NukeCops

8.3.6. IP Tracking module

Figure 8-21. IP Tracking module: IP Tracking Info.

IP Tracking module: IP Tracking Info.

To track your visitors' IP address, you can use the IP tracking module. Get it at the Downloads section of ierealtor. After installation and activation of the module, a click on the "IP Tracking" link in the Modules block will display the "IP Tracking Info", a list of IP addresses that accessed the site (Figure 8-21). You can order the list by ascending or descending order of its column fields, by clicking on the respective up- and down-arrows.

Lazy man's Logfile Inspection

Nothing beats regular inspection of the real web server logfiles - but if you are lazy, you want a quick info of what is going on, or you cannot do otherwise, the IP Tracking module will give you a quick solution to your logfile inspection problem. In the Page View Info (Figure 8-22), be attentive to URL parameters that pass Javascript code or SQL queries to the database - they are a clear indication of cross-scripting (Section 23.3.1) and SQL injection (Section 23.3.2) attempts at your site respectively.

Figure 8-22. IP Tracking module: Page View Info.

IP Tracking module: Page View Info.

The IP addresses themeselves are links to a detailed view, the "Page View Info" (Figure 8-22). It lists the pages that were requested by that IP address. Again, you can order the list by name or date using the arrows on the table header. Note: administrators won't appear online since they are not entered in the nuke_session table.

Code corrections necessary for PHP-Nuke v. 6.0 and/or old PHP versions!

If you get the error:

You can't access this file directly...

then you are using an old PHP version that does not understand the _SERVER superglobal. Edit the index.php file of the module and change:

if (!eregi("modules.php", $_SERVER['PHP_SELF'])) {

to:

if (!eregi("modules.php", $PHP_SELF)) {

You also have to edit iptracking.php. Change:

$ip = $_SERVER["REMOTE_ADDR"] ;

to:

$ip = $HTTP_SERVER_VARS["REMOTE_ADDR"] ;

and

$pg = $_SERVER["SCRIPT_NAME"];

to:

$pg = $HTTP_SERVER_VARS["SCRIPT_NAME"];

and

if (($_SERVER["QUERY_STRING"]) != "") 
{ $pg = $pg . "?" . $_SERVER["QUERY_STRING"] ; }

to:

if (($HTTP_SERVER_VARS["QUERY_STRING"]) != "") 
{ $pg = $pg . "?" . $HTTP_SERVER_VARS["QUERY_STRING"] ; }

If you are getting MySQL errors like the one of Section 3.9.2, complaining about non-valid MySQL result resources, then you are probably using an old PHP-Nuke version (like 6.0, for example) that uses the field "username", instead of "uname" in the nuke_session table. In this case you have to change "uname" to "username" in the two WHERE clauses of the index.php file of the module. Change:

$res = sql_query("select * from ".$prefix."_session 
where uname='$username' and host_addr='$ip'", $dbi);

to:

$res = sql_query("select * from ".$prefix."_session 
where username='$username' and host_addr='$ip'", $dbi);

and

$res2 = sql_query("select * from ".$prefix."_session 
where host_addr='$ip' and host_addr=uname", $dbi);

to:

$res2 = sql_query("select * from ".$prefix."_session 
where host_addr='$ip' and host_addr=username", $dbi);

If your main motivation for using the IP tracking module is to be able to ban certain annoying visitors from certain IPs, check also the Protector module (Section 8.3.7) for a ready-made, full-featured solution to IP banning, as well as Section 23.5 for a quick, do-it-yourself hack.