Web Development

General discussion


Identifying attacking computers

By SouthernWolf ·
I run a php based website and I frequently receive email notifications of various attacks on my site, script, admin, author, etc. I have good site protection using NukeSentinel? which blocks attackers and emails me, such emails contain the IP of the attacker although this may be spoofed. My question is: Is there a way to obtain the unique machine identification of an attacking computer so that coupled with the IP the location of an attacker can be precisely situated, down to the city and street address? I ask this out of curiosity mainly though it would be nice to know that a specific attacker, say, lived on the third floor of a certain house in Amsterdam!

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

interesting question...

by setantapc In reply to Identifying attacking com ...

That is a good question. As stated, the IP may be from a relay zombie so it may not be "the real" attacker.

I have had friends who had used versions of a firewall software called "Black Ice Defender" that stopped attacks and also apparently showed where attacks were coming from, but I haven't heard of them for some time now... does anyone know if they are still alive ??

Also, even if you could pinpoint the attacker what would you do with the info ?? I remember working phone support (cubicle phone monkey) for a popular Cable BroadBand High Speed Internet Provider and receiving calls from users saying that they were being compromised from PC's that were part of our network. The standard responses were, if the user was also part of our network... email abuse and let them know, if caller was not part of our network, "thank you for calling ISP XYZ, please leave your information at the tone" -- disconnect call.

This was a few years back, so I just wonder how many ISP's if a user called in and said their PC was being virtually assulted would perform any kind of action to prevent further episodes and to actually find and punish the perpitrator (sp ?) for his e-misdeeds.

Collapse -

just curiosity

by SouthernWolf In reply to interesting question...

As I said it is just curiosity that leads me to wonder whether a unique computer name can be obtained of attacking computers. I certainly have no interest in traveling all over the world to confront a script kiddie. LOL Hackers tend to be well hidden behind layers of zombies and spoofed IPs so it's doubtful that even a unique ID would reveal the true attacker. You're right that informing abuse@xyz.isp does no good and I don't bother. I just ban a few octets of the perp IP though of course I don't know if I'm banning a zombie or a spoof. It's a shadowy game website admins play with hackers but I do have a few countermeasures even if I don't know for sure where the attacker resides.

Collapse -

Probably No

by jmgarvin In reply to just curiosity

It is too easy to use a zombie or an anonomyizer rather than do it from their own box.

Plus, beyond that, you can IP spoof pretty easily and you'll never know where the real attack is coming from.

My suggestion to you: blacklist the IP. It will save you time and effort and is probably worth it in the long run.

Collapse -


by SouthernWolf In reply to Probably No

It probably would save me trouble to just ban the host in .htaccess or with a hosts.deny... but some of my friends have the same ISP as the attackers, so what's a webmaster to do? I pick the nits off one by one LOL

Related Discussions

Related Forums