Invision Community 4: SEO, prepare for v5 and dormant account notifications By Matt Monday at 02:04 PM
chasz Posted June 20, 2009 Posted June 20, 2009 My boss wants to know if there is an option to remove all IP tracking? something i might have missed?
TrixieTang Posted June 20, 2009 Posted June 20, 2009 You mean make it so IPs aren't logged? Why would you even want to do that? I mean if you do that then you won't know anyone's IP if you need it. [*]What if someone posts something illegal? You wouldn't be able to report their IP to the authorities. It's a VERY bad idea. [*]What if someone keeps coming back to troll? You couldn't ban their IP.
chasz Posted June 20, 2009 Author Posted June 20, 2009 omg girl !!! why do you stalk me ?? a political forum should be free of IP tracking for the security of everyone !!! please, please, puhlease !! if u dont need a feature and the requested feature doesnt impact on the general mechanics of IPB forum, will u just ignore?
Wolfie Posted June 20, 2009 Posted June 20, 2009 What about removing the ability to SEE the IP addresses? This would only have an affect on those who would be able to see it at all (moderators and/or admin).
TrixieTang Posted June 20, 2009 Posted June 20, 2009 [quote name='chasz' date='20 June 2009 - 08:13 AM' timestamp='1245482031' post='1811841'] omg girl !!! why do you stalk me ?? :rolleyes: [quote name='chasz' date='20 June 2009 - 08:13 AM' timestamp='1245482031' post='1811841'] a political forum should be free of IP tracking for the security of everyone !!! Only mods and admins can see IPs, if you don't trust your staff with seeing your members' IPs then they shouldn't be staff in the first place. And IPs are logged for a reason, that reason is security, if you take away IP logging you'll just have even more security issues to worry about. [quote name='chasz' date='20 June 2009 - 08:13 AM' timestamp='1245482031' post='1811841']please, please, puhlease !! if u dont need a feature and the requested feature doesnt impact on the general mechanics of IPB forum, will u just ignore? Last time I checked people are allowed to post their opinions on suggestions and feedback posted here. And apparently you don't understand that if IPS added an option for every little thing that only you and a few other people want or need it would make the software into a bloated and cluttered mess.
chasz Posted June 20, 2009 Author Posted June 20, 2009 its NOT the admins and moderators the boss is worried about LOL Its Big Brother with Big Sticks !! LOL
Mark Posted June 20, 2009 Posted June 20, 2009 Whether or not the software logs an IP address is kind of irrelevant as the server will log the IP address of every visitor. Also, if the software cannot log IP addresses, it causes technical issues... there are various features that rely on knowing the IP address, including security features such as IP matching, account locking, et al. Furthermore, an IP address is not regarded as private information (like a name or email address), nor can it be used to identify you. Some people seem to have an idea that every computer has a predefined IP address and anyone who knows it can find out your name and address... simply not true. Sure, your ISP has that information, but that's not public... think of your IP address like your library card number ;)
chasz Posted June 20, 2009 Author Posted June 20, 2009 dude, obviously those features will be disabled when IP returns null....server might log but it doesnt mean particular topics should be id'ed. eg indymedia sites
Lewis P Posted June 20, 2009 Posted June 20, 2009 I know this is nowhere near the right place, but if you want to 'disable' the IP records, just add a simple line of code to conf_global.php Then turn off all IP matching etc and everyone's IP address will resolve to localhost. Edit: Keep in mind, this is at no place recommended, as it does disable important security features. I seriously would just remove the IP line from the skin, and it is not visible at all.$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
chasz Posted June 20, 2009 Author Posted June 20, 2009 yeah thanks for that, using a reverse proxy will revert IPs to localhost as well. as i said when we assure users that we wouldnt track IPs, it had better keep our words LOL.
Mark Posted June 20, 2009 Posted June 20, 2009 [quote name='chasz' date='20 June 2009 - 11:11 AM' timestamp='1245492672' post='1811863'] dude, obviously those features will be disabled when IP returns null....server might log but it doesnt mean particular topics should be id'ed. eg indymedia sites But, my point was, why would you sacrifice key security features when it's information that is collected regardless of whether IPB logs it or not - and there is no reason for it to not be logged. In fact, knowing an IP address is so important to how IPB operates - if it cannot detect an IP address, it will show you an error.
