Link to home
Start Free TrialLog in
Avatar of rawandnet
rawandnet

asked on

How to Identify fake facebook account in the campus?

Dear all,

Some students use face facebook ID to abuse others.  Is there a way to find that person>
I am a director of IT, who has access to all traffic coming in and going out through the campus.  My question is,  can I find the identity of an individual using face Facebook account at the university through the IP address of the device.  

I can see the facebook links accessed by each individual user, but I don't know how to catch someone using fake Facebook ID through our local IP address.
Avatar of John
John
Flag of Canada image

The student must register some working email address that points to them.

The students who get the abusive posts should report this to Facebook and they will close the account.

The student must do this; I don't think you can do it, mostly because you have no means find out who owns the fake account.
Avatar of arnold
To John's point, Facebook is the holder of information.
A direct complaint to Facebook and/or to local authorities who would initiate a legal process where they might contact Facebook in an effort to identify to whom the account is registered.
Facebook would close the account, the same individual might create a new one....
A legal process depending on the law and the issue involved  where the party might be under legal consequences.
catch someone using fake Facebook ID through our local IP address.

As stated above, the best recourse is the the "offended" to report the activity to facebook

The only way I see this happening, is if you log all activity on each and every PC connected to the network. From there you may be able to search for and locate the user

But this would need to be done on the PC level, and you're looking at what hundreds of PC's and thousands of potential users?

Then you have the private devices and VPN (if allowed) which you've got no way to setup direct activity logging

IMO just trying to implement this would just be creating more headaches for yourself
Avatar of btan
btan

My question is,  can I find the identity of an individual using face Facebook account at the university through the IP address of the device.  

Unlikely as the IP assigned is not static and designated persistently to an individual machine. It is going to be non trivial for such tracing of the source which may end up fruitless.

 Instead, I see you can set banner to remind warning of the abuse of the Facebook use will subject to disciplinary action taken. Reserved one will hold back and can also further trigger the persistent one to leave more traces in abused id. Educate the student or User to report on such encounter, shows how to report and example of such abuse.

Continuous education maybe the best way forward and also encourage use of second factor as well as conduct regular review of dormant, inactive, unused and disabled account that should be deleted in long term.

Anomalous movement lile lateral crossing of network with netflow log with IP source to/fro IP destination can be useful to identify suspicious machine but not specific to application of this use case. But it may have block or hold off such machine from further access...may have digress but there are technology from Cisco slealthwatch and Darktrace that can come in handy or work on the SIEMS rule set you are maintaining..
While the IPs are dynamic, the possibility exists that one can track to whom the IP was assigned based on the MAC address and relies on how systems are authorized to gain network access, pre-registration. additional username/password system certificate.
Using the MAC address, one can see if the system is currently connected, and determine its location......

Even a fake account has an "email" address that may point to another provider where the email might be "fake" but it can be tracked back.......
much relies on getting the IPs from which this account was accessed with Facebook, the Email provider..

Doing it from the point of the university requires a legal process that would require Facebook and other providers to cooperate.

As others pointed out, the user directly impacted should contact facebook and they will deal with the specific account. if from multiple-fake accounts, they may identify all accounts this user has registered based on the IP from which they are seen accessing.
This would get complicated if the University proxies .....(seen as coming from a single IP)....
While I agree with the above, getting Facebook to cooperate with a University (given all the troublesome issues they face) could prove very difficult.

Easier to advertise to student to report abuse to Facebook.
The short answer is no. As others have pointed out, all of the needed information resides with Facebook. Assuming the abuse crosses into the area of criminal charges, then they may be able to get facebook involved. But that does not guarantee you will ever get to possess it. Anything short of that, you will simply need the student to report it to facebook. If there is a pattern, that should be escalated. Facebook might be able to help, but how much help you will get is debatable.
TL/DR

If you have the IP linked to the device and the username, you should be able to inch your way to the source.

This is code I have written a few years ago that converts FB username to FB ID

using System;
using System.Collections.Generic;
using System.Text;
using System.Text.RegularExpressions;

namespace GetFBID
{
    class Program
    {
        static void Main(string[] args)
        {
            string strUrl = "";

            strUrl = "https://www.facebook.com/john.smith";
            Console.WriteLine(string.Format("{0}\t{1}", GetFBID(strUrl),GetFBUserName(strUrl)));

            Console.ReadKey();
        }
        private static string GetFBBaseAddress(string strUrl)
        {
            string returnValue = "";

            try
            {
                if (strUrl.StartsWith("https://www.facebook.com/") && (strUrl.Length > 25))
                {
                    returnValue = string.Format("https://www.facebook.com/{0}", strUrl.Split('/')[3]);
                }
            }
            catch
            {
                returnValue = "";
            }

            return returnValue;
        }
        private static string GetFBUserName(string strUrl)
        {
            string returnValue = "";

            try
            {
                if (strUrl.StartsWith("https://www.facebook.com/") && (strUrl.Length > 25))
                {
                    returnValue = strUrl.Split('/')[3];
                }
            }
            catch
            {
                //Invalid
            }

            return returnValue;
        }
        private static string GetFBID(string url)
        {
            string returnValue = "Unknown";

            try
            {
                url = GetFBBaseAddress(url);
                if (url != "")
                {
                    var strGraphUrl = url.Replace("www", "graph");
                    var wc = new System.Net.WebClient();
                    var strGraphJson = wc.DownloadString(strGraphUrl);

                    Regex regex = new Regex(@"\d+");
                    Match match = regex.Match(@strGraphJson);
                    if (match.Success)
                    {
                        returnValue = match.Value;
                    }
                }
            }
            catch
            {
                //Invalid, return Unknown
            }

            return returnValue;
        }
    }
}

Open in new window

Avatar of rawandnet

ASKER

Thank you all for your feedback on this top, it was very helpful.
Mr. Shaun Vermaak I have a basic programming background.  Can you please indicate what language you used writing this script and how this can be helpful tracking that person.

Thanks,
This question needs an answer!
Become an EE member today
7 DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.