1st, I looked around and I hope this is the best place for this. If it isn't, please let me know. I have a forum on my website. It's a seperate entity OF the website, of course. Its http://spreadthesickness.org/gawncrazy There's a feature on the forum under the ADMIN panel that is a "TRACK USER" function. I've noticed on one of my ADMINS that his IP is traced to some other names on the forum. The other names on the forum that show up under HIS name as "NAMES ALSO LINKED TO THIS USER" are etc. etc. My question: HOW EASY OR DIFFICULT IS IT FOR SOMEONE TO MAKE THEIR IP ADDY SOMEONE ELSE'S IP ADDY IF THEY KNOW IT? In other words, if I knew YOUR IP address, would it be possible somehow for me to make it look like "I" am "YOU" via IP ADDYS?? I've done some digging and I don't even understand what they're saying. I am NOT a big programmer, so pleaase put it in BABY terms. This has cost me a friendship. I want to know if that's reasonable or not. Thanks in advance for your help!!
For the average user it's not that easy. For someone with linux/unix and some serious know how it'd be easy. What you're talking about is called "ip spoofing". Google it.
It's not impossible, but it's a little more than your average forum user is capable of (barring some pre-built H4X0r tool for script-kiddies). I find it very unlikely that someone managed to get ahold of the IP address of someone else on that forum and then proceeded to make fake accounts using that spoofed IP. It's much easier to use proxies to hide your own IP, so the only benefit would be to get the other person in trouble. Quite frankly, there are easier ways to do that too. As for whether or not it was worth losing a friendship...
Apart from the advice on spoofing IP's - there is another possbility to consider. Is the form for a specific geographical region/or at the people likely to be on the same local isp/network? Could be that they are, hence the same IP's due to proxies etc.
spoofing ip's would never work over http protocol in a forum as you wouldn't get the response back to your machine + wtf would anybody spoof an ip to make a forum post??? whats happening is more than likely the admin (any of the following): 1: logs in from a shared connections (uni/school/library or similar) thus having shared ip address 2: has a dynamic ip address (get's a new one everytime he's on the net) 3: uses a proxy 4: uses aol which often route common queries though a proxy 5: is the other people making the post/user count seem higher finally, anybody with skills to spoof the ip simply wouldn't do it, espec not on some forum, the worst you'd get is that somebody "hacked" your server and changed the records in the database; that would however be the stupidist waste of time ever!
The forum links about 8 names as likely the same person, and one of those is an ex admin. They also share MANY IP addy's and some of them are identical. Does that mean that they are all the same person DEFINATELY unless someone hacked into the server? Or is there another way that this is possible? Most of them are from AOL. What does that mean? I want to get to the bottom of this. Thanks for your help people!!
This is what it says when I track this person's account: View IPs used by goliath Most recent IP address: 24.240.185.62 IPs used in messages: 205.188.116.9, 205.188.117.12, 205.188.117.66, 24.240.185.62, 68.186.161.150, 75.132.55.136 IPs used in error messages: 75.132.55.136 Members possibly in the same range: mrsgoliath, steven, PLAYBOY750, becker1, MSW "GOLIATH" is the person who was an ADMIN and friend. When I look up PLAYBOY750, I see this: View IPs used by PLAYBOY750 Most recent IP address: 205.188.116.68 IPs used in messages: 12.145.232.122, 12.145.232.173, 205.188.116.11, 205.188.116.12, 205.188.116.13, 205.188.116.14, 205.188.116.15, 205.188.116.16, 205.188.116.18, 205.188.116.204, 205.188.116.205, 205.188.116.208, 205.188.116.5, 205.188.116.72, 205.188.116.78, 205.188.116.9, 205.188.117.133, 205.188.117.136, 205.188.117.139, 205.188.117.142, 205.188.117.193, 205.188.117.196, 205.188.117.199, 205.188.117.5, 