Clever or what!

Discussion topics, Linux related - not requests for help

Moderators: ChrisThornett, LXF moderators

Clever or what!

Postby acraigon » Sun Oct 30, 2005 3:12 pm

I visited www.arrse.co.uk after reading an article in a newspaper about what the soldiers in Iraq thought about the war and other stuff. I was scrolling down one of the forum boards reading when I came across a penguin holding a sign and the sign said you are running linux your address is ...... you are running firefox and your internet provider is ....... I do not know about anyone else but that did make me feel nervous as I do have a firewall and other security. This was just a posting on a notice board, anyone know how my information was obtained and displayed? More to the point how can I stop this?
acraigon
 
Posts: 26
Joined: Wed May 11, 2005 6:46 pm

Postby M0PHP » Sun Oct 30, 2005 3:17 pm

Most probably the image was generated dynamically using PHP or something similar, which can obtain information about you from your browser (user agent), like phpSniff.

Mine is mozilla/5.0 (windows; u; windows nt 5.1; en-us; rv:1.7.12) gecko/20050915 firefox/1.0.7

which shows I'm running Firefox 1.0.7 on Windows XP (NT 5.1).

There is an extension for FF which allows you to fake your user agent.

As for the ISP - your ISP is allocated a specific block of IP addresses to give to users. The information (which IP blocks belong to which ISP) is available freely on the web.

A good example of good use of this data is BBClone - an advanced web counter.
User avatar
M0PHP
LXF regular
 
Posts: 737
Joined: Wed Apr 06, 2005 7:40 am
Location: Bishop Auckland, County Durham, UK

Postby linuxgirlie » Sun Oct 30, 2005 3:40 pm

I agree with M0PHP, I had a heartattack when I first saw it, I then went to a free firewall tester and it found nothing! Though it still new my web browser info etc, I turned it off and it was ok, but I turned it back on again as I want to prove to people out thier that I do use Linux!
My knowledge comes with no warranty...........

Server operating system designed for schools:http://www.linuxschools.com
linuxgirlie
LXF regular
 
Posts: 787
Joined: Sat Apr 09, 2005 6:34 pm
Location: Kent...UK

Postby Marrea » Sun Oct 30, 2005 4:05 pm

One of the forum members on the SuSE Linux Forums has this on all his/her postings, and the image seems to come from http://danasoft.com/.

I too was somewhat alarmed to see this when I was browsing through the posts and even thought of informing the member in question that I didn't think it was a very good idea to have a signature like this. But then I thought, am I being paranoid or what? It makes me feel very uneasy though.

It's exactly the same sort of thing which appears if you go to Steve Gibson's Shieldsup site to test your firewall. But I don't like seeing this on Help forums at all, harmless or not.
User avatar
Marrea
LXF regular
 
Posts: 1877
Joined: Fri Apr 08, 2005 9:32 pm
Location: Chilterns, West Hertfordshire

Postby ollie » Mon Oct 31, 2005 9:16 am

The site is hosted using Dragonfly CMS and all this information is easily logged using PHP. You can see exactly the same information using JavaScript - The Ultimate Browser Sniffer - although you can see that the script is out of date :wink: . Your details are listed about half way down the page after the actual script is displayed.

Similar information is available to every webserver when you browse to web sites - there is a wealth of information using something like AWStats to collect and display web server stats.

The only way to avoid this is to run through a number of anonymizers when you go Internet surfing - but then you need to have some config and hacking skills. :lol:
User avatar
ollie
Moderator
 
Posts: 2749
Joined: Mon Jul 25, 2005 11:26 am
Location: Bathurst NSW Australia

Postby jjmac » Mon Oct 31, 2005 8:42 pm

Yeah, it's just a cheap trick and means nothing. I suppose you could hide your browser if you wanted but it's a bit had to hide your IP address. And then it depends on the range that the provider has, so it dosen't really narrow down that much.

http://www.arin.net/whois/

is a good starting point if you want to check on any logged addresses you may have.


jm
http://counter.li.org
#313537

The FVWM wm -=- www.fvwm.org -=-

Somebody stole my air guitar, It happened just the other day,
But it's ok, 'cause i've got a spare ...
jjmac
LXF regular
 
Posts: 1996
Joined: Fri Apr 08, 2005 1:32 am
Location: Sydney, Australia


Return to Discussion

Who is online

Users browsing this forum: No registered users and 0 guests

cron