

ImageShack uploader IP addresses visible - eurodance
http://www.mikescoding.com/imageshack/

======
ComputerGuru
Does anyone still use imageshack for anything serious any more? I'm surprised
to hear they're still around.

Here's what their compete chart looks like, for what little it's worth (login
required, so screenshot instead): <http://cl.ly/image/3z1v152G3r1l>

~~~
landr0id
I think that ImageShack still imposes bandwidth limits and other restraints. I
can't see why anyone would use it over another service like imgur.

~~~
rplnt
Imgur has some restrictions as well. It's their (Imageshack's) "view image"
pages that are horrible.

~~~
jonknee
Any host is going to have restrictions, but Imgur will not take your image
down for bandwidth reasons.

------
0x0
Glancing at the source code <http://mikescoding.com/imageshack/index.phps> for
30 seconds, it seems the way this works is that the uploader IP address is
retrieved from some XML file on the imageshack servers. It seems every image
on imageshack has a corresponding metadata XML file stored at a secret
location, but the algorithm to calculate this URL was exposed during the
earlier pastebin leak?

~~~
landr0id
The XML URL is calculated by taking the image's filename (minus the
extension), calculating the MD5 hash of that + a static salt (which is visible
in the source), then replacing the image extension with the first 10 chars of
the hash + ".xml". Example [1]. What type of third party would they be giving
this API to?

[1]
[http://img236.imageshack.us/img236/3432/as8132329zz9.d907da5...](http://img236.imageshack.us/img236/3432/as8132329zz9.d907da5f86.xml)

~~~
0x0
That link is 404'ing for me. Did they close this already?

~~~
landr0id
They 403'd this specific link it looks like. An image I uploaded about an hour
ago seems to be working still. [1] is the data it returned for the 403'd
image. Here's [2] some Ruby code if you want to try it out yourself

[1] <http://pastie.org/5393401> [2] <http://pastie.org/5393444>

------
tsheeeep
The API for videos is described here:
<http://code.google.com/p/imageshackapi/wiki/YFROGxmlInfo>

For images it should be hidden.

------
thejosh
Oh boy. Everyone who has uploaded images of screenshots of illegal movies onto
forums are gonna be majorly shafted now.

~~~
apawloski
I could be wrong, but isn't the precedent that IPs aren't adequate evidence of
a person's identity? I don't think that a dynamic IP address that was used 18
months ago is going to be of any use now.

~~~
kmfrk
It may not indict you directly, but it certainly helps finding the person
behind it.

------
eurodance
patched

