How can I find out the IP-address of another AV?

[Doris Haller]

Hi,

is it possible to find out which IP-address another AV has when logged in? (How ?)

Let's say, a in-world script to enter an avi's name or so and it find out the IP address of the machine where the AV is loged in.

[SimonT Quinnell]

Baeric.Constantine wrote:

There are major security issues in Viewer 2.0 that have NOT been resolved. Web on a prim does have many issues... just think about the passage of passwords, say you want to do online banking....

As for finding IP addresses in viewer 2.0, that, from what I understand, is resoundingly easy with a script... and many have indeed posted on just such a thing in these fora.

Ok .. now this is being a little silly.  Remember that its just a web session displayed on a prim.  Authentaticed sessions like you mention WILL NOT be visable to other people.  All they will see is the logon page and nothing else.

Scruffy

[SimonT Quinnell]

Ackley.Bing wrote:

 

You're wrong.  Here's your interpretation of the TOS:

 

You agree that you will not post or transmit Content or code that may harvest  or collect any data or personal information about other users without  their consent;

According to your interpretation, no one should post media streams at all since IP#s are obtained automatically by them.

That's not my intrepretation .. that is a quote fromt the TOS.  IP addresses while available from a media stream, are not automatically stored and saved for later viewing.  Doing that would be breaking the TOS.

Remember just because somthing is technically possible DOES NOT make it right.

Scruffy

[Linda Spargel]

To clarify a little bit more: The texture on a prim is not the actual website, so to you it is just a graphical interpretation of a page from the website, it has no code or whatsoever behind it (unless off course the prim contains a script as well, this however should always be a script approved by Linden and the ToS). Hence it can not "know" your IP address until you actually physically make contact with that prim and then you will always be redirected to the actual website itself, only then will this website know your IP address.

For more information about what is is and how it works look over here:

https://blogs.secondlife.com/community/features/blog/2010/02/24/shared-media-bringing-the-web-inworld-with-viewer-2

 

Message was edited by: Linda Spargelcorrected a typo

[SimonT Quinnell]

Linda.Spargel wrote:

 

To clarify a little bit more: The texture on a prim is not the actual website, so to you it is just a graphical interpretation of a page from the website, it has no code or whatsoever behind it (unless off course the prim contains a script as well, this however should always be a script approved by Linden and the ToS). Hence it can not "know" your IP address until you actually physically make contact with that prim and then you will always be redirected to the actual website itself, only then will this website know your IP address.

 

The prim itself can act as a webserver so it is relatively trivial to get an IP address into a LSL script.

[Doris Haller]

Is it possible to completely turn off this feature in 2.0 ?

What would be the impact (besides that I can't do online banking from SL anymore, lol)?

[Baeric Constantine]

SimonT.Quinnell wrote:

Ok .. now this is being a little silly.  Remember that its just a web session displayed on a prim.  Authentaticed sessions like you mention WILL NOT be visable to other people.  All they will see is the logon page and nothing else.

Scruffy

If you wish to blind yourself... that is your choice.

[Mitch Triellis]

I know exactly how to do it...but I ain't telling you, hehehehe

[SimonT Quinnell]

Let me give you an example of how people would use this sort of information.

Lets say I set up an IP logger in my store, and for the next month I record the IP address of everyone who enters my store.  At the end of the month I perform an analysis on that data and find to my surprise that a surprising number of people visiting are from Germany.  So I decide to translate my products to German and watch with joy as my sales increase.

It all sounds so innocent BUT no one gave consent for me to collect their location information as they arrived at the store and THIS is breaking the TOS.

Now, as an outsider would someone know I had done this? Not unless I was stupid and said something.  But again just because its hard to prove doesn't not mean collecting this data is your right.

Scruffy

 

Message was edited by: SimonT Quinnell (fixed my spelling

[SimonT Quinnell]

If you wish to blind yourself... that is your choice.

I've tested it with alts.  I suggest you do the same.  Anything that requires you to enter a form with javascript is only displayed for the session that is entering it.  Noone else sees it.

[SimonT Quinnell]

Doris.Haller wrote:

 

Is it possible to completely turn off this feature in 2.0 ?

What would be the impact (besides that I can't do online banking from SL anymore, lol)?

Under the 'Sound & Media' tab in preferences uncheck 'Allow Media to Autoplay'. If you do that you can then chose to allow the shared media that you want display.

Scruffy

[Baeric Constantine]

Testing it with alts... right... get a security company in to do some proper testing then... and let us see what they have to say....

[DR Dahlgren]

First, it is not very difficult for someone to get the IP of a user in SL. There are quite a few methods, depending on the viewer they use. But to what end. For starters, it appears to be against the ToS we all agreed to.

Second, as has been discussed in the forums many time, it gets you nothing. At best a persons IP can be used to determine the ISP they are using and the general geographic area they are in. But even that is marginal. If you use my IP, you get a city more than 70 miles from my actual location. On top of that, most IP's change fairly regularly, so the IP they log may only be valid for a few minutes to a week or so. Websites regularly gather IP information for their logs, especially ones that have a signin requirment. IPs are just not a big deal, web myths and scare tactics asside.

