Hello, Dont know if this is the correct section to post this matter, but i think it is. Several days ago I received an email which contained a message if i wanted to see something (with the title),no link or attachment. I knew this title because my friend uploaded it on our server for me to download, we have a seperate folder for it created. Because i knew it had been on our server I went looking there, and found it again in a folder we use to share files to download for our friends. I guess we forgot to erase it. I contacted our hosting company and asked for the logs, which they sent me, on that log no suspicious ip-adresses where found. The email i received was from an anonymous email site, tried to contact them too but no reply. Because I "cruised" thru the server my ip-adress was all over the place, so my partner now suspects me from cheating/blackmailing. The log didnt provide anything supicious to her, than that. Since my knowledge about computers/programming etc is very poor, but i do have a suspicion on who it might have done i have a few questions and i hope someone can help me, i would like you to know also that my "suspect" is a computer-genius, he is an it-programmer etc etc.. The following questions might look if i want to try it, thats why i dont ask to tell me on HOW to do it, but I only would like to know IF thoose things which are in my mind now are possible... 1. How accurate are the server/hosting-logs? 2. Can ip-adresses somehow be copied or deleted? 3. If the person knew where we posted our files to download (we posted a folder in folder from a site we have up, but this folder was not in anyway connected to the site), and he entered by typing the correct URL and not using the ftp for that, would it display on the server log? 4. If this is the case, should it display on the site-statistics since this folder wasnt really "connected" to the site, allthough it was in the site-folder? 5. To make it short, can anyone be that smart to keep his "identity" hidden from ALL sources?? I hope someone can help me, because if i cant provide anything i am about to loose someone who is very dear to me...
1) Excluding security holes the logs are accurate, it will record the IP presented by the person connecting - of cause the person connecting can mask or spoof the IP that they present 2) IP addresses cannot be deleted but they can be "masked" or spoofed 3) yes, if logging is turned on for the folder then it will be on the server logs 4) depends how the logging is set up 5) It is almost impossible to keep your identity hidden from all sources however you can make it next to impossible to trace. Generally it is simply because of the amount of time/ effort/ cost of tracing massively out weighs the benefit of finding the purpotraiter. Generally most will take this hit of this breach and either increase security or modify their business model to cover the cost of future breaches (and by too expensive we are talking too expensive for multinational companies and government agencies not the lay persons too expensive)
AstarothSolutions, thanks for our reply What do you mean with masked or spoofed??...if someone knows your ip-adress, he can copy it to use it as "his" or "hers"?? Hope to maybe get some more replies, allthough i will never get conclusive proof, i hope in this way at least to proof for myself that my suspicion might be correct and at least i can have some peace....
You are stretching my knowledge, it is possible to make your IP appear to be another number of choice but I cannot say if it is ANY number or if some have better protection - I would be surprised if they did but cant say for certain Masked is where you bounce the request off other places (eg zombie computers) so the request appears to originate from the last IP in the chain. Typically they will bounce off many different places so the chances of tracing each link is less likely.
AstarothSolutions, sorry for trying to stretch your knowledge, and thanks for your reply again. Im just so messed up with this whole situation, because every trace leads to me, because i have been on the server several times that day, times i dont know anymore... I also have been in that specific folder that day, and thats why i am accused, i went there to see if the file wasnt deleted (it wasnt). I have lost someone very dear to me because of it, and I am looking for a reasonable explination for it, i have asked this questions to several other people All the replies are in the style of: yes, it can but it is very difficult to do. But like i said, this person is damn good with anything realted with computers, my ip adress he could have easily fished out anywhere, the thing that bothers me the most that i cant get conclusive proof, but can only provide possiblities to me (ex)-partner, but i guess nothing i say will convince her. I am just hoping for as much replies at possible on the possiblities that it is possible to do what i think happend, with my total lack of knowledge.... I need any help i can get
I would disagree that it is particularly difficult to do. Without knowing the intimate details it is difficult to advise but assuming your colleague/ friend/ partner has at least a basic knowledge of the internet they should realise that nothing is 100% secure or to be trusted on the internet and whilst it may cause problems in the short term problems like this can resolved over time if the relationship had any strength in the first place.
did your 'suspect' have access to your computer at any time? it's possible that they could have done *whatever they did* from your computer which would then mean it WAS your IP address.. do a scan for trojans, perhaps he/she has infected your computer so that he/she can use it remotely.. do you have any form of remote access installed, something like lsass or any other type of VNC viewer would also give an unauthorised user access to your computer without your knowledge if it isnt configured properly.. I dont think it is possible with ip spoofing to spoof a specific ip address but i am not 100% sure on that.. good luck with your search for the truth