Home | Community | Message Board


Magic-Mushrooms-Shop.com
Please support our sponsors.

General Interest >> Science and Technology

Welcome to the Shroomery Message Board! You are experiencing a small sample of what the site has to offer. Please login or register to post messages and view our exclusive members-only content. You'll gain access to additional forums, file attachments, board customizations, encrypted private messages, and much more!

Jump to first unread post. Pages: 1
Offlinezoodoo
Stranger
Registered: 03/09/02
Posts: 2
Last seen: 14 years, 8 months
Thor: Serious security issue
    #575292 - 03/10/02 10:27 PM (14 years, 8 months ago)

First of all I would like to say that I am not posting this to attack anyone. I just have a serious security concern, and hope that it can be addressed and corrected. Yesterday, I registered a nick here at the shroomery. When I received the confirmation e-mail, I noticed that my IP address was listed in the e-mail. I did some research, and in numerous post it is stated that the shroomery does not track IP addresses. So, what is up? I registered two different nicks yesterday just to see if it would do it again.Sure enough there it was again. This is a serious security issue for those who post here at the shoomery. Granted it was not my true IP address that it registered. I use proxy servers surf the internet. Still though, my concern is for others who may not be aware of this, and for the entire community. Thor, I was hoping you could explain what is going on. Why is the shroomery logging IP addresses. I know you have stated that it does not, but currently it is happening. When did this start? If you still hold that the shroomery does not tack IP addresses, then why is the IP address being sent out on confirmation e-mails.Again, I hope you take no offense to my questions. I'm merely trying to figure out what the deal is.


Post Extras: Print Post  Remind Me! Notify Moderator
InvisibleLanaM
Head Banana
Female

Registered: 10/28/99
Posts: 3,078
Loc: www.MycoSupply.com
Re: Thor: Serious security issue [Re: zoodoo]
    #575315 - 03/10/02 11:01 PM (14 years, 8 months ago)

Maybe I can shed a little light on this subject.....

The word, "Log" and "uses" is intertwined here.... The Shroomery doesn't keep a database of IP addresses. Or in other words it doesn't "log" your IP address. For some email clients to work they need an IP address, any one. It can be from a proxy server or your actual address...doesn't matter.

This is so that the following mail server can understand that it actually came from another computer. Does that make sense? Think of it this way, if I send you an email, YOUR email server won't recognize that its an incoming email if my IP address isn't in the header. It would just bounce back to you as "undeliverable". Your mail server needs it in order for you to get the letter.

The Shroomery doesn't keep IP addresses. People sometimes get paranoid when they see that their IP address is in the Shroomerys server. The server needs an IP address.

Its up to you to decide wether or not you want to "hide" your IP address by using a proxy. Just as you said, when you tried to register other nicks, the IP address of your proxy server showed up. Thats a good thing, thats exactly what proxies are for!

So in short, the Shroomery doesn't keep IP addresses....it just needs to use them for a short period of time.

Hope that helps?

Lana


--------------------
Myco Supply - Distributors of Mycological Products
http://www.MycoSupply.com

The Premiere Source for Mushroom Growing Supplies.
Visit us online or call us toll free


Post Extras: Print Post  Remind Me! Notify Moderator
Offline3DSHROOM
loon
Male

Registered: 04/20/99
Posts: 2,878
Last seen: 3 years, 9 months
Re: Thor: Serious security issue [Re: Lana]
    #575411 - 03/11/02 01:25 AM (14 years, 8 months ago)

We used to have it so that it wouldn't send the IP address but I think it is a good idea to keep it there incase someone tries to signup a nickname with your email address. This was if you didn't signup you can see who did (as you are the only one able to view your email). The IP address is not kept in a database and is erased after the script has been executed. This is for your own security and does not pose a security threat to yourself.


--------------------
Your friendly neighborhood loon


Post Extras: Print Post  Remind Me! Notify Moderator
InvisibleThorA
Anti-Theist OVERLORD
Male User Gallery

Registered: 08/12/98
Posts: 9,875
Loc: Calgary, Canada
Re: Thor: Serious security issue [Re: Lana]
    #575424 - 03/11/02 01:38 AM (14 years, 8 months ago)

Thanks Lana and 3D :smile:

Two very smart people.


Post Extras: Print Post  Remind Me! Notify Moderator
Anonymous

Re: Thor: Serious security issue [Re: Thor]
    #575429 - 03/11/02 01:44 AM (14 years, 8 months ago)

So your telling me you guys don't sit around in a circle smoking and laughing about who the puppets are?


