LD SoftwareBespoke Software, Web Design, Security Consultants and Host Services.

Menu

Sentinel
You have been warned!
We have caught 5848 shameful hackers.

NukeSentinel(tm)

Paypal Referral
Sign up for PayPal and start accepting credit card payments instantly.

Link Exchange
Join our free link exchange

Click Here
 
IP Tracking module

8.3.6. IP Tracking module

Figure 8-21. IP Tracking module: IP Tracking Info.

IP Tracking module: IP Tracking Info.



To track your visitors' IP address, you can use the IP tracking module. Get it at the Downloads section of ierealtor. After installation and activation of the module, a click on the "IP Tracking" link in the Modules block will display the "IP Tracking Info", a list of IP addresses that accessed the site (Figure 8-21). You can order the list by ascending or descending order of its column fields, by clicking on the respective up- and down-arrows.

Tip Lazy man's Logfile Inspection
 

Nothing beats regular inspection of the real web server logfiles - but if you are lazy, you want a quick info of what is going on, or you cannot do otherwise, the IP Tracking module will give you a quick solution to your logfile inspection problem. In the Page View Info (Figure 8-22), be attentive to URL parameters that pass Javascript code or SQL queries to the database - they are a clear indication of cross-scripting (Section 23.3.1) and SQL injection (Section 23.3.2) attempts at your site respectively.

Figure 8-22. IP Tracking module: Page View Info.

IP Tracking module: Page View Info.



The IP addresses themeselves are links to a detailed view, the "Page View Info" (Figure 8-22). It lists the pages that were requested by that IP address. Again, you can order the list by name or date using the arrows on the table header. Note: administrators won't appear online since they are not entered in the nuke_session table.

Caution Code corrections necessary for PHP-Nuke v. 6.0 and/or old PHP versions!
 

If you get the error:

You can't access this file directly...

then you are using an old PHP version that does not understand the _SERVER superglobal. Edit the index.php file of the module and change:

if (!eregi("modules.php", $_SERVER['PHP_SELF'])) {

to:

if (!eregi("modules.php", $PHP_SELF)) {

You also have to edit iptracking.php. Change:

$ip = $_SERVER["REMOTE_ADDR"] ;

to:

$ip = $HTTP_SERVER_VARS["REMOTE_ADDR"] ;

and

$pg = $_SERVER["SCRIPT_NAME"];

to:

$pg = $HTTP_SERVER_VARS["SCRIPT_NAME"];

and

if (($_SERVER["QUERY_STRING"]) != "") 
{ $pg = $pg . "?" . $_SERVER["QUERY_STRING"] ; }

to:

if (($HTTP_SERVER_VARS["QUERY_STRING"]) != "") 
{ $pg = $pg . "?" . $HTTP_SERVER_VARS["QUERY_STRING"] ; }

If you are getting MySQL errors like the one of Section 3.9.2, complaining about non-valid MySQL result resources, then you are probably using an old PHP-Nuke version (like 6.0, for example) that uses the field "username", instead of "uname" in the nuke_session table. In this case you have to change "uname" to "username" in the two WHERE clauses of the index.php file of the module. Change:

$res = sql_query("select * from ".$prefix."_session 
where uname='$username' and host_addr='$ip'", $dbi);

to:

$res = sql_query("select * from ".$prefix."_session 
where username='$username' and host_addr='$ip'", $dbi);

and

$res2 = sql_query("select * from ".$prefix."_session 
where host_addr='$ip' and host_addr=uname", $dbi);

to:

$res2 = sql_query("select * from ".$prefix."_session 
where host_addr='$ip' and host_addr=username", $dbi);

If your main motivation for using the IP tracking module is to be able to ban certain annoying visitors from certain IPs, check also the Protector module (Section 8.3.7) for a ready-made, full-featured solution to IP banning, as well as Section 23.5 for a quick, do-it-yourself hack.

 
You can syndicate our News with backend.php And our Forums with rss.php
You can also access our feeds via Feedburner Site News and LD Software Forums
© 2009 ld-software.co.uk All Rights Reserved.
PHP-Nuke Copyright © 2005 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 1.49 Seconds