Hello,
What do you think about the bot that protects the server against so-called IPLoggers? I have one, if anyone would be interested, I invite you to a private message!
Is this a scam?
What is an âIPLoggerâ supposed to be anyway? You leave your IP address anywhere you go as itâs pretty much your address on the Internet.
But the TeamSpeak server usually doesnât expose clientâs IP addresses unless someone has the b_client_remoteaddress_view privilege and Iâm not aware of any P2P connections going on between TeamSpeak clients.
So what exactly is an âAntyIPLoggerâ supposed to do here and how does it even work?
If you donât want your IP address to appear, there are things like VPNs and anonymous proxies. But as far as I am aware, the only thing which really protects against leaking oneâs IP address is the Tor network because it goes through so many hops that itâs practically impossible to trace back.
So please enlighten us.
And I think we donât want any shady private message things going on here. If itâs a legit thing, why would you need to hide it?
Iâll be honest, Iâm skeptical as wellâŚ
If there are private or clan channels on public servers then someone may want to get someoneâs ip address without having access to it. Just paste the link in the channel as a graphic and a person wanting to have an IP of a user gets information on the page about ip etc. It is legal, but I was afraid that when I would share the files of this bot I could have some problems from the board of the forum.
$logs = $ts->getElement(âdataâ, $ts->logView(50, 0, 0, 0));
$timeStart = microtime(true);
# GĹĂłwna czÄĹÄ kodu
for($i = 0; $i <= 49; $i++){
if(!empty($logs[$i])){
foreach($logs[$i] as $log){
if(strstr($log, "channel")!==False && strstr($log, "|VirtualServerBase|1 |channel '")!==False){
$data = explode("|VirtualServerBase|1 |channel '", $log);
$moreData = explode("(id:", $data[1]);
$moreChannelData = explode(") edited by '", $moreData[1]);
$moreClientData = explode(")", $moreData[2]);
$time = explode(" ", $data[0]);
# Zapisuje aktualne 5 akcji
$check[] = $time[0].$time[1];
# Wykonuje raz akcje
if(strstr($log, 'edited')!==False){
if($moreClientData[0] != 0){
if(empty($string[$time[0].$time[1]])){
if($moreClientData[0] != 1 && is_numeric($moreClientData[0]) && is_numeric($moreChannelData[0])){
checkDecriptionLinks($ts, $cfg['settings'][0], $moreClientData[0], $moreChannelData[0]);
checkDescriptionImage($ts, $cfg['settings'][1], $moreClientData[0], $moreChannelData[0]);
}
$string[$time[0].$time[1]] = $time[0].$time[1];
}
}
This is not all the code, but if you think it is suspicious we can close the topic
I think you are more likely to get into trouble for offering suspicious software via private messages.
Anyways, I now get what you are talking about. When embedding images into channels descriptions, TeamSpeak 3 clients will automatically download these images.
The requests will show up with user agent TeamSpeak3-ImageFetcher-1.1
and they originate from the clientâs IP address. These downloads also wonât cause any âexternal linkâ warnings to pop up.
Iâm a little concerned that this has not been addressed yet since I now remember the problem being known to TeamSpeak for quite a while. But I guess they donât want to route gigabytes of image data through the TeamSpeak server since that could cause quite a dramatic amount of additional traffic for the server owner.
But maybe, they could add a new privilege which is required to put external images into channel descriptions.
People could still use file uploads then, which would cause extra traffic but not leak the clientâs IP address as files are downloaded from the TeamSpeak server which knows the IP address anyway. Also, I think the clientâs build-in image cache applies here.
Protects against such people who want to have ip of others and do not have access to permissions
why? iâm the autor
Do you think itâs not safe what I wrote about?
I better delete the post and it will be after the problem
This is probably more elegant.
But can we agree that it really blows that server owners have to take away the entire ability to edit channel descriptions to compensate for the lack of a way of disallowing embedding of external resources or at least warning about it?
Actually, most users will not even be aware that images in channel descriptions are even an issue.
So I think that there is still some responsibility on TeamSpeakâs side because they obviously didnât think about this specific case.
Regarding the script:
I actually wrote a PHP script a while ago which scans channel descriptions for non-secure http://
links and that could probably be adapted to detect and remove external resources in general.
Thatâs one solution that came to my mind.
Sometimes, usability and security wonât play together. Thatâs one of the âjoysâ of developing software.
But then, the user actively made a decision to sacrifice security for convenience.
However, links are a different thing. Users have to click them before anything happens and the target of the link is shown in the status bar, so users can still decide whether it links to a place they want to go, even without the warning.
Images however are loaded without the users consent. It just happens the moment they click on a channel and they wonât know the images are even there before they have already loaded and then itâs already too late.
The most user friendly solution I can currently think of is to either proxy external image downloads through the TeamSpeak server or even better offer an option to restrict images to locally hosted files so the server owner remains in full of control.
This would also allow the server owner to require users to submit images for approval before they are uploaded to their respective channel.
TeamSpeak has file upload capabilities. This would be a perfect use case for them.
Just upload it to github and share a link if itâs legit code.
This is a TeamSpeak issue. Which has been around for a while. I remember they were working on this I believe, in an old thread. Though it never got updated.
Letâs say you have a friend or have a paid channel subscription on your server where you grant the user a channel and he can edit the description and whatnot. He can then upload an image (which is invisible) with IPlogger and the target user doesnât need to click it, all they would need to do is join the channel and it automatically sends their IP back to the portal.