Jump to content


Photo

They know where I live...


  • Please log in to reply
5 replies to this topic

#1 DaveP2

DaveP2

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 23 May 2007 - 11:02 AM

Hi!
I dont know if I have a problem - I hope this is the correct forum to start in, as I suspect that at least part of my physical location is getting out. It did occur that this might be something as mundane as backtracking from my PC's address, hence my uncertainty.

When surfing I sometimes find myself on a page that features Adult Friend Finder. When this first happened the "young lovelies" were described as located in New York, or London. I recently noticed that the addresses given appear to have homed in on my own post town. Is this something to worry about?

I'm running XP Home, using IE 6, with Windows Firewall, Fully updated. I have been using Ad Aware and Spybot for some time, neither have found anything recently. I have read the FAQ. Ewido isn't available for download anymore, but I have also been using AVG 7.5 Antimalware, and that hasn't found anything either.

Any advice gratefully received, especially if it's Your OK! (Iwish)

#2 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,442 posts

Posted 23 May 2007 - 06:05 PM

I can't tell you if you have an infection based on the information you have provided... However, what you are describing is a result of cookies placed on your computer when someone told a site where you live... This might have been when you were conducting a search and put in your zip code or some other bit of residential info... If you clean out your cookies, you will find that the advertisers no longer know where you are...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#3 Tuxedo Jack

Tuxedo Jack

    Creator of TuxPE, a Cat5-o'-9-Tails, Etherkillers, and more

  • Expert
  • PipPipPipPipPip
  • 1,758 posts

Posted 26 May 2007 - 12:47 AM

It's a simple Javascript function - they pull the IP address that's requesting the page and then run WHOIS to find out what ISP it's assigned to, then parses that to guess the municipality.

It's child's play to do, so don't worry.
Signature file is under revision. This will be back shortly.

#4 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,442 posts

Posted 26 May 2007 - 01:12 AM

It's a simple Javascript function - they pull the IP address that's requesting the page and then run WHOIS to find out what ISP it's assigned to, then parses that to guess the municipality.

It's child's play to do, so don't worry.

That may be true in some cases, but it is cookie based in others...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#5 DaveP2

DaveP2

    Member

  • Full Member
  • Pip
  • 2 posts

Posted 27 May 2007 - 04:40 PM

That's a relief, Thankyou!
I did try to post a couple of nights ago but the site seemed to be running extremely slowly and I decided to try later. I was going to report that I had experimented with clearing cookies beforehand but that it hadn't helped. There is only a handful of sites that have my physical location (e bay and 3 or 4 forums) and I actually went to the trouble of selectively visiting them in turn in order to try to find out which one's cookie was being read by a third party...
So, the IP address can readily be tracked back to a town/city - much the same as a phone number. I had started to wonder if that could be the case, and its good to get my suspicions confirmed - I dont see that as something to worry about!
Thenks again
I've only become aware of the phenomenon in the last 2 or 3 months - Care to speculate about the timing?

#6 racooper

racooper

    Master of my own Domain

  • Retired Staff
  • PipPipPipPipPip
  • 1,420 posts

Posted 29 May 2007 - 11:51 PM

IP's can be tracked back to the originating network. Now, if your ISP has their IP's Reverse-DNS mapped to names, it's possible to track those even further. For example: I did a traceroute from my home PC to www.google.com. The closest identifying link to me was step 4: my ISP's gateway router to a tier 2 carrier, named "g0-9.na21.b001035-1.iah01.atlas.cogentco.com". I can parse that name down a little further based on knowledge of the area; "IAH" probably refers to Houston's Bush Intercontinental Airport, airport code IAH. That at least narrows me down to the Houston metro area; I'm actually not in Houston, but close enough. Most ISPs, especially DSL providers, resolve their client IP blocks to a recognizable name for troubleshooting purposes.

Now, if I'm using dial-up and calling, for example, AOL's 800 number, you're not going to track that back to my hometown, because their 800 number probably answers somewhere in Virginia or another national modem pool. (not that I would dream of using AOL, but it's a handy example).

Geolocation has been used for a while now, but it's become more common in the last few years. You can look at http://www.dnsstuff....geolocation.htm for more info. I noticed, however, that their location of my IP address is Webster, TX, which is about an hour South and East of my actual location. So it's not perfect...and I have a static IP block, so it's not going to change based on the whims of DHCP.




Member of ASAP and UNITE
Support SpywareInfo Forum - click the button