08-19-2004, 10:31 PM
|
|
|
Confirmed User
Join Date: Aug 2004
Location: unknown
Posts: 1,449
|
Quote:
Originally posted by SplitInfinity
I have caught your hacker!
Here is the lowdown.....
To find the hacker you must first find out who owns those domains.....
And the only way to see who owns those domains (because the info is fake)
is to find out WHO is receiving the emails for the domain's contact email account,
which for all those domains, is the same person.
This person uses a yahoo email address, and getting the info on who owns
an email account from yahoo would be very difficult, especially considering
they most likely filled in fake info there as well. So why not get their IP from yahoo you ask? Because yahoo won't help you without a subpeona.....
Even friends I have at yahoo can't help me because they do not allow access
to logs except to their legal dept. which is a pain to deal with as well.....
So, I ask myself, If this person is using a yahoo web based email account to check his mail, and we need his IP address to identify him, let's get the IP already!
I decided to email an artifical spam mail to him. The secret here is that
he is the ONLY one getting this spam mail. I used a rather catchy subject
that he COULD NOT RESIST:
"Hacker Caught?"
When he looked at the email, it was nothing special. I made it look like an
ad to an online casino. He would take a peek at it, then most likely just delete it
thinking to himself, "fucking spammer!", while his heart pumped heavily thinking
perhaps he had been caught.
What he DID NOT KNOW that happened behind the scenes is that in the spam
mail, the only image that was loaded in the email was an invisible 1x1 pixel.
All other items in the mail were HTML.
This 1x1 hidden pixel was loaded off of MY server using an image name that NO ONE would know. In fact, the image doesn't even exist and since I set the
height and width of the image to 1, he would not see a broken image in there
anyways..... this would simply generate a couple log entries on my server
letting me know HIS HOME COMPUTERS IP ADDRESS because in order to use
yahoo mail, you have to use a web browser, and he certainly did!!!
Because the image does not exist on my server, but his browser tried to load it,
his accessing his yahoo mail led to 2 entries in my server logs. One is the access_log entry, and the other, when the image could not be found, was the error_log entry.
The URL to the non-existant image is: http://www.splitinfinity.com/themainman
access_log entry:
195.131.125.119 www.splitinfinity.com - [19/Aug/2004:01:01:46 -0700] "GET /themainman HTTP/1.1" 302 302 "http://us.f403.mail.yahoo.com/ym/ShowLetter?MsgId=1922_1014156_59656_1208_1013_0_84 6_4944_1839376362&Idx=0&YY=48958&inc=25&order=down &sort=date&pos=0&view=&head=&box=Inbox" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040707 Firefox/0.9.2"
error_log entry:
[Thu Aug 19 01:01:46 2004] [error] [client 195.131.125.119] File does not exist: /home/split/splitinfinity.com/public_html/themainman, referer: http://us.f403.mail.yahoo.com/ym/Sho...ead=&box=Inbox
******** His IP address is: 195.131.125.119 **********
This is most likely a dynamic IP, but, since we know the time and date of the
access, we can call the IP owner (his ISP as listed below) and perhaps get
that information. I will continue to send him some of these emails and
log all the ip ranges he comes from, which im sure at this point will all be
the same isp since it is a broadband connection on his end.
w00000h00000!
betcha he didn't see that coming.
|
hahaha nice!
owned.
__________________
"I felt victimized by the Ian Eisenbergs of the world" - Mary Burger
|
|
|