If you are worried that someone might find out your IP from inside SL, I think you are getting worried over nothing. If you stop doing all the things in SL that might, given enough effort, reveal your IP to someone, you are going to miss out on a lot of what SL has to offer.

If you are really trying to figure out how to do it, I would google your question, not ask it here.

_________________________________________

[Faubio Alter]

http://www.ipchecking.com/

 

Type in Secondlife .com about half way down it gives a street address.

[SimonT Quinnell]

Baeric.Constantine wrote:

 

Testing it with alts... right... get a security company in to do some proper testing then... and let us see what they have to say....

Sure .. go for it. Post the report I'd be quite interested to read it. By the sounds of it you haven't bothered to see what is actually shared with shared media.

[AshBeth India]

Agreed that this is something I just can't be stressed about.  I have a different IP every time I connect and if you looked it up you'd find an address ridiculously far away.  On the flip side, doing something like online banking via SL seems just insane to me, esp via 2.0 which does seem to have some significant security holes.  My advice?  Use your secure internet connection for things like that before your go inworld or after you log.  Paranoid?  Perhaps, but why take chances with something so important?  

[renards89 Cerise]

Hi i have same question and lot trouble too i be accuse For be other and he says he have my ip adress and is not me and Xarusdragon he lie or using tool on sl i not know but i think be good to give a warning to stop is **bleep** and my friend i did talk i says same thing like . the forum says . if have tool for see ip well hacker need be banned

[marquisdesoire]

On 4/2/2010 at 6:47 AM, Ackley Bing said:

Knowing someone's IP isn't much use these days as many ISPs change your IP frequently.  If you're PC is vulnerable, YOU are the problem, not the fact that they know your IP.

Not true. First of all, in the US, many ISPs use fixed IPs for home users, and dynamic IP for businesses. Absurd, but it happens. As businesses who run web servers need a fixed IP not a dynamic one, and most business nowadays do run web services. On the other hand, knowing an IP is useless to know your location, but useful for a hacker to attack your computer and hog your internet connection at the very least. Not talking about to spoil your operating system, or even your hard disk. That would would ruin your SL wedding, for example, or your experience in SL in general. Are there people who do such things in SL? unfortunately the answer is a definitive yes! Does Linden do something about it? No, as far as I know. 

So yes, IPs can be used for many evil purposes, even to insert a keylogger, in your computer or access windows 10 keylogs and spy your private conversations (IMs). Does it break the ToS? yes, but prove you've been a victim of such actions. And yes, this also has happened!

Am i the problem if I am vulnerable? definitely not. A hacker knows how to bypass most of internet security products. One does not have to be an expert in computer security for using SL. The problem here are the hackers that use SL, They are the ones who are doing illegal actions against others. I do not have to become a computer security expert, they do not have to do such things in SL!. Where have you seen the victim of a crime has been  considered the problem by a judge?

Edited September 19, 2017 by marquisdesoire

[Alwin Alcott]

8 minutes ago, marquisdesoire said:

First of all,

first of all... look at the date where you resond to... quite irrelevant after more than 7.5 years...

till now you have the weekly record for posting in a necro thread ..

[Callum Meriman]

Yay redzone.

[Madelaine McMasters]

3 hours ago, marquisdesoire said:

Where have you seen the victim of a crime has been  considered the problem by a judge?

Where have you seen a judge who ignores the statute of limitations?

;-).

Edited September 19, 2017 by Madelaine McMasters

[BLUEBALL8]

https://marketplace.secondlife.com/p/Land-Security-No-Bots-Ban-Bots/24673231?page=10

https://gyazo.com/8cc5fbcbd9c2f1492920f93d1e32e665

 does this  item is like the  voodoo red zone  that was giving the IP ? 

when you get to a land  there is a pop up  asking you to click it 

is this legal?

Quantum Products Land Security : No-Bots
▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂▂

● Thank you for confirming your human status.

● You are now welcome to enter the region 'Arcane'.

● Protect your home from Bots using No-Bots available on Marketplace : https://marketplace.secondlife.com/p/Land-Security-No-Bots-Ban-Bots/24673231

 

[Robberinthemuseum]

This thread is terrifying. Don't go stalking someone into rl. Jesus Christ. OP if the person won't give their ip when you ask, accept they don't want to share it with you. If you're bothered by alts, it's something you have to get over. Most people have alts for various reasons.

[Qie Niangao]

3 hours ago, BLUEBALL8 said:

Quantum Products

Lol. Try shouting "!quit" at it. That oughta work. (IYKYK)

Anyway, this thread is really old and it's not immediately obvious what this "anti-bot" device is actually doing. It's certainly possible that this scripter is collecting a database of IP addresses for reasons unrelated to bot detection, especially if it's requiring users to connect to a website to "confirm their human status" or whatever. And yeah, if they had that database they could identify "alts" much as RedZone did (i.e., sometimes correctly).

But perhaps surprisingly, there's no actual rule against doing that as long as they don't tell anybody who they think they've identified to be an alt of whom.

Whatever the hysteria, somebody will be along selling a snake oil solution to the latest problem.