my ISP is also reselling lines from other ISPs, so the endpoint could be anywhere in my country instead of being having at least a common region as per subnet.

From a long experience using such services/databases: it's way too inaccurate. Even the nation/country can be wrong often enough. You have better luck in just comparing the ASN to indicate you might deal with the same suspect.
User avatar
Forex Station
Registered User
Posts: 184
Joined: Thu Apr 06, 2017 2:26 pm
Location: Australia

Re: Finding location of ip address

Post by Forex Station »

Use https://ipdata.co/ it's accurate and will display a "Threats" tab which is easy on the eyes and gathers the reports from different sources such as Cleantalk (mentioned above), Stop Forum Spam, Wikimedia & much more 👍
User avatar
axe70
Registered User
Posts: 752
Joined: Sun Nov 17, 2002 10:55 am
Location: Italy
Name: Alessio

Re: Finding location of ip address

Post by axe70 »

You cannot at certain network levels. It cannot be accurate, nor you can trust these info, in fact the suggested script display that i am from Bologna, but it is not really where i am from.
You cannot trust any of the info coming from internet, and so presented to the server and this is a typical example. The server and his scripts never can detect from where ->really<- the request come from, due to proxies, due to the fact that i could send a modified and fake payload, and several other things (also explained by amigojack).

Yes there are services like cloudflare that helps to stay away from several problems (when do not give you some other instead)
Cloudflare threat and network intelligence is built into every connection — and not tied to any one cloud provider — to help you stay ahead of the ever-evolving threat landscape. Cloudflare serves approximately 20% of all Internet traffic, and blocks an average of 140 billion threats per day. Each and every login, request, and response that goes through our network strengthens the machine learning that we apply to detect and block threats, before they ever reach your organization.
Maybe i am wrong, but to me, the unique thing that it can protect you from, are dos attacks. Maybe.
The most of the features are instead, simply given by the fact that it is a closed network that try to stop what it is detected like a threat.
You could surely easily build a script that do same things in few lines (well not few lines!) that could detect "strange" requests from same IP.
I think it is just all what it can offer.

In what i am wrong guys?
User avatar
AmigoJack
Registered User
Posts: 6115
Joined: Tue Jun 15, 2010 11:33 am
Location: グリーン ヒル ゾーン

Re: Finding location of ip address

Post by AmigoJack »

https://ipdata.co/ wrote:VPN SCORE: 100
PROXY SCORE: 94
THREAT SCORE: 21
TRUST SCORE: 28
Well, such assumptions happen when IP addresses are changed every 24 hours by your ISP (which has been common practice for 3+ decades already), but whoever calculates your score isn't aware of such facts: I'm made liable for what has been done in the past to that address before it was assigned to me. I have no idea how to tell 2 different people apart by only the IP address - one has to ask the ISP for which time frame an IP address was assigned to one person, and since when to another. Also I'm highly curious how their sources measure/detect VPN/proxy activity. The score should become even worse (in terms of integrity) when measured over weeks, if not months. Of course during that time span a couple of people were surely using a VPN, and based on national laws they have good reasons.

This is where users and automations fail: wrong/too simple assumptions, although dynamic IP addresses given by ISPs is a well known fact. Ironically one reason of it is to reduce abuse.
https://ipdata.co/ wrote:CURRENT_TIME: 2023-10-21T12:52:51+99:00
(slightly redacted by me) Now that's bogus: while the timezone offset was correct, the time itself wasn't - the time would have been correct only with offset +0000, but didn't take the offset into account. Also: the place where I belong to was again a different one than where I really sit - at least this time it was just ~10 km off, so it's the most precise I've encountered so far.
User avatar
Lumpy Burgertushie
Registered User
Posts: 69227
Joined: Mon May 02, 2005 3:11 am

