If someone makes a post to a forum that allows anonymous posting does that post contain any type of digital key or other digital identifier that can be accessed by another poster by either proper or improper means?
Printable View
If someone makes a post to a forum that allows anonymous posting does that post contain any type of digital key or other digital identifier that can be accessed by another poster by either proper or improper means?
By anonymous, I assume you mean not requiring registration? The IP address of the user could still be logged, but nobody else could access it unless the forum administrator publicized it, or unless it's another user on the same ISP as you (assuming the IP is not static).
Thanks for the reply JPnyc. True, no registration was required. I need to clarify that I personally do need access anything on anyone. A friend made an anonymous post on a forum called topix.com that offended some hothead who then posted what appears to be HTML code stating the friends identity was in a hidden digital key within the code. I told him I thought the hothead was bluffing but would ask on this forum to be sure. I can post a copy if you would like to see it.
Thanks a million
BobC
If no registration is required, and no information was volunteered by the poster, the only thing they could get is the IP address, and from that you can get the ISP and General location.
JPnyc is correct BUT (don't you always hate the butts) If the hothead ran the physical server all bets are off. You connect to one of my servers and I know your internal IP even if you use NAT, your browser, your screen resolution hell If I wanted I could tell how much disk space you have. I'm guessing that the hothead posted A session cookie trying to look cool
Hey dinowuff or whatever, has the ******* finally fallen apart?
:D
Of course he could also use one of the various anonymizers available and not really leave any true information.
A session cookie would be deleted when the session ended, though. I doubt IP info would be stored in a cookie, although I dunno what forum software is involved.
Na I just like to go slumming, every now and then, on my old stomping grounds.Quote:
Originally Posted by nihil
Why couldn't an ip be stored in a cookie? A script that could write a cookie would most likely be coded by someone who also knew how to do, at the very least, a check for the ip of the requesting computer.
Dino,
I don't get it...
OK... that's not what I don't get... it's just a funny typo :DQuote:
JPnyc is correct BUT (don't you always hate the butts)
I'm not sure why it matters whether or not Mr. Hothead is running the server or not. How, when I'm using NAT, would you be able to see my internal IP (other than by using a cookie - not sure how that would even work)? If you can, I would like you to explain that. And if so, I would like you to explain how it matters whether or not you're running the server (and I really mean that... the more days go by, the more I realize I don't understand this stuff...).Quote:
If the hothead ran the physical server all bets are off. You connect to one of my servers and I know your internal IP even if you use NAT, your browser, your screen resolution hell If I wanted I could tell how much disk space you have. I'm guessing that the hothead posted A session cookie trying to look cool
I didn't say it couldn't, just that I doubted it would be. What's the purpose of it? If the guy he's concerned about is the admin of the forum, he sure doesn't need to put the IP into a cookie to know what it is.Quote:
Originally Posted by tripstone
Yo neg, it wasn't a typo ;-)
Anyway, by server I mean WEB Server. IIS, Apache, whatever have built in functions that gather tons of data. You know that IP addresses are gathered but all sorts of other data is also captured by default. To get the NAT address one only has to ask. You can use encapsulation (pretty much a pain) or script the request in a session id (easiest)
Firewalls and ad ons like noscript will prevent most of this. But the main thing to remember is that YOU initiated the connection to my server, I didn't. In essence your firewall completely trusts my server 'cause you initiated the connection. Now all I need to do is (put simply) an ARP request.