Wolfie Posted June 20, 2009 Posted June 20, 2009 [quote name='chasz' date='20 June 2009 - 06:20 AM' timestamp='1245493219' post='1811865'] as i said when we assure users that we wouldnt track IPs, it had better keep our words LOL. If you modify the skins to not show the IP addresses used and even remove access to the IP matching features (staff options not internal board functions), then essentially, you wouldn't be tracking IP's. The board would only be storing the information for it's own purposes, such as built in security (for both the board AND it's members) as well as the ability to function properly. Just remove the ability for the board to tell you that particular piece of information. When you think about it, it would be exactly like the server recording the IP address. You set it to not release that information to you, then it's not part of what you do. Yeah the server collects and tracks it, as well as the board. But that's all kept away from human eyes. :)
Rheddy Posted June 20, 2009 Posted June 20, 2009 Guys, Guys, Guys. This is, and I repeat, a very BAD IDEA. Trust me, you do not want to disable IP Tracking. IPS Staff are correct. Disabling this will open security holes in your forum software. I don't know how many of you have this option set, but through the ACP, there is an anti-hacking tool that, if enabled, prevents someone from logging into your account while you are logged on by matching your IP Address. IP Tracking also allows you to search via IP Address if a new member registers. Well, if that member had been previously banned or you're banning spambots, let me assure you that spambots don't register the same email addresses or usernames and IP Addresses are unique. This also allows you to search IP Addresses for those who create duplicate accounts. It's been a useful tool for me and I would never recommend disabling this feature. I think this might have something to do with maybe the fact that he's worried that people can be traced through his forums for downloading torrents since IP Addresses are logged. Disabling security features that protect your forum software is just a bad idea because it allows for the proliferation of spammers, spambots and computer hackers.
_Marco_ Posted June 20, 2009 Posted June 20, 2009 Hello, i use 2.3.1 and i have removed the IP Adress Tracking for Admins and Moderators. Do do this i have modified the sources/ipsclass.php and i had to run a mysql queries for removing the IP Adresses in the post view. (You can find the Code on invisionbyte.net) I also interrested to remove IP logging for IPB 3.0.
Wolfie Posted June 20, 2009 Posted June 20, 2009 [quote name='kenichi' date='20 June 2009 - 11:26 AM' timestamp='1245511569' post='1811907'] I think this might have something to do with maybe the fact that he's worried that people can be traced through his forums for downloading torrents since IP Addresses are logged. Disabling IP logging/tracking on the board wouldn't stop it. If he thinks it will, he's mistaken. Take a log of when something was posted (from the database in fact) and compare it to the servers IP logs and poof, they're still traced. It is a bad idea indeed.
_Marco_ Posted June 20, 2009 Posted June 20, 2009 not overall. if you have a root server you can also disable IP logging. there is mod-removeip for apache.
Rheddy Posted June 20, 2009 Posted June 20, 2009 The reason I can find for someone wanting to remove IP Tracking is if someone is operating a website/forum where members post .torrent downloads or Rapidshare download links. Since U.S. Law requires website owners, through court orders, to turn over log files from their website, I'm guessing that the owner of the site wants to protect his or her members from being dragged into court for downloading copyright material. There's just no other way that I can see why someone, an Administrator, would want to disable IP Tracking. Disabling it just to disable it just doesn't make sense.
