A hacker at work? IP 80.46.128.141

I'm afraid that's simply untrue. The most widely used Web server on the planet is Apache and that does, by default, record in its access log the IP address of every client requesting a page.

Indeed. The amount of information recorded can of course be configured by the administrator of the Web server.

Mike.

I think I've just been savaged by a dead sheep.

Exactly my point. The *hostname* is typically recorded - and not necessarily the user's actual IP address. Only if when the hostname can't be resolved (eg. are an ISP) will a discrete IP address be recorded. (To use the example above: 209.17.161.144 is allocated to Group Telecom Services Corp in Toronto:

You can't get the IP address of the user's box from the hostname or find out anything about them reallly - you only get the IP of the host that they are connected into and would need to check their host logs for more detail. IIRC, this is done so that, if the same user was to visit the site multiple times using a DHCP-allocated IP, your logs would show multiple hits from the same *hostname* (eg. AOL) and not multiple hits from multiple IPs owned by the same domain..

Cameron:-)

I don't understand your point.

With respect, you misunderstand TCP/IP. The IP address of the client is directly visible to the Web server and the translation, if it's done, is the other way round: from IP address to fully qualified domain name, in order to make the logs more readable.

This makes no sense to me. "AOL" isn't a hostname, DHCP isn't generally used by ISPs to allocate dynamic IP addresses (it's done within the PPP negotiation), and the Web server always sees the IP address of the client or of a proxy if one is being used: the raw datagram contains the IP address, not a hostname or even the FQDN.

Mike.

m3osn pse note. rsgb pse note.

oh dearrie dearrie me. what will the people at analogue or us dot com have to say about this ?

Its also a function of which news reader you use. Many of the NNTP headers are generated by your reader. Some of these can be configured and some can't.

I'm possibly out of my depth a bit here - thanks for your patience.

My point was that web site logs do not record an individual's IP address under normal circumstances. Even Usenet doesn't always - it depends on how you are accessing the Internet.

To take another example: My headers clearly show my IP address - but hang on a sec - no they don't! That's actually the IP address of the router I use to connect to the Internet. There could be thousands (well hundreds, at any rate) of other people using that same IP.

To get from a web site log such as "cache-loh-ac05.proxy.aol.com - - [23/Oct/2003:19:43:06 +0100]" to something that will positively identify the user's PC, you need to check the host's HTTP logs (in Gareth's example by contacting AOL) to find the IP that was accessing your site at the exact time/date recorded, and then check the HTTP logs of that IP (if it's a router like mine is), and so on, until you get to the PC at the top of the chain.

I've had to do this on two occasion for attacks on our site... it's a real pain... particularly when dealing with ISPs in your country, who are unhelpful to say the least.

Cameron:-)

On Wed, 17 Dec 2003 10:43:08 +0000, Walt Davidson Gave us:

Show me ANYTHING from the above that ever came from ANY movie. You can't you retarded old bastard.

Here's a dime...buy a clue.....I have been in computers since you were in diapers!

Maybe one day when you get a bit older you will realize that people are not perfect......relax and get over it!

On Wed, 17 Dec 2003 23:07:07 GMT, gzfw_pkearn_zfws@rae_gone__crock_takes_over.eircom.ru.br.net (class_a_zpk_12wpm_unlike_2800) Gave us:

Grow up, dipshit. This is Usenet, a public, free speech forum.

Uh....look at your own post....you said Lonely Tard State...I dropped the word lonely......You never posted Lone ......you really should give up drinking the bong water wild boy!.....

Yeah...you have to wonder what the Snotwobbler thing is????

Thanks for making my point!

Indeed, Hummingbird software utilities easily track the origin and routing of posts and emails, at least to the point of the posting ISP. Then it's only up to the ISP under court order to provide closure. It's an amazing audit trail.

Harry C.

...or the IP of the firewall. My work IP address never leaves the company (I tried today with the sites listed in this thread).

The point here though is the NNTP_Posting_Host tag in the NNTP headers. My headers don't show my IP address. NewsGuy puts their host ID in there, not the users.

Ok, what ISP am I posting from? Certainly a court order can get anything traced back (assuming records are kept) to the originator, but the Usenet headers don't do the job.

No, they don't use web site logs - there are far easier ways than that. The most common way is to buy the list off your friendly ISP.

Hotmail, RoadRunner, Bigpond, Ozemail.. they'll all happily sell their email address database (and their Granny) to marketing firms. Nowadays there is usually some clause in some fine print somewhere that allows them to legally do this "for market research" or some such - but it's big money!!

Another way is to trawl them off your own web site, if you have one.. but then maybe the most common way is to just decode them from Usenet posts?? ;-)

Have a (cosy, secure) day.

Cameron:-)

On Thu, 18 Dec 2003 02:15:19 GMT, "Ross Mac" Gave us:

I'm closer to being right than you were. Fuck you, Alzzie.