Edited by Anonymous (03/11/02 02:05 AM)


Post Extras: Print Post  Remind Me! Notify Moderator
InvisibleMr. G
journeyman
Registered: 04/24/99
Posts: 46
Loc: Treasure Coast
Re: Thor: Serious security issue invoving kids [Re: ]
    #580057 - 03/15/02 10:49 PM (14 years, 8 months ago)

I have been approached by, and I am sure all the vendors have been fooled into doing business with, kids under 18. I think this site, for it's and the users protection, should make it a 18 and over site. You could at least put a sign-in button or question that makes the person have to lie to get in the shroomery. If they lie, the blame is on them. I think vendors should do the same thing, even more seriously and stronger. Do you really want to sell spores to people under 18? You could put a button "over 18" that goes to the "business". You could put a under 18 that goes to.........Disney? I don't know. Just make it them who has to lie or break rules to get on, and you are at least covered (or have a defense rather then nothing. The trouble with minors is that they request illegal things, thye run their mouths too much, they order from vendors then Mom and or Dad find a couple of cakes fruting and hit the PC. It isn't going to take them long to find the gathering place, and probably the vendor. I know a spore vendor who just sold a print to a minor that was faking and using a college address. He had cakes fruting and when his fater found them he called the FBI, and the DEA, and the Sheriff department in the vendors county. That is kind of scary, even though it is legal and we do nothing illegal. It is not illegal have or deal in spores anywhere i know of except California. i don't know if the law doesn't allow posession at all, or just no shipping there from out of state. We Mycologists get a bad rap for no reason. There was even a big slam article in the Local Newspaper in Palm Beach Florida a few months ago slamming "shroomers", and lisitng the Internet as the number one problem and specifically mentioned this site and the Lycaeum (sp)?
Just a suggestion, what have others thought about this? Has anyone else ran into problems? No, I was NOT the vendor, this was a year and a half ago. Mr.G








--------------------
"Mr.G with a rose, in and out of the garden goes, country gharden in the wind and the rain whereever he goes the people all complain!"
"The Grateful Dead" Thanks boys, I miss you Jerry!
Did it hurt that much?


Post Extras: Print Post  Remind Me! Notify Moderator
InvisibleBuzzDoctor
Runs withscissors
Male

Registered: 08/11/99
Posts: 948
Loc: Atlantis
Re: Thor: Serious security issue [Re: Lana]
    #597141 - 04/03/02 12:35 AM (14 years, 8 months ago)

What about the emails that were sent to new users that contain this ip? Previously sent emails are discarded? When were they discarded? Was a free-space wipe done? What about backups?

I've seen this subject come up many times here and I have a hard time believing there are no logs or emails with ip's that don't end up *somewhere* that's not un-recoverable, intended or unintended. Data tends to be sticky.

Not paranoid, just wondering.

Buzz


--------------------
Is the glass half-full or half-empty? I say it is both.


Post Extras: Print Post  Remind Me! Notify Moderator
Invisibletak
geo's henchman
Male User Gallery

Folding@home Statistics
Registered: 11/21/00
Posts: 3,758
Loc: nowhereland
Re: Thor: Serious security issue [Re: BuzzDoctor]
    #597584 - 04/03/02 02:00 PM (14 years, 8 months ago)

I'm not sure how wwwthreads goes down, however. All webservers log ip's. They are in a shared log file, and you wont be able to tell wich users is wich. The bulletin board may contain ip addresses for its use, wich could be eliminated by using a mask? Maybe something like x1x.23.41.12x for 216.23.41.122 or something to hide hte actual address, but have enough of it to prevent multiple signups, etc, etc.

Another thing is your ISP! Some isp's give out any amount of information to anyone at anytime. I could call up with your ip address, and get your info. Other isp's wont give any away without a warrent, no matter who's at their door.


--------------------
The DJ's took pills to stay awake and play for seven days.


Post Extras: Print Post  Remind Me! Notify Moderator
InvisibleBuzzDoctor
Runs withscissors
Male

Registered: 08/11/99
Posts: 948
Loc: Atlantis
Re: Thor: Serious security issue [Re: tak]
    #597910 - 04/03/02 08:56 PM (14 years, 8 months ago)

I know for a fact that my ISP requires a warrant before giving any information unless it is requested by the user of the account. If someone's account was logged onto the internet over a weekend that they weren't home, and they want to know exact times - they'll get that info, but only connection times. This is providing they can prove they are the owner of that account. Dialup users with dynamic ip's require a bit more work, but not much.

But about my previous post - Lana? Can you help me out with that?

Buzz


--------------------
Is the glass half-full or half-empty? I say it is both.


Post Extras: Print Post  Remind Me! Notify Moderator
Offlinemm.
addict
 User Gallery

Registered: 06/16/99
Posts: 534
Loc: England
Last seen: 25 days, 6 hours
Re: Thor: Serious security issue [Re: BuzzDoctor]
    #598773 - 04/04/02 05:08 PM (14 years, 8 months ago)

I think you'd be ok, php contains functions to retrieve ip details, and it's mail function just passes the generated email to the outgoing mail server. there is no need for any of it to be written to disk at all, it is only transiently in memory.