205.188.117.66, 205.188.117.67, 205.188.117.71, 205.188.117.72, 64.12.116.11, 64.12.116.12, 64.12.116.13, 64.12.116.14, 64.12.116.15, 64.12.116.202, 64.12.116.204, 64.12.116.7, 64.12.116.78, 64.12.116.9, 64.12.117.136, 64.12.117.138, 64.12.117.139, 64.12.117.142, 64.12.117.193, 64.12.117.196, 64.12.117.199, 64.12.117.5, 64.12.117.66, 64.12.117.68, 64.12.117.69, 64.12.117.70, 64.12.117.71, 64.12.117.72, 64.12.117.78, 64.12.117.8 IPs used in error messages: 64.12.116.12 Members possibly in the same range: bluejett, Hacker, don, slaaaaaaaaaaw, oilrigger2323, cevans, Light, steven, MSW, goliath, becker1 As you can see, some of the IP's match up perfectly. See what I mean? Username: "STEVEN" Most recent IP address: 205.188.117.74 IPs used in messages: 172.131.101.64, 172.162.6.118, 205.188.116.10, 205.188.116.12, 205.188.116.13, 205.188.116.136, 205.188.116.15, 205.188.116.18, 205.188.116.203, 205.188.116.5, 205.188.116.6, 205.188.116.68, 205.188.116.7, 205.188.116.72, 205.188.116.9, 205.188.117.12, 205.188.117.129, 205.188.117.14, 205.188.117.143, 205.188.117.16, 205.188.117.199, 205.188.117.203, 205.188.117.6, 205.188.117.66, 205.188.117.67, 205.188.117.68, 205.188.117.72, 205.188.117.9, 64.12.116.10, 64.12.116.11, 64.12.116.12, 64.12.116.13, 64.12.116.136, 64.12.116.137, 64.12.116.145, 64.12.116.15, 64.12.116.16, 64.12.116.18, 64.12.116.195, 64.12.116.199, 64.12.116.20, 64.12.116.201, 64.12.116.204, 64.12.116.6, 64.12.116.65, 64.12.116.7, 64.12.116.80, 64.12.116.9, 64.12.117.13, 64.12.117.138, 64.12.117.14, 64.12.117.66, 64.12.117.67, 64.12.117.68, 64.12.117.69, 64.12.117.70, 64.12.117.72, 64.12.117.77, 64.12.117.9 IPs used in error messages: 64.12.116.8 Members possibly in the same range: PLAYBOY750, bluejett, david72868, bobbb, slaaaaaaaaaaw, oilrigger2323, raleco, cevans, pookey, Light, MSW, Hacker, goliath, becker1, deja vu Okay - that should be enough info to give you an idea of what I'm seeing.
AOL users get allocated IP's constantly, and they change within 1 use. So its quite possible for multiple people to have used the same IP within the AOL network.
no not at all, all the ip addresses you listed above are AOL ip addresses. so it's definately the AOL thing. in short this is whats happening. aol has a load of ip's they can use for customers. aol user connects to internet and get's given ip address x. next time they connect they get aol ip address y. somebody else connects up and get's ip address x. and so it continues. It's all quite normal, nothing to worry about at all, and just the way the net works "dynamic ip address(ing)" is what it's called.
You get a lot of problems with AOL specifically because of this issue. If you write a system that ties a users session to their IP, you find AOL users find your site unusable. You usually have to tie it to only part of their IP (hoping it wont change too much) or abandon ips completely
That all makes no sense...so if the FBI wants to find someone through an IP ADDY, which is esentially a FINGER PRINT, if the user has AOL they just say "Nevermind"?????????? I'm not following this whole thing logistically.
I'm really trying to get to the bottom of this question. Can anyone offer any help. I also am VERY intriqued by this side of the internet and want to understand it. Anyone? THANKS VERY VERY MUCH!
If the FBI were doing it, they'd ask AOL who had the specific IP at the specific time. AOL users get ip's switched constantly, just a fact of life. Have a quick google, you'll see lots of complaints about it
It appears that different users were connected to the same proxy server at AOL. The IP addresses that you are seeing at are not the IP addresses of the individual users' computers. These are the IP addresses of AOL proxy servers. These proxy servers can have hundreds of people from an area using the same IP address at the same time -- oops, faulty evidence
What if the users didn't HAVE AOL? Friggin STALKER! THAT "SOCKSNAPS" is the stalker I was talkin' about!
I have to agree with Socksnaps. It is not just an AOL thing either. AT&T/SBC have similiar issues with proxy servers.