What information is your browser giving away?

This morning, there was an article where the EFF is claiming that just because you turn off cookies and javascript in your browser doesn’t mean that you’re not giving away information. Unfortunately, they are very correct. Your browser will give away ALL kinds of information about your computer; such as operating system, browser type / version number, browser plugin’s, etc.

I’ve used this exact same information for years to gain information about visitors on a site that I couldn’t physically monitor the logs. What I did was use a CGI script, written in perl, to modify the HTTP header to point to an transparent image that was 1 pixel high and wide. It’s very easy to hide an image when it’s transparent and only a single pixel.

The information that this script grabbed were IP Address, date / time the image was accessed, browser user agent, and the referring URL. That’s enough information for me to get an idea of what content people are looking at and to even identify unique and repeat users.

Here is a sample script that I’ve used before.

Here’s an example of the information that the log generates:

2009-10-11 19:54:06 http://www.domain.com/referringurl.htm Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; FunWebProducts; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618; AskTB5.3)

Here’s a link to the article: EFF Browser Fingerprints Article

May 18, 2010

Posted In: Online Privacy, Perl Tips

Automated Linux Backups utilizing rsync over SSH

I was recently tasked with coming up with a backup solution for our Linux based servers. My solution was to use rsync over SSH to pull the data that we wanted over and then use tar to create daily archives, which we can then pull off the server to some other type of storage media or a remote server.

After creating a Linux server that I would use as the backup server, I setup SSH with a public key exchange.

To do this, I typed “ssh-keygen” on my Linux backup server.

After creating a public key on my Linux backup server, I moved the public key over to the servers that the server would be accessing.

To automate the process, I created a custom perl script.

You will notice that the perl script is pretty simple, but written in a way that it can be easily expanded upon. For example, you might get to the point where keeping up with the @server array is more maintenance than it’s worth. You could easily have the perl script access a MySQL database to pull a list of servers and the directories that needed to be pulled over via rsync. You could also add options so that it automatically put the tar.bz2 archive files onto remote storage or even tape.

To automate the script, save the script in a place like /usr/sbin/linuxbackup.pl and then create a bash script in /etc/cron.daily/ that executes the command “linuxbackup.pl auto”. It’s really pretty simple.

May 16, 2010

Posted In: Linux, Perl Tips, System Administration