Re: Finding location of ip address

Post by Lumpy Burgertushie »

fwhen I checked my current IP at that link it was a couple of hundred miles off for my location. also, the IP that shows up for me is my ISP's IP and is usually
the same for months at a time.
as I have been saying for years, don't believe what you see on TV about how you can be traced by the IP you are using at any given time.


robert
User avatar
AmigoJack
Registered User
Posts: 6115
Joined: Tue Jun 15, 2010 11:33 am
Location: グリーン ヒル ゾーン

Re: Finding location of ip address

Post by AmigoJack »

Lumpy Burgertushie wrote: Sun Oct 22, 2023 2:21 amdon't believe what you see on TV about how you can be traced by the IP you are using at any given time
It's a different thing tho when police/government requires the ISP to hand out what they know - those certainly know when which IP address was assigned to which person paying for internet access monthly, along with his postal address. Each national secret service usually can ask each ISP in realtime about such data, police has equal access per request - for those it's really possible as in TV. Think a bit further: people being able to gain access to those systems are equally able to trace you down - it could also be a corrupted cop working for a criminal organization.

But yes, I get your point: ads gave me lots of willing women near my location "PROXY249", and the average "hacker" is equally incompetent.
User avatar
axe70
Registered User
Posts: 752
Joined: Sun Nov 17, 2002 10:55 am
Location: Italy
Name: Alessio

Re: Finding location of ip address

Post by axe70 »

So i have a question for you all:
if i am in Italy, using an email from Russia, let say an example, rambler.ru, and the police want's to know the IP from where it has been sent an email last time from a specified account at rambler, but i also accessed it from another country, let say from a China proxy, then from another country, let say if would be possible, from north corea, and even before, from colombia, how you'll detect?
How many answers the police have to do to who? Do you know?
Nobody?
Too much?
Nice question eh?

Another hard scenario :D
I was sending emails from an internet point, where i was wearing a mask, or from a pc that nobody know i can access to it, that's not mine.
How?
User avatar
AmigoJack
Registered User
Posts: 6115
Joined: Tue Jun 15, 2010 11:33 am
Location: グリーン ヒル ゾーン

Re: Finding location of ip address

Post by AmigoJack »

axe70 wrote: Sun Oct 22, 2023 11:55 amusing an email ... how you'll detect?
Oh, that's easy: since nowadays people are naive enough to always use browsers for reading/sending emails their true IP address can easily leak through WebRTC (further explanation and test), which is only one of multiple ways.
axe70 wrote: Sun Oct 22, 2023 11:55 amsending emails from
Public internet access usually logs activity - when you're caught the MAC address of your used device at that time is enough proof for the cops. Using someone else's device is the most promising choice, but think about the opposite: if that ever happens to you - how could you prove it was not you sending an email?
User avatar
axe70
Registered User
Posts: 752
Joined: Sun Nov 17, 2002 10:55 am
Location: Italy
Name: Alessio

Re: Finding location of ip address

Post by axe70 »

Assume i also presented a fake identity to the internet point! :D
Oh, that's easy: since nowadays people are naive enough to always use browsers for reading/sending emails their true IP address can easily leak through WebRTC (further explanation and test), which is only one of multiple ways.
nice to know

No well i think you say about normal behaviors, but
about email in Russia: if i access to it via a proxy, there is no way for you to know from where i am really from.
You should know it from the proxy, that's into another country and not under your control.
There are many proxies and people using proxies. Are secure? Some maybe, in theory.
So or you are able to know directly, from where i access to the proxy (my pc), and decipher the encrypted content, or it would be impossible for you to know that i was the one that sent the email (because you do not know which real url has been requested by the proxy, that retrieve the content for me).
I do not know if Russia let know to others countries the ip that connect to the internet that's under their control. In some case yes in some othe rno i assume.
But the Russian email provider should provide you the proxy server ip, so you have to ask to the proxy server, which ip at some time (me) accessed trough it to the Russian email provider.

[EDITED]

Return to “General Discussion”