How Lowyat Forum Detects Multi Account Users

polkadot · Post time 14-6-2008 06:57 PM

Unethical Method Which Hides Malicious Files Deep Within Ur Computer

The method used is highly against constitutional rights and reveals the privacy of its forumers at the cost of its own interest.It is no different from installing some malicious rootkits / files to identify its forumers which are mainly made out of youths.The owner himself may be some paranoid with inferior complex and phobia of people plotting against him.Do you think it's necessary for such move?

The script is known to be used by online gambling, pornographic and financial institutions to keep track of scams/fraud accounts but to use it in a general discussion forum is an absurd decision.Examples are Ebay, Bodog, Poker.com, adultgames9.com and many other online gaming sites.

How does this method works in theory?
In general, websites keep track of their users using conventional cookies which are independently stored by each browser.But for this method, script writers have found a new way of detecting users posting from the same computer using an exploit found in Macromedia's Flash plug-in which also has it's own form of permanent cookies known as local shared objects(LSO).

Regardless of which browser you use in your computer and how many times you flush out your personal data such as local cache; cookies and history lists, the local shared objects in the form of *.sol files are permanently written/hidden to the Macromedia folder as deep as 10 folders within your OS's file structure.The file is placed inside there without your knowledge and it contains an ID string which uniquely identify your computer whenever you visit the forum as a guest or member.

Assuming that you log into the forum the first time and the file is written in your HDD.The next time you re-login with other accounts, the admin CP in the forum will list out all the accounts being logged from the same computer.
What a cheap way of invading people's privacy.

Try try modifying the file named "lynid2.sol" which can be found in the "Application Data\Macromedia\Flash Player" of your active drive.Each file content has a unique number tagged to it.If you want changed it to some other previous integer or a known one used by others.That will falsely tag your computer to other people's account.

Also to help you identify and locate the LSO files hidden in your computer, try:

http://objection.mozdev.org/ (For Mozilla/Firefox browsers)

or

http://www.ccleaner.com/

Sources:

Persistent Identification Element
http://yro.slashdot.org/article.pl?sid=05/04/04/177238

http://www.techworld.com/security/news/index.cfm?newsid=3028

Youtube uses flash cookies as well but they use them for good intent to store the flash player settings but not to invade the privacy of others.

A word of advice to everyone.