Wolfie Posted June 20, 2009 Posted June 20, 2009 [quote name='kenichi' date='20 June 2009 - 02:11 PM' timestamp='1245521489' post='1811961'] There's just no other way that I can see why someone, an Administrator, would want to disable IP Tracking. Disabling it just to disable it just doesn't make sense. They may want to be able to provide a place where true anonymity is promised and supported. However, it's not theoretically possible, as measures taken to provide it only increase the amount of effort required to piece together what they try to not collect. If they are doing it to engage and support an illegal activity, then (#1) IPS can get their site taken offline until their software is removed (there is a license agreement to not use IP.Board for illegal activities) and (#2) that could result in the person facing more charges, for obstruction of justice, by purposely covering tracks of those who use his site to commit crimes. Bad bad idea. If it's just for freedom of speech along with trying to protect the persons identity, then I can understand wanting to hide their information, but they'd have to go through a lot of effort just to make it very difficult to piece together the information. For one, email addresses are stored in the database and the logs of access to those email accounts can be used to track the person down. Routing paths to the site can be used for getting logs of accesses to the site and the sources of those accesses. The contents of PM's and posts can be used for developing a profile and piecing the information together in itself can help narrow down who the person is and where they may be. It's a wasted effort really. But as for wanting to give the members assurance that their own staff can't access the information, it's easy enough to implement.
CalendarOfUpdates Posted June 20, 2009 Posted June 20, 2009 [quote name='kenichi' date='20 June 2009 - 02:11 PM' timestamp='1245521489' post='1811961'] The reason I can find for someone wanting to remove IP Tracking is if someone is operating a website/forum where members post .torrent downloads or Rapidshare download links. Since U.S. Law requires website owners, through court orders, to turn over log files from their website, I'm guessing that the owner of the site wants to protect his or her members from being dragged into court for downloading copyright material. There's just no other way that I can see why someone, an Administrator, would want to disable IP Tracking. Disabling it just to disable it just doesn't make sense. You do realize people from outside the USA use this software right? The OP stated that it is a political forum, most likely a forum where members rail against the government from time to time... I can see where not tracking the poster IP might come in handy, especially if the government is oppressive and people can be jailed for saying anything remotely critical of the ruling party. I'm not saying it is a good idea or not, just tossing out an additional reason why it could be requested... free speech can get you arrested or even killed in some countries.
_Marco_ Posted June 20, 2009 Posted June 20, 2009 Why people always think that we do ilegal thinks, when we want to remove the IP logging? I'm from Germany. And we have a new telecommuncation Act that ISP's must save the IP, visited sites and her email messages for 1 1/2 years! So a lot of privat people don't want it. And many webmasters will host in US and Malaysia because they hope that the state didn't give any data to a german Criminal Authority. And its not a Rarity, that the german law instructs people to hack the website, that they can get a mysql backup! I and many other german webmaster want to protect members and myself. if you dont trust my words, google for "vorratsdatenspeicherung"
chasz Posted June 20, 2009 Author Posted June 20, 2009 LOL imagine the Iranian expats trying to post protest against the elections and have their IPs traced !! seriously, what law is specified in the IPB agreement anyways? US laws? they dont have juridictions anywhere else anyways. there are enough prevention methods like hiding the admin folder..... Besides, when is yagi releasing a torrent mod ?? ;) just kidding kiddies...
Mark Posted June 20, 2009 Posted June 20, 2009 As said before, an IP address is not personally identifiable information, my IP address is 82.21.53.245 - go nuts :P Sure, someone could order an ISP to release more information based on that IP, but your IP address is logged every time, you load any page, from any site. So, if you're posting things you shouldn't be on a forum, all it takes is for someone to register, stick an image in their signature that's hosted on their site - post in a topic, and bam - they have the IP address of everyone who's viewed that post. Let's say they wanted to get the IP of a specific user: they send you a PM with an image in it, you view the image, your IP turns up in their server logs for that image.
chasz Posted June 20, 2009 Author Posted June 20, 2009 there s a couple of countries who log IPs for reprisals against family members: china and north korea, even without the Patriots Act, i reckom the Americans do as well. Secondly i am the server admin, i "accidentally" delete all my logs !!
Mark Posted June 20, 2009 Posted June 20, 2009 [quote name='chasz' date='20 June 2009 - 10:48 PM' timestamp='1245534525' post='1812011'] there s a couple of countries who log IPs for reprisals against family members: china and north korea, even without the Patriots Act, i reckom the Americans do as well. Secondly i am the server admin, i "accidentally" delete all my logs !! But as I said, anyone can just link to an image or something and it'd be in their server logs. Right now, your IP address was just logged on my server because you viewed my avatar.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.