PHPs information grabbing ability??

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
penguinboy
Forum Contributor
Posts: 171
Joined: Thu Nov 07, 2002 11:25 am

PHPs information grabbing ability??

Post by penguinboy »

I need some help.
Our company has a non public website that is strictly for internal use.
It doesn't show up on any search engines.
While going over some logs I noticed that someone tried to break into the site a few days ago.
I was wondering what sort of information I could obtain on this individual.
I already log the ip, but i'm looking for more.
I'd like to konw how he stumbled across our site, if he just type in the site name, or if he typed in the ip.
Basically I'd like to get every bit of information I could from every computer that connects to our site.

-pb
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

there are some informations available but it's far more reasonable to secure your site, e.g. with .htacess, https and virtual private network

In between you might be interested in http://www.php.net/manual/en/reserved.variables.php and http://www.php.net/manual/en/function.getallheaders.php
penguinboy
Forum Contributor
Posts: 171
Joined: Thu Nov 07, 2002 11:25 am

Post by penguinboy »

the site is secure, so its not really an issue of security, its more along the lines of I want to be an <span style='color:blue' title='I&#39;m naughty, are you naughty?'>smurf</span> and let these 15yr old hackers know that i caught them.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

then you might be interested in http://www.ripe.net/ esp. the online-search
Paranoid's playground...I love it ;)

Code: Select all

function getRipeEntry($ip)
	{
		$sd = @socket_create (AF_INET, SOCK_STREAM, getprotobyname("TCP"));
		if( @socket_connect( $sd, 'www.ripe.net', 80) )
		{
			$body = 'form_type=simple&amp;full_query_string=&amp;searchtext='.$ip.'&amp;do_search=Search';
			$headers = "POST /perl/whois?%253F HTTP/1.0\n";
			$headers .= "User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)\n";
			$headers .= "Accept: */*\n";
			$headers .= "Content-length: ".strlen($body)."\n";
			$headers .= "\n";
			$headers .= $body;
			socket_write($sd,$headers, strlen($headers));
			
			$results = '';
			while($headers = @socket_read($sd, 1024))
				$results .= $headers;
			
			$beg = strpos($results, '&lt;pre&gt;');
			$end = strpos($results, '&lt;/pre&gt;&lt;table');
			if (!$beg || !$end)
				die(getWarn()); 
			$results = substr($results, $beg, $end - $beg);
			if (strpos($results, 'ERROR:101: no entries found') ===FALSE)
			{
				$ip = sprintf("%u", ip2long($ip));
				$query = 'REPLACE ripe SET ip='.$ip.",entry='".mysql_escape_string($results)."'";
				@mysql_query($query, $GLOBALS&#1111;'conn']) or die(mysql_error()) or die(getWarn());
			}
			else
				$results = '';
			return array($results);
		}
		else
			return '';
	}
penguinboy
Forum Contributor
Posts: 171
Joined: Thu Nov 07, 2002 11:25 am

Post by penguinboy »

well...

i'm looking to be more evil than that, I want the hackers email address, so i can send them an automated email.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

email address from ip? forget it
And you wouldn't want all the sites you visit to be able to find your email-address, would you? ;)
So the best I can offer is the abuse-contact-address from the RIPE entry.
But a single visit is no crime!
penguinboy
Forum Contributor
Posts: 171
Joined: Thu Nov 07, 2002 11:25 am

Post by penguinboy »

well i know its possible using java. just thought i'd see if anyone had a way to do it in php.
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

How do you resolve an e-mail address from an IP, especially when a lot of people don't have static IP addresses but one assigned randomly by their ISP. AFAIK, this isn't a limitation of PHP but of the web in general - how does Java accomplish it?

Mac
penguinboy
Forum Contributor
Posts: 171
Joined: Thu Nov 07, 2002 11:25 am

Post by penguinboy »

gettting the email address has nothing to do with the ip.

instead when anyone connects to your site, and trys to login you run some java to start up outlook express/netscape's email app, and force it to send you an email.

it only works if they use either of those apps.

but its better than nothing.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

OMG 8O
I would call this a virus or worm wether the intention is good or not!
What's next? Forcing a isdn-dialup so you can speak to him/her personally? :evil:
Chances are good that you will receive mails only from accidentally visitors because the real hacker you're worried about is probably too 133t ( ;) ) to use M$-products or at least has disabled all IE-settings.
The only help I will provide for this attempt is: php does not peform anything client-side. It only produces a document sent to the client. This document may contain data that is interpreted e.g. as javascript within the client. And this code then may even trigger bugs/leaks.
I hope you reconsider your idea. Forcing a dial-up is illegal for sure, but even the sneaking, unattended mail might be.
User avatar
m3mn0n
PHP Evangelist
Posts: 3548
Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada

Post by m3mn0n »

LOL! That's evil. Hardcore. :roll:

If he is breaking into a private server that is secure, it is not a crime, but it is not allowed. You can get his IP, which will give you his host, ask them to contact the person who had it at that particular logged time to stop breaking into your private server.

I think that is a better method of scaring the person knowing that his ISP knows he is a little a-hole. 8)
Post Reply