Linux Format forums

[acraigon]

I visited www.arrse.co.uk after reading an article in a newspaper about what the soldiers in Iraq thought about the war and other stuff. I was scrolling down one of the forum boards reading when I came across a penguin holding a sign and the sign said you are running linux your address is ...... you are running firefox and your internet provider is ....... I do not know about anyone else but that did make me feel nervous as I do have a firewall and other security. This was just a posting on a notice board, anyone know how my information was obtained and displayed? More to the point how can I stop this?

[M0PHP]

Most probably the image was generated dynamically using PHP or something similar, which can obtain information about you from your browser (user agent), like phpSniff.

Mine is mozilla/5.0 (windows; u; windows nt 5.1; en-us; rv:1.7.12) gecko/20050915 firefox/1.0.7

which shows I'm running Firefox 1.0.7 on Windows XP (NT 5.1).

There is an extension for FF which allows you to fake your user agent.

As for the ISP - your ISP is allocated a specific block of IP addresses to give to users. The information (which IP blocks belong to which ISP) is available freely on the web.

A good example of good use of this data is BBClone - an advanced web counter.

[linuxgirlie]

I agree with M0PHP, I had a heartattack when I first saw it, I then went to a free firewall tester and it found nothing! Though it still new my web browser info etc, I turned it off and it was ok, but I turned it back on again as I want to prove to people out thier that I do use Linux!
_________________
My knowledge comes with no warranty...........

Server operating system designed for schools:www.linuxschools.com

[Marrea]

One of the forum members on the SuSE Linux Forums has this on all his/her postings, and the image seems to come from http://danasoft.com/.

I too was somewhat alarmed to see this when I was browsing through the posts and even thought of informing the member in question that I didn't think it was a very good idea to have a signature like this. But then I thought, am I being paranoid or what? It makes me feel very uneasy though.

It's exactly the same sort of thing which appears if you go to Steve Gibson's Shieldsup site to test your firewall. But I don't like seeing this on Help forums at all, harmless or not.

[ollie]

The site is hosted using Dragonfly CMS and all this information is easily logged using PHP. You can see exactly the same information using JavaScript - The Ultimate Browser Sniffer - although you can see that the script is out of date . Your details are listed about half way down the page after the actual script is displayed.

Similar information is available to every webserver when you browse to web sites - there is a wealth of information using something like AWStats to collect and display web server stats.

The only way to avoid this is to run through a number of anonymizers when you go Internet surfing - but then you need to have some config and hacking skills.

[jjmac]

Yeah, it's just a cheap trick and means nothing. I suppose you could hide your browser if you wanted but it's a bit had to hide your IP address. And then it depends on the range that the provider has, so it dosen't really narrow down that much.

http://www.arin.net/whois/

is a good starting point if you want to check on any logged addresses you may have.


jm
_________________
http://counter.li.org
#313537

The FVWM wm -=- www.fvwm.org -=-

Somebody stole my air guitar, It happened just the other day,
But it's ok, 'cause i've got a spare ...