--------------------
MAPS.org: supporting psychedelic and medical marijuana research since 1986


Post Extras: Print Post  Remind Me! Notify Moderator
InvisibleLanaM
Head Banana
Female

Registered: 10/28/99
Posts: 3,078
Loc: www.MycoSupply.com
Re: Thor: Serious security issue [Re: BuzzDoctor]
    #599057 - 04/04/02 10:46 PM (14 years, 7 months ago)

Hi BuzzDoctor,
Well, I'll be the first to admit that I'm not 100% sure about where discarded emails go.  This is something that the folks who actually host The Shroomery would know. 

This brings me to the Shroomery Raffle. 

With the Shroomery raffle, Thor was able to create a stand alone server for the Shroomery.  This is good in the way that load times will be faster and things will be smoother, but security in general will be tighter.   

But back to you question, many webhosting companies allow a certain percentage of space for emails only.  Why do they do this?  Spam.  Mass mailing  spammers will get webhosting space for $19.95 simply to host junk remove lists

ANYWAY....most webhosting companies have a quota that is limited to email.  Some even delete email after 30/60/90 days...

I wish I could answer your question, but I can only give "guesstimates" :smile: 

One last thing....  For those of you who are a little paranoid about the Shroomery logging IP addresses.  You should be MUCH more concerned about your ISP logging them.

Earthlink for example already (has been for almost 2 years) been using Carnivore to scan emails and surfed websites. 

But thats a whole other story:) 

Lana 


--------------------
Myco Supply - Distributors of Mycological Products
http://www.MycoSupply.com

The Premiere Source for Mushroom Growing Supplies.
Visit us online or call us toll free


Post Extras: Print Post  Remind Me! Notify Moderator
Offlinenugsarenice
Carpal Tunnel
Registered: 06/05/00
Posts: 3,442
Loc: nowhere
Last seen: 11 years, 3 months
Re: Thor: Serious security issue [Re: Lana]
    #604733 - 04/10/02 10:34 PM (14 years, 7 months ago)

Earthlink? heh? I thought that was the inside trading company, maybe I was wrong, I need to stick to Aol and all their sub ordinates


Post Extras: Print Post  Remind Me! Notify Moderator
OfflineDemon
A Drug AgainstWar

Registered: 06/19/00
Posts: 457
Loc: j00/2 m07h3/2
Last seen: 12 years, 9 months
Re: Thor: Serious security issue invoving kids [Re: Mr. G]
    #663638 - 06/05/02 06:52 AM (14 years, 6 months ago)

That's not fair. You shouldn't have to be 18 to access ANYTHING on the net, provided it's not private information.


--------------------
"Sex is like a gun.. you aim, you shoot, you run" - Aerosmith

Come visit SacredShrooms.org!


Post Extras: Print Post  Remind Me! Notify Moderator
OfflineLarrythescaryrexS
teardrop on the fire
Male User Gallery

Registered: 07/20/00
Posts: 10,961
Loc: further down the spiral
Last seen: 1 month, 3 days
Re: Thor: Serious security issue invoving kids [Re: Demon]
    #663648 - 06/05/02 06:58 AM (14 years, 6 months ago)

Fair or not, if it was ever vital to the survival of the community, I would say kick out the minors.

larry


--------------------
RIP Acidic_Sloth

Sunset_Mission said:
"larry the scary rex
verily scary when thoroughly vexed
invoke the shadows and dust, cast a hex
mercifully massacring memories masterfully
relocate from Ur to 8th density and become a cosmic bully
mulder and scully couldn't decipher his glyphs
invoke the shadows and dust, smoke infernal spliffs"
April 24th 2011


Post Extras: Print Post  Remind Me! Notify Moderator
Jump to top. Pages: 1

General Interest >> Science and Technology

Similar ThreadsPosterViewsRepliesLast post
* Internet Security Questions MycoCat 788 3 11/08/05 04:20 PM
by kotik
* The EASIEST way to hide your IP address - Internet Privacy LanaM 1,848 6 07/25/03 10:25 PM
by monoamine
* On a campus server and I'd like to learn stuff :-) entiformatie 539 5 10/02/04 05:38 PM
by Geezer
* If my email is being accessed entheomandotcom 843 9 10/23/08 06:41 PM
by entheomandotcom
* windows sucks; automatic security actions that I don't want (help) stefan 866 5 08/12/05 04:15 AM
by stefan
* Router Issues Idiot 666 11 05/21/09 09:45 AM
by dopelogic
* blue security hacked? ChromeCrow 656 5 05/02/06 09:09 PM
by Diploid
* Microsoft Patches Seven Critical Security Holes DiploidM 801 3 11/15/06 09:32 AM
by nobhdy

Extra information
You cannot start new topics / You cannot reply to topics
HTML is disabled / BBCode is enabled
Moderator: Lana, trendal, Diploid, automan
2,173 topic views. 0 members, 5 guests and 0 web crawlers are browsing this forum.
[ Toggle Favorite | Print Topic | Stats ]
Search this thread:
World Seed Supply
Please support our sponsors.

Copyright 1997-2016 Mind Media. Some rights reserved.

Generated in 0.045 seconds spending 0.002 seconds on 15 queries.