Announcement

Collapse
No announcement yet.

Sig images that display IPs

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Sig images that display IPs

    Hi,
    Noticed some people have a sig with an image that display some information about the IP of the broswer currently viewing the thread and OS. Can anyone explain how this work? Or you can provide a link to where I can get more information

    Thanks.

  • #2
    Its based on your useragent, which can be spoofed.

    Comment


    • #3
      Thanks Zachery

      How can I learn more about creating such images?

      Comment


      • #4
        They are created on the fly by some sort of server side scripting, like php, it reads your useragent and from this it can tell you about your computer ISP and IP depending

        Comment


        • #5
          Aha, I've seen couple of people using it here. Not sure how. The image comes from a server, but how come the server know about the broswer viewing the page and the IP?!!
          Is it a security risk? Can someone insert a harmful script there?

          Thanks

          Comment


          • #6
            Its not actually an image at first, its a php or asp script, and it displays an image, just an image at the end, i suppose.

            Comment


            • #7
              Hmm, you mean vB.com allow scripts in sigs?

              Comment


              • #8
                Yes, a php script is called instead of the .jpg, it gets the IP and with the GD lib it takes a .gif image and creates a new one, sets mime type and shows the new image.

                Comment


                • #9
                  Isn't that risky? wouldn't that cause any cookies kind of xss?

                  Comment


                  • #10
                    The image it returns is really an image, I don't see how it could exploit.

                    Comment


                    • #11
                      But the script that calls the image, wouldn't it be possible that it can include some evil code?

                      Comment


                      • #12
                        The script resides on a foreign server. There is no more risk than viewing an ad.

                        The script gets a request for the "image" (generally something like image.php) which reads your useragent from the request and also knows your ip. It generates the text, and inserts it into an image using php's image functions and returns an image.

                        Simple, and no more risk than viewing an image.

                        Comment


                        • #13
                          Wastes a bit more processing time than an advert though

                          Its basically a pre-built image with some big white space for text to be entered. You then parse useragent for OS and Browser combined with $_SERVER['REMOTE_ADDR'] you have all you need.

                          Write the sentence and then use GD2 to add the text over the image and you've got yourself the new image.
                          Scott MacVicar

                          My Blog | Twitter

                          Comment


                          • #14
                            Ok, now I got it, so the script is processed in SERVER not the SIGNATURE SPACE in showthread.php. I guess this should not be a problem.

                            Comment


                            • #15
                              yeah they just do



                              You upload the script as blah.jpeg even though its really a PHP script and then use ForceType to force apache to parse the jpeg as php.
                              Scott MacVicar

                              My Blog | Twitter

                              Comment

                              widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                              Working...
                              X