1
zer0fill
Spy on anonymous users :-)
  • 2004/6/10 9:51

  • zer0fill

  • Not too shy to talk

  • Posts: 137

  • Since: 2003/12/2


Updated 9/1/04 to work with 2.0.7.1 Zip File

I'm the curious type so I made this hack to find out who my normal visitors are that are just looking "anonymous"ly. This script is hard-coded for only admins.

./misc.php ~line 208 & 215 (red text)
for ($i 0$i $count$i++) {
            
$class = ($class == 'odd') ? 'even' 'odd';
            echo 
'.$class.'">';
            if (
is_object($onlineUsers[$i]['user'])) {
                
$avatar $onlineUsers[$i]['user']->getVar('user_avatar') ? '.XOOPS_UPLOAD_URL.'/'.$onlineUsers[$i]['user']->getVar('user_avatar').'" alt="" />' ' ';
                echo 
''.$avatar."javascript:window.opener.location='".XOOPS_URL."/userinfo.php?uid=".$onlineUsers[$i]['user']->getVar('uid')."';window.close();">".$onlineUsers[$i]['user']->getVar('uname')."";
            } else {
                echo 
' '.$xoopsConfig['anonymous'];
                [
color=ff0000]// create the list of anonymous user ips
                
$anon_ips[] = $onlines[$i]['online_ip'];[/color]
            }
            if (
$isadmin == 1) {
                echo 
'('.$onlineUsers[$i]['ip'].')';
            }
            echo 
''.$onlineUsers[$i]['module'].'';
          [
color=ff0000]// show link to spy on every anonymous ip
          
if ($isadmin == && count($anon_ips))
          {
            
$anon_ips implode('|',$anon_ips);
            echo 
'/modules/admintools/index.php?tool=iplookup&ip='.$anon_ips.'';window.close();">Anonymous Lookup';
          }[/
color]
        }
        echo 
'';

create a folder called admintools in your modules directory (./modules/admintools/)

./modules/admintools/header.php
include "../../mainfile.php";

./modules/admintools/index.php
include "header.php";
include 
XOOPS_ROOT_PATH."/header.php";
global 
$xoopsDB;
$isadmin = ($xoopsUser && $xoopsUser->isAdmin()) ? 0;
if (
$isadmin===1)
{
  
// find which tool to use
  
switch ($_GET['tool'])
  {
    case 
'iplookup':
      
// convert the string of ip#s from the uri to an array
      
$iplist explode('|',$_GET['ip']);
      
// go though each ip
      
foreach($iplist as $ip)
      {
        
// separate ip into ocets
        
$ip_array explode('.',$ip);
        
// find the possible user
        
        
$partial_ip '';
        echo 
'Looking up '.$ip.' ('.gethostbyaddr($ip).')';
        
        
// used to append the dotted decimal to the parial ip's; 
        //   prevents matching 24% which could match 244. than the intendd 24.
        
$dot '.';
        
$wild '%';
        foreach (
$ip_array as $key=>$octet)
        {
          
$lookup[$key]['result'] = '';
          
// removes the dotted decimal if on the last octet and wildcard
          
if ($key 2
          {
            
$dot '';
            
$wild '';
          }
          
$partial_ip .= $octet.$dot;
          
$sql 'SELECT u.uname, bb.poster_ip, u.uid
                  FROM xoops_bb_posts as bb
                  INNER
                   JOIN xoops_users as u
                     ON bb.uid = u.uid
                  WHERE bb.poster_ip LIKE "'
.$partial_ip.$wild.'"
                  GROUP BY u.uname'
;
          
          
$result $xoopsDB->query($sql);
          
$sql.'';
          
          
// display output
          
$lookup[$key]['ip'] = 'IP: '.$partial_ip.''
;
          
          while (
$user $xoopsDB->fetchArray($result))
          {
           
$lookup[$key]['result'] .= '.XOOPS_URL.'/userinfo.php?uid='.$user['uid'].'" target="_blank">'.$user['uname'].'';
          }
          
// append the dotted decimal to the octet
          
        
}
        
        
// display the results in reverse order (exact ip to broad)
        // first flip the order of the array
        
rsort($lookupSORT_NUMERIC);
        foreach (
$lookup as $output)
        {
          echo 
$output['ip'].$output['result'];
        }
      }
      break;
    default:
      echo 
'No tool selected';
  }
}
else
{
  echo 
'You must have administrative access to enter this area';
}
include 
XOOPS_ROOT_PATH."/footer.php";
?>

The new popup box when clicking "more..." from who's online with "anonymous lookup"
Resized Image
The result page. It checks from exact to broad comparing against ip's from forum posts. eg: full ip is 1.2.3.4, it will check 1.2.3.4 then 1.2.3.% then 1.2.% then 1.% for every anonymous user. there were 2 in this example.
Resized Image


You might notice that my who's online popup shows the reverse dns, it's because i also edited the ./misc.php file ~line 194 to
$onlineUsers[$i]['ip'] =[b]gethostbyaddr([/b]$onlines[$i]['online_ip']);

2
Ace_Armstrong
Re: Spy on anonymous users :-)

Wow. Great hack!

