PHPs information grabbing ability??
Moderator: General Moderators
-
penguinboy
- Forum Contributor
- Posts: 171
- Joined: Thu Nov 07, 2002 11:25 am
PHPs information grabbing ability??
I need some help.
Our company has a non public website that is strictly for internal use.
It doesn't show up on any search engines.
While going over some logs I noticed that someone tried to break into the site a few days ago.
I was wondering what sort of information I could obtain on this individual.
I already log the ip, but i'm looking for more.
I'd like to konw how he stumbled across our site, if he just type in the site name, or if he typed in the ip.
Basically I'd like to get every bit of information I could from every computer that connects to our site.
-pb
Our company has a non public website that is strictly for internal use.
It doesn't show up on any search engines.
While going over some logs I noticed that someone tried to break into the site a few days ago.
I was wondering what sort of information I could obtain on this individual.
I already log the ip, but i'm looking for more.
I'd like to konw how he stumbled across our site, if he just type in the site name, or if he typed in the ip.
Basically I'd like to get every bit of information I could from every computer that connects to our site.
-pb
there are some informations available but it's far more reasonable to secure your site, e.g. with .htacess, https and virtual private network
In between you might be interested in http://www.php.net/manual/en/reserved.variables.php and http://www.php.net/manual/en/function.getallheaders.php
In between you might be interested in http://www.php.net/manual/en/reserved.variables.php and http://www.php.net/manual/en/function.getallheaders.php
-
penguinboy
- Forum Contributor
- Posts: 171
- Joined: Thu Nov 07, 2002 11:25 am
then you might be interested in http://www.ripe.net/ esp. the online-search
Paranoid's playground...I love it
Paranoid's playground...I love it
Code: Select all
function getRipeEntry($ip)
{
$sd = @socket_create (AF_INET, SOCK_STREAM, getprotobyname("TCP"));
if( @socket_connect( $sd, 'www.ripe.net', 80) )
{
$body = 'form_type=simple&full_query_string=&searchtext='.$ip.'&do_search=Search';
$headers = "POST /perl/whois?%253F HTTP/1.0\n";
$headers .= "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)\n";
$headers .= "Accept: */*\n";
$headers .= "Content-length: ".strlen($body)."\n";
$headers .= "\n";
$headers .= $body;
socket_write($sd,$headers, strlen($headers));
$results = '';
while($headers = @socket_read($sd, 1024))
$results .= $headers;
$beg = strpos($results, '<pre>');
$end = strpos($results, '</pre><table');
if (!$beg || !$end)
die(getWarn());
$results = substr($results, $beg, $end - $beg);
if (strpos($results, 'ERROR:101: no entries found') ===FALSE)
{
$ip = sprintf("%u", ip2long($ip));
$query = 'REPLACE ripe SET ip='.$ip.",entry='".mysql_escape_string($results)."'";
@mysql_query($query, $GLOBALSї'conn']) or die(mysql_error()) or die(getWarn());
}
else
$results = '';
return array($results);
}
else
return '';
}-
penguinboy
- Forum Contributor
- Posts: 171
- Joined: Thu Nov 07, 2002 11:25 am
-
penguinboy
- Forum Contributor
- Posts: 171
- Joined: Thu Nov 07, 2002 11:25 am
- twigletmac
- Her Royal Site Adminness
- Posts: 5371
- Joined: Tue Apr 23, 2002 2:21 am
- Location: Essex, UK
-
penguinboy
- Forum Contributor
- Posts: 171
- Joined: Thu Nov 07, 2002 11:25 am
OMG 
I would call this a virus or worm wether the intention is good or not!
What's next? Forcing a isdn-dialup so you can speak to him/her personally?
Chances are good that you will receive mails only from accidentally visitors because the real hacker you're worried about is probably too 133t (
) to use M$-products or at least has disabled all IE-settings.
The only help I will provide for this attempt is: php does not peform anything client-side. It only produces a document sent to the client. This document may contain data that is interpreted e.g. as javascript within the client. And this code then may even trigger bugs/leaks.
I hope you reconsider your idea. Forcing a dial-up is illegal for sure, but even the sneaking, unattended mail might be.
I would call this a virus or worm wether the intention is good or not!
What's next? Forcing a isdn-dialup so you can speak to him/her personally?
Chances are good that you will receive mails only from accidentally visitors because the real hacker you're worried about is probably too 133t (
The only help I will provide for this attempt is: php does not peform anything client-side. It only produces a document sent to the client. This document may contain data that is interpreted e.g. as javascript within the client. And this code then may even trigger bugs/leaks.
I hope you reconsider your idea. Forcing a dial-up is illegal for sure, but even the sneaking, unattended mail might be.
LOL! That's evil. Hardcore.
If he is breaking into a private server that is secure, it is not a crime, but it is not allowed. You can get his IP, which will give you his host, ask them to contact the person who had it at that particular logged time to stop breaking into your private server.
I think that is a better method of scaring the person knowing that his ISP knows he is a little a-hole.
If he is breaking into a private server that is secure, it is not a crime, but it is not allowed. You can get his IP, which will give you his host, ask them to contact the person who had it at that particular logged time to stop breaking into your private server.
I think that is a better method of scaring the person knowing that his ISP knows he is a little a-hole.