So You've Been Doxed…

So it goes like this — It’s 4:00, you come home from school or your job stacking coconuts at the supermarket, whatever; and you log on to your internet enabled device of choice, be it laptop, tablet, or microwave oven. You have a hankering for some down-home, all-fresh, free-range Club Penguin army news, so where do you go?

You go to CPAC, of course.

But what’s this? Shady dealings? IP addresses stolen? It was already looking bad, but while you’re scrolling through the post, you happen upon something wonderful and terrible at the same time: your name. Yes, right there on the screen, someone has nabbed your unauthorized, unsolicited, and totally unasked for likeness and pasted it in a scary list alongside some sinister string of numbers. But it’s your name, right? Free publicity! What could possibly go wrong with that? Wait… what does that say? Did this string of text just call you a try-hard jerk for the whole net to see?

Oh no! Obviously you’re in trouble, but how much trouble?

This much trouble

Aside from that, how did it happen? You can’t remember hanging out in shady forums or clicking on any “Windows 9 Free Trial” ads, so why is your name and IP address displayed for all to see? Welcome to the first stage of a doxing, a convoluted process by which small minds with long reach sow fear and disorder on the internet.

How do you know if you’ve been doxed? Typically, as is the custom of those who find pinching and compiling personal information a viable alternative to team sports, it will be released in a massive ‘blast’ post on some obscure message board and linked to on a popular forum, like CPAC. Once the shady saboteur posts the first link,–usually under a pseudonym handpicked from the wiki page listing the names all the Call of Duty troopers whose only duty is to die in massive set piece explosions, like “Redcell, Specter, Goony, or Silent Rip”–they will then rely on the power of human curiosity to further their objective. Once the link is out there, you can bet that at least a dozen visitors have ctrl+V’d the **** out of that thing and will be pasting it elsewhere.

You can block it, make a PSA, complain to the host site, but it won’t matter. That’s the nature of the internet. Once a file is posted, it’s there for good and will spring up again somewhere else.  There’s no hiding it, no keeping it a secret: it’s out for all to see.

We hid the link? Great, let’s go do lunch!

That’s a problem, right? The good times are over, you might as well just unplug your computer and uninstall the internet, because now that your IP address is out there, hackers have free reign over everything from your credit card to your laptop battery. They can totally pinpoint your location from orbit or sell your identity to the Nicaraguans, can’t they?

Actually… not so much. First it’s imperative to understand just what has been taken from you. An “Internet Protocol Address” is a unique identifying number given to every internet-capable device on the web. Like a vehicle’s license plate, it is a special serial number used for identification. That means your Xbox, your phone, your computer and even some vending machines all have an IP address that is unique to them.

IP addresses are typically assigned by your internet service provider, loaned out of a huge pool for your use. IP addresses have two common formats.  IP version 4 addresses are comprised of four numbers-only segments separated by dots:

    • 345.
    • 1

IP version 6 addresses are more complex and are composed of eight segments of alphanumeric characters.

An IP address is simply a way that your computer declares itself to be a self-contained entity on the world-wide web, and tells anyone interested where your device can be found. This means that at any time of day, from anywhere in the world, anyone inclined can zero in and locate the pepsi machine down the hall, determining whether it is off or on in the process. It can also be used against an individual user in a concentrated effort to gather personal details and make them public.

This is called ‘doxing’. And don’t worry, it’s not nearly as frightening as it sounds. Once an individual has your IP address, they can use it to find your general location, like your country, or maybe your city. This is primarily an intimidation tool: suppose a shady dude came up to you in a chat room and told that he had your name and location, and perhaps a lot more that he will release everywhere if you don’t do as he says. Scary, right?

The problem is, they may actually have something on you if they’re a dedicated group willing to spend lots of time posing as a long-lost BFF or that one girl you met that one time down by the wharves. What am I talking about? (And what were you doing down by the wharves?) I’m talking about social media–like facebook, or twitter. If you use them a lot, you’ll probably have your name and location listed publicly, or a friend or family member will. There are a lot of ‘John Smith”s in the world, but if they’ve got a John Smith who lives in Vancouver, Washington, and you’ve listed yourself as John Smith of Vancouver, Washington, the pieces start to come together. Suddenly they’ve got your full name, age, and pictures of your twelfth birthday party complete with your uncle Leroy dressed as the clown.