Hope this gets adopted into the core. It's very useful, especially if you have someone abusing the site.

3
-Page
Re: Spy on anonymous users :-)
  • 2004/9/1 4:07

  • -Page

  • Just popping in

  • Posts: 74

  • Since: 2004/7/16


When I put this code on to ./misc.php ~line 223
I get this error.
-----------------------------------------------
Parse error: parse error, unexpected T_CASE in /my path/misc.php on line 241
-----------------------------------------------
I tried adding it to the line as well as replacing the line. (you didn't specify) but got the same error either way.

Quote:
echo ''.$onlineUsers[$i]['module'].'';
}
}
// show link to spy on every anonymous ip
if ($isadmin == 1 && count($anon_ips))
{
$anon_ips = implode('|',$anon_ips);
echo 'Anonymous Lookup';
}
echo '
';
if ($online_total > 20) {


Also, How could I get it to specify both the IP AND the reverse DNS? - Like have the IP on top and the full reverce DNS below it?

Thanks!

- SUPER cool hack!!

4
zer0fill
Re: Spy on anonymous users :-)
  • 2004/9/1 4:26

  • zer0fill

  • Not too shy to talk

  • Posts: 137

  • Since: 2003/12/2


Can you paste lines 238 to 245 (indicate which is line 241)? My guess is that the break; or something around line 241 is missing a semi-colon (;). I made a screenshot of how the code should be. This system is still using v2.6 so if you're using 2.7.x, it may look different.

The reverse DNS is in parathensis when searching for the exact ip. ex:

Looking Up 1.2.3.4 (example.com)

5
-Page
Re: Spy on anonymous users :-)
  • 2004/9/1 22:24

  • -Page

  • Just popping in

  • Posts: 74

  • Since: 2004/7/16


Thanks for your reply zer0fill!

This is my ORIGONAL misc.php between lines 233 and 245

Quote:
$file = XOOPS_CACHE_PATH.'/'.trim($HTTP_GET_VARS['file']);
if (file_exists($file)) {
include($file);
@unlink($file);
}
}
break;
case 'ssllogin':
if ($xoopsConfig['use_ssl'] && isset($HTTP_POST_VARS[$xoopsConfig['sslpost_name']]) && is_object($xoopsUser)) {
include_once XOOPS_ROOT_PATH.'/language/'.$xoopsConfig['language'].'/user.php';
echo sprintf(_US_LOGGINGU, $xoopsUser->getVar('uname'));
echo '
';
$closebutton = false;
}
break;
default:
break;
}
(>>Line 241 >>)if ($closebutton) {
echo '
';
}
xoops_footer();
}


And my misc.php file with your code. Lines 222 to 245

Quote:
echo ''.$onlineUsers[$i]['module'].'';
}
}
// show link to spy on every anonymous ip
if ($isadmin == 1 && count($anon_ips))
{
$anon_ips = implode('|',$anon_ips);
echo 'Anonymous Lookup';
}
echo '
';
if ($online_total > 20) {
if ($xoopsUser && $xoopsUser->isAdmin()) {
$file = XOOPS_CACHE_PATH.'/'.trim($HTTP_GET_VARS['file']);
if (file_exists($file)) {
include($file);
@unlink($file);
}
}
break;
(>>Line 241 >>) case 'ssllogin':
if ($xoopsConfig['use_ssl'] && isset($HTTP_POST_VARS[$xoopsConfig['sslpost_name']]) && is_object($xoopsUser)) {
include_once XOOPS_ROOT_PATH.'/language/'.$xoopsConfig['language'].'/user.php';
echo sprintf(_US_LOGGINGU, $xoopsUser->getVar('uname'));
echo '
';
$closebutton = false;
}

Thanks again for your help zer0fill, - You Rock! :)

6
zer0fill
Re: Spy on anonymous users :-)
  • 2004/9/2 2:26

  • zer0fill

  • Not too shy to talk

  • Posts: 137

  • Since: 2003/12/2


I decided to provide a zip file (see updated first post) to make it easy on everyone wanting to use this. After revewing the provided information, it seems that there were some missing pieces of the code that wouldn't make it work at all.

Anyways, grab the zip, backup the misc.php, and copy to /modules/ as usual (you do NOT need to "install" the module like you would with real modules).

It should work up to v2.7.0.1

7
-Page
Re: Spy on anonymous users :-)
  • 2004/9/2 5:41

  • -Page

  • Just popping in

  • Posts: 74

  • Since: 2004/7/16


Thanks zer0fill, the Spy.zip was a good idea.

I dropped that misc.php file on my server and there are no errors.

- Keep hacking, - You da man!

8
zer0fill
Re: Spy on anonymous users :-)
  • 2004/9/2 8:00

  • zer0fill

  • Not too shy to talk

  • Posts: 137

  • Since: 2003/12/2


Thanks for the kind words Ace_Armstrong and Page-

I will do my best and keep posting any hacks I make.

Login

Who's Online

428 user(s) are online (319 user(s) are browsing Support Forums)


Members: 1


Guests: 427


Runeher2,

more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits