How does the IP address WHOIS tool work?

Most Linux servers are capable of looking up the WHOIS information for an IP address using software that is included with the operating system. We pair this software with PHP, the scripting language that runs our website, to make it possible to show you the WHOIS information for an IP address.

To run the WHOIS from a Linux shell, you can do something like this:

# The plus sign tells the WHOIS server to give you all the
# information it has on the IP
/usr/bin/whois -h whois.arin.net n + 54.166.199.178

You can also run the WHOIS from PHP. If done improperly, this can expose your web server to unfriendly people. We have included a few methods of limiting this risk, but also recommend that you make sure your web server isn't running as a user that has unrestricted access to the system.

/* This code is public domain */
/* Source: http://ipaddr.es */

$ip_address = '54.166.199.178';

// Make sure the IP address is valid
if(preg_match("/^([1-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])(\.([0-9]|[1-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])){3}$/", $ip_address)){

    // Build our command, escaping the IP address
    $command = 'whois -h whois.arin.net n + '.escapeshellarg($ip_address);

    // Run the command, saving the output to a variable
    $output = `$command`;

    // Display the output
    echo '<pre>'.$output.'</pre>';

}

Last updated: December 20, 2014 (3:55 PM GMT)