Page 1 of 1
Visitor's IP address log
Posted: Mon Feb 11, 2019 11:57 am
by pipoy
Hi,
I bought an application which is vulnerable to a specific spam attack.
Until we get a fix on this, I'd appreciate if you can help me.
I am trying to figure out the IP address of this spammer. Is there a log in Centos 7 or vestacp where I can get a list of IP addresses visiting my server?
Re: Visitor's IP address log
Posted: Mon Feb 18, 2019 12:06 am
by Felix
You can start with
these maybe...
Re: Visitor's IP address log
Posted: Wed Feb 27, 2019 2:04 am
by Emohlyni
Often in the forums or in social networks you can find the phrase "I will calculate you by IP". We constantly receive requests from various people who are blackmailed or insulted in the network. All of them are asked to send the IP address of their abuser. But let's try to figure out what gives the knowledge of the IP address to a simple Internet user.
Each site that we visit, including VKontakte, keeps a history of user visits, in which at least the IP address from which the visit was made and the time of the visit is stored. This history is stored in the server log.
And if the user’s visit to the site was direct, then this visit will be recorded in the event log indicating the real IP address and the visit time. But if the user logged on to the site using any means of anonymization, then the IP address of the anonymizer, proxy server or vpn that he used will be recorded in the log. That is, the site will not be able to recognize the real IP address of the visitor in this case and will record a completely different IP address.
Thus, even if we can get an IP address, there is absolutely no guarantee that this is really the real IP address of a person and not the IP of any anonymizing tool.
Re: Visitor's IP address log
Posted: Mon Mar 18, 2019 12:09 am
by pipoy
Emohlyni wrote: ↑Wed Feb 27, 2019 2:04 am
Often in the forums or in social networks you can find the phrase "I will calculate you by IP". We constantly receive requests from various people who are blackmailed or insulted in the network. All of them are asked to send the IP address of their abuser. But let's try to figure out what gives the knowledge of the IP address to a simple Internet user.
Each site that we visit, including VKontakte, keeps a history of user visits, in which at least the IP address from which the visit was made and the time of the visit is stored. This history is stored in the server log.
And if the user’s visit to the site was direct, then this visit will be recorded in the event log indicating the real IP address and the visit time. But if the user logged on to the site using any means of anonymization, then the IP address of the anonymizer, proxy server or vpn that he used will be recorded in the log. That is, the site will not be able to recognize the real IP address of the visitor in this case and will record a completely different IP address.
Thus, even if we can get an IP address, there is absolutely no guarantee that this is really the real IP address of a person and not the IP of any anonymizing tool.
I do understand what you are saying. But this simple solution may slightly delay their attack. Which actually in my case, it permanently ceased their attack.
My team came up a way to get the IP of the spammer. With that simple solution, it did block the attack. The attacker attempted to re-IP, but all we had to do is block it again. And we haven't heard from him since.
But if the user logged on to the site using any means of anonymization, then the IP address of the anonymizer, proxy server or vpn that he used will be recorded in the log.
With our case, we are NOT looking for the REAL ip address. We were just looking for the IP he was using to spam us and block it. Having a new IP address of the anonymizer is not cost effective. The attacked got a new IP but only did it once.