Figure 8-21. IP Tracking module: IP Tracking Info.
IP Tracking module: IP Tracking Info.
To track your visitors' IP address, you can use the IP tracking module. Get it at the Downloads section of ierealtor. After installation and activation of the module, a click on the "IP Tracking" link in the Modules block will display the "IP Tracking Info", a list of IP
addresses that accessed the site (Figure 8-21). You can order the list by ascending or descending order of its column fields, by
clicking on the respective up- and down-arrows.
Lazy man's Logfile Inspection
Nothing beats regular inspection of the real web server logfiles - but if you are lazy, you want a quick info of what is going on, or you cannot do otherwise, the IP Tracking module will give you
a quick solution to your logfile inspection problem. In the Page View Info (Figure 8-22), be attentive to URL parameters
that pass Javascript code or SQL queries to the database - they are a clear indication of cross-scripting (Section 23.3.1) and SQL injection
(Section 23.3.2) attempts at your site respectively.
Figure 8-22. IP Tracking module: Page View Info.
IP Tracking module: Page View Info.
The IP addresses themeselves are links to a detailed view, the "Page View Info" (Figure 8-22). It lists the pages that
were requested by that IP address. Again, you can order the list by name or date using the arrows on the table header. Note: administrators won't appear online since they are not entered in the
nuke_session table.
Code corrections necessary for PHP-Nuke v. 6.0 and/or old PHP versions!
If you get the error:
You can't access this file directly...
then you are using an old PHP version that does not understand the _SERVER
superglobal. Edit the index.php file of the module and change:
if (!eregi("modules.php", $_SERVER['PHP_SELF'])) {
If you are getting MySQL errors like the one of Section 3.9.2, complaining about non-valid MySQL result resources, then you are
probably using an old PHP-Nuke version (like 6.0, for example) that uses the field "username", instead of "uname" in the nuke_session table. In this case you have to
change "uname" to "username" in the two WHERE clauses of the index.php file of the module. Change:
$res = sql_query("select * from ".$prefix."_session
where uname='$username' and host_addr='$ip'", $dbi);
to:
$res = sql_query("select * from ".$prefix."_session
where username='$username' and host_addr='$ip'", $dbi);
and
$res2 = sql_query("select * from ".$prefix."_session
where host_addr='$ip' and host_addr=uname", $dbi);
to:
$res2 = sql_query("select * from ".$prefix."_session
where host_addr='$ip' and host_addr=username", $dbi);
If your main motivation for using the IP tracking module is to be able to ban certain annoying visitors from certain IPs, check also the Protector module (Section 8.3.7) for a ready-made, full-featured solution to IP banning, as well as Section 23.5 for a quick, do-it-yourself
hack.