: What kind of information can websites collect about a user/client? This is a multi-part question: 1) What kind of information can websites collect about someone (someone's computer or device) when
This is a multi-part question:
1) What kind of information can websites collect about someone (someone's computer or device) when they visit your website?
I know we log IP's, and can determine your zipcode, OS, browser type and native language but what else?
2) Is there any information collected and logged by the website that can be used to trace a connection back to a specific computer? Do computers, devices and phones, etc send some kind of unique ID to a website?
I understand that law enforcement may be able to do this, but can this be done by a webmaster?
3) If someone attacks our website like a denial of service attack can we get the identity of or ban a specific computer/device? Or does someone like the FBI have to be enlisted to trace an attack to a specific device? I know we can ban IPs.
I am sure this question has been asked somewhere before but I have had no luck finding an answer. I tried searching for this here and through google but I don't think I know the proper search terms.
Please use laymen's terms as I am not particularly web-savvy.
More posts by @Gail5422790
2 Comments
Sorted by latest first Latest Oldest Best
What kind of information can websites collect about someone (someone's computer or device) when they visit your website?
I know we log IP's, and can determine your zipcode, OS, browser type and native language but what else?
Off the top of my head -
Your IP.
From your IP, location information, sometimes down to city level, sometimes not. Sometimes there is even more information, e.g. if you are accessing the Internet from a University campus. The ISP will usually know the identity of the user, but that is only available to law enforcement.
From the accept-language header, user language(s) that have been set in the browser. This is freely manipulable by the user (i.e. you can't trust this information, especially in the context of an attack.)
From your user agent string, the browser version, possibly some of the installed extensions, and the operating system. This is freely manipulable.
From the accept: header, sometimes information about installed programs, although this is not very reliable. This is also freely manipulable.
From making a JavaScript call - your local time on your computer, your screen resolution, possibly more information about installed plugins like Java and Flash. Freely manipulable.
From making a HTML 5 geolocation request in the browser - the geographical location of the user as determined by GPS, WLAN, or other means. Needs the user's consent and is freely manipulable.
2) Is there any information collected and logged by the website that can be used to trace a connection back to a specific computer?
In many countries, law enforcement can usually find out whose connection was used to make a request from a certain IP at a certain time. ISPs will store this information for exactly this purpose.
However, generally, not even law enforcement have a reliable way of telling which individual computer was behind a request. There could be any number of computers behind an IP address, and most routers don't log which of their client computers made which request when.
There are unreliable ways of identifying a machine that has previously visited a site - the most popular is storing a cookie with a random hash in the user's browser. That cookie can be used to identify that machine on subsequent accesses. However this can be falsified (by copying the cookie across), and you have to know which machine you placed the cookie on in the first place, which you usually can't.
Do computers, devices and phones, etc send some kind of unique ID to a website?
No.
If it's a simple denial of service attack DoS (from a small number of computers) you should report it to the authorities, as they have the means to track the sources, and if possible, identify them and bring them to court. I do not recommend amateur detective work to track attackers. We pay taxes for a reason.
To solve the DoS temporarily, the ISP provider of the server company can also block requests from a range of IP's to your server, among many other solutions. This fix will work until the attackers find another range of IP's to attack from. Then your server company will report again to their ISP...
If it's a distributed denial of service attack DDoS, the attacking requests may come from thousands of computers all over the world. The owners of this computers usually do not know their machines are being controlled by the attacker. If it's well planned and executed, this kind of attack is almost impossible to stop without shutting down the website. Few attacks are well planned and executed and there's solutions that work for most attacks. The key is in finding something that can differentiate legit traffic from the attack.
The most common solution to a well executed DDoS is to transfer the site to a server infrastructure that can handle it or wait and hope the "zombie" machines find another target. Well executed and effective DDoS are rare, as they require to create and infect many computers with trojan horses, and most attackers do not have capacity to do it.
serverfault.com is the site to go for a more detailed explanation.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.