Since I seem to be recieving pm regarding my forum sig, and the possible security threats that come with it, I have decided to start this thread. This pic is a picture modified by a php script. Php is a language essentially contained within html code to allow a server, a php capable server, to modify an html document based upon user, or other, manipulation. Most forums, including this one I would assume, implement php to allow the forum to be constantly updated, and to complete other tasks. PHP is a very high level programing language whose scope has been broadened during its developement to included not only webpage manipulation, but also scripting on a physical machine, generally a linux box. What happens when the picture, which resides on a php ready server, is upon each access (read: each page view in which that picture is seen) a random number is generated between, say one and ten, where each number coresponds to a message that is implemented into the picture; the ip address and computer browser information are simply php variables implemented into the picture. Now I must say that I know how that picture works, but I did not design and do not host it, it is just a popular forum sig pic, that many people use. So popular in fact that the hosting service has apparently found their bandwidth costs excedingly high, and as such they have implemented ads into the pic. Since I hate ads, when I am able to build a server, I will create and host a similar pic, minus that ads. I should ad that upon my last visit to the website currently hosting my sig pic, I noticed a personalized service where, for a fee I assume, one can choose a picture and, up to ten, phrases and have a custom forum sig pic or their own. Now some security concerns: To my knowelege that pic, and the site hosting it do not pose any security risk. It is highly inlikely that the creators of the pic have a huge database of computer ips. However, it is entirely possible for any server to hold a database with your ip, computer browser, and site-usage information. I can almost assure you that this server has such a database to aid in administration, such as reporting a spammer to their internet provider, or blocking a certain ip, or range, from accessing this site. Such activities are quite prevalent about the net, so unless you take great measures, such as spoofing your ip (which is fraud and thus illegal) or using many proxies, then you can be tracked online. To add another layer or paranoia, let us concider email: all emails today contain, along with the normal information that everyone sees, a header with all the ips, including the ip of the sender, that the email was passed through. This header can trace a spammer back to his base, regardless of how many proxies you uses, as the original sender's ip address is always at the top of a list of ips and servers that the email went through. So again, anything you send can be traced, unless you hijack someone's computer for your purposes, obviously illegal, or spoof your ip, illegal as mentioned above. It should also be mentioned that even modifying one value of an email header, which is not difficult to do, which is how people can send semi-anonymous email by chanding the from address, it fraud illegal. Not ment to scare you, but this is how the net operates, and I am sure that there are other methods of imformation gathering and hiding that I have yet to even know about out there. So the moral of this thread is don't do anything questionable online, unless you are quite prepared to cover your tracks, and, of course, accept any and all consequences.
I just implemented a version of the sigpic with ASP.NET and VB.NET. Its just amazing the information that can be greaned from a simple request for an image or page at the server end.