It only moves when you’re not looking

Now they’ve got something on you, and depending on how lax your security is, they may be able to go through your life and find the answers to your password security questions like “name of first pet” or “mother’s maiden name”. From there, it gets really hard to tell where the problems will stop, and it can be a real hassle to go through and change all your passwords because just one got hacked.

But how did they get this super-sensitive information that gives them backstage access to your online life? Surely there must be some crazy security on such an important number? Surprisingly… there isn’t.

As a matter of fact, the IP address is not encrypted in any way. All a webpage has to do to obtain it is simply to request it. Wordpress actually requests and stores your IP address every time you place a comment.

Try it: open a google search page and type “IP Address”. Your public IP will come up as a search result. Be sure you have no enemies or secret agents standing over your shoulder as you do this, because your firewall will not prevent them from seeing it.

So what can you do? After all this doom-and-gloom, is there any point in trying to escape the coming calamity, or should you just change your name and skip town?

Thankfully, we at CPAC are experts on the subject. Defending the site from DDOS attacks is practically our company pastime. Dealing with a doxing now and again is just another perk that comes with the job. How do we beat it?

Well, we change our names and skip town. But every now and again due to some deadline or other, it becomes necessary to take a stand and fight back against net crime.

A hectic game of cat-and-mouse unfolds on a typical weeknight at CPAC.

  • Don’t give out personal information online

Like, never. Not to your battle buddy, not to that chick with the hot avatar, and not even to people you know from school or home. As stated, the internet never forgets. Once you’ve put it out there, it can be found. Leave your name in a xat box where you’ve been chatting with a friend, and it may still be there for the next person who comes through. Likewise with forums.

  • Use a proxy

A ‘proxy’ or proxy server is an online application which shields your identity from other users. When you use a proxy, you are actually entering your commands into a remote server which then follows your orders and relays the information back to you, leaving your computer and IP address safely out of the equation. Some proxys are free, but many lack functions. Proxy servers can be useful for when you aren’t certain of the validity or safety of a site. They are not a substitute for a firewall.

  • Make sure your firewall is up-to-date

Most new computers come with a free trial of antivirus software. These range in quality from top-of-the-line security software to “look-what-I-cooked-up-in-mom’s-basement” freeware. Websites can run harmful scripts in the background without ever alerting you, but a good firewall will block it and prompt you to move to safety.

  • Just change it

Perhaps the damage has been done and your IP address is already in the unwashed and clammy hands of some sinister desk-bound individual. You can’t undo what’s already been done, but if you don’t want anyone else following the trail of breadcrumbs, it’s easy enough just to change your IP address. As most ISP companies provide dynamic IP addresses, a changeout is as simple as unplugging your router for a few hours.

And there you go. Now you’re well on your way to becoming suave internet secret agents like we are. For posterity’s sake, I have to get serious for a moment and remind you that CPAC will not now or ever be a forum for sharing ilegally obtained or intentionally harmful information with viewers. If you post a link to the stuff, it will be removed, and we will do lunch. Without you. So don’t do it.

– Delcrux

Has a cool Job at CPAC




13 Responses

  1. Very good, informative post. I think this will help calm people down about the nature of IP leaks and DoSing, it’s not nearly as bad as hackers would like you to think. Intimidation is their real game, because if they know you’re scared, that’s how they manipulate you.

    One additional thing, IPv4 has a max of 254 numbers for each segment, so is the highest address you can have (technically the example IPs don’t exist).


  2. This is what CPAC should be.


  3. Informative post, but you just taught 20 crazy ass penguins how to dox. You also made 10 other penguins get viruses from an unsafe proxy. Nice work. (This may or may not have happend)


  4. why do people take someone having your ip so serious


  5. Very good post. It was very informative since my name was on that list.


  6. who did not know this already? lol
    these ways to “prevent” things like that won’t actually prevent anything against some actual legit hacker(i’ve gotten DDOSed so many times and I know it won’t)


    • This is about preventing DOXing, not DDoSing. If there was a simple way to prevent that I’d be using it by now.


  7. Everyone makes a massive deal over something so little, the fact most of these are out-dated is even more laughable, I found this 2 days after it came out, but it was deleted from pastebin so it’s on a Cached version now.

    But what I find funny is that Dream thinks hes cool, thinks hes a hacker when in reality hes a dumb faggot who thinks he knows shit.


  8. This should be republished. Nicely written post.


What do YOU think? Comment your opinion!

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: