|
 zoodoo
Stranger
Registered: 03/09/02
Posts: 2
Last seen: 21 years, 6 months
|
 Thor: Serious security issue 
#575292 - 03/10/02 08:27 PM (21 years, 6 months ago) |
|
|
First of all I would like to say that I am not posting this to attack anyone. I just have a serious security concern, and hope that it can be addressed and corrected. Yesterday, I registered a nick here at the shroomery. When I received the confirmation e-mail, I noticed that my IP address was listed in the e-mail. I did some research, and in numerous post it is stated that the shroomery does not track IP addresses. So, what is up? I registered two different nicks yesterday just to see if it would do it again.Sure enough there it was again. This is a serious security issue for those who post here at the shoomery. Granted it was not my true IP address that it registered. I use proxy servers surf the internet. Still though, my concern is for others who may not be aware of this, and for the entire community. Thor, I was hoping you could explain what is going on. Why is the shroomery logging IP addresses. I know you have stated that it does not, but currently it is happening. When did this start? If you still hold that the shroomery does not tack IP addresses, then why is the IP address being sent out on confirmation e-mails.Again, I hope you take no offense to my questions. I'm merely trying to figure out what the deal is.
|
 Lana
Head Banana
Registered: 10/27/99
Posts: 3,109
Loc: www.MycoSupply.com
|
Re: Thor: Serious security issue [Re: zoodoo]
#575315 - 03/10/02 09:01 PM (21 years, 6 months ago) |
|
|
Maybe I can shed a little light on this subject.....
The word, "Log" and "uses" is intertwined here.... The Shroomery doesn't keep a database of IP addresses. Or in other words it doesn't "log" your IP address. For some email clients to work they need an IP address, any one. It can be from a proxy server or your actual address...doesn't matter.
This is so that the following mail server can understand that it actually came from another computer. Does that make sense? Think of it this way, if I send you an email, YOUR email server won't recognize that its an incoming email if my IP address isn't in the header. It would just bounce back to you as "undeliverable". Your mail server needs it in order for you to get the letter.
The Shroomery doesn't keep IP addresses. People sometimes get paranoid when they see that their IP address is in the Shroomerys server. The server needs an IP address.
Its up to you to decide wether or not you want to "hide" your IP address by using a proxy. Just as you said, when you tried to register other nicks, the IP address of your proxy server showed up. Thats a good thing, thats exactly what proxies are for!
So in short, the Shroomery doesn't keep IP addresses....it just needs to use them for a short period of time.
Hope that helps?
Lana
--------------------
Myco Supply - Distributors of Mycological Products
http://www.MycoSupply.com
The Premiere Source for Mushroom Growing Supplies.
Visit us online or call us toll free
|
3DSHROOM
loon
Registered: 04/19/99
Posts: 2,878
Last seen: 10 years, 7 months
|
Re: Thor: Serious security issue [Re: Lana]
#575411 - 03/10/02 11:25 PM (21 years, 6 months ago) |
|
|
We used to have it so that it wouldn't send the IP address but I think it is a good idea to keep it there incase someone tries to signup a nickname with your email address. This was if you didn't signup you can see who did (as you are the only one able to view your email). The IP address is not kept in a database and is erased after the script has been executed. This is for your own security and does not pose a security threat to yourself.
--------------------
Your friendly neighborhood loon
|
Thor
Anti-Theist OVERLORD
Registered: 08/12/98
Posts: 10,014
Loc: Iceland
|
 Re: Thor: Serious security issue [Re: Lana]
#575424 - 03/10/02 11:38 PM (21 years, 6 months ago) |
|
|
Thanks Lana and 3D 
Two very smart people.
|
Anonymous
|
Re: Thor: Serious security issue [Re: Thor]
#575429 - 03/10/02 11:44 PM (21 years, 6 months ago) |
|
|
So your telling me you guys don't sit around in a circle smoking and laughing about who the puppets are?
Edited by boxtop703 (03/11/02 12:05 AM)
|
Mr. G
journeyman
Registered: 04/23/99
Posts: 46
Loc: Treasure Coast
|
Re: Thor: Serious security issue invoving kids [Re: ]
#580057 - 03/15/02 08:49 PM (21 years, 6 months ago) |
|
|
I have been approached by, and I am sure all the vendors have been fooled into doing business with, kids under 18. I think this site, for it's and the users protection, should make it a 18 and over site. You could at least put a sign-in button or question that makes the person have to lie to get in the shroomery. If they lie, the blame is on them. I think vendors should do the same thing, even more seriously and stronger. Do you really want to sell spores to people under 18? You could put a button "over 18" that goes to the "business". You could put a under 18 that goes to.........Disney? I don't know. Just make it them who has to lie or break rules to get on, and you are at least covered (or have a defense rather then nothing. The trouble with minors is that they request illegal things, thye run their mouths too much, they order from vendors then Mom and or Dad find a couple of cakes fruting and hit the PC. It isn't going to take them long to find the gathering place, and probably the vendor. I know a spore vendor who just sold a print to a minor that was faking and using a college address. He had cakes fruting and when his fater found them he called the FBI, and the DEA, and the Sheriff department in the vendors county. That is kind of scary, even though it is legal and we do nothing illegal. It is not illegal have or deal in spores anywhere i know of except California. i don't know if the law doesn't allow posession at all, or just no shipping there from out of state. We Mycologists get a bad rap for no reason. There was even a big slam article in the Local Newspaper in Palm Beach Florida a few months ago slamming "shroomers", and lisitng the Internet as the number one problem and specifically mentioned this site and the Lycaeum (sp)?
Just a suggestion, what have others thought about this? Has anyone else ran into problems? No, I was NOT the vendor, this was a year and a half ago. Mr.G
--------------------
"Mr.G with a rose, in and out of the garden goes, country gharden in the wind and the rain whereever he goes the people all complain!"
"The Grateful Dead" Thanks boys, I miss you Jerry!
Did it hurt that much?
|
BuzzDoctor
Runs withscissors
Registered: 08/10/99
Posts: 948
Loc: Atlantis
Last seen: 6 years, 13 days
|
Re: Thor: Serious security issue [Re: Lana]
#597141 - 04/02/02 10:35 PM (21 years, 5 months ago) |
|
|
What about the emails that were sent to new users that contain this ip? Previously sent emails are discarded? When were they discarded? Was a free-space wipe done? What about backups?
I've seen this subject come up many times here and I have a hard time believing there are no logs or emails with ip's that don't end up *somewhere* that's not un-recoverable, intended or unintended. Data tends to be sticky.
Not paranoid, just wondering.
Buzz
--------------------
Is the glass half-full or half-empty? I say it is both.
|
tak
geo's henchman
Registered: 11/20/00
Posts: 3,776
Loc: nowhereland
|
Re: Thor: Serious security issue [Re: BuzzDoctor]
#597584 - 04/03/02 12:00 PM (21 years, 5 months ago) |
|
|
I'm not sure how wwwthreads goes down, however. All webservers log ip's. They are in a shared log file, and you wont be able to tell wich users is wich. The bulletin board may contain ip addresses for its use, wich could be eliminated by using a mask? Maybe something like x1x.23.41.12x for 216.23.41.122 or something to hide hte actual address, but have enough of it to prevent multiple signups, etc, etc.
Another thing is your ISP! Some isp's give out any amount of information to anyone at anytime. I could call up with your ip address, and get your info. Other isp's wont give any away without a warrent, no matter who's at their door.
--------------------
The DJ's took pills to stay awake and play for seven days.
|
BuzzDoctor
Runs withscissors
Registered: 08/10/99
Posts: 948
Loc: Atlantis
Last seen: 6 years, 13 days
|
Re: Thor: Serious security issue [Re: tak]
#597910 - 04/03/02 06:56 PM (21 years, 5 months ago) |
|
|
I know for a fact that my ISP requires a warrant before giving any information unless it is requested by the user of the account. If someone's account was logged onto the internet over a weekend that they weren't home, and they want to know exact times - they'll get that info, but only connection times. This is providing they can prove they are the owner of that account. Dialup users with dynamic ip's require a bit more work, but not much.
But about my previous post - Lana? Can you help me out with that?
Buzz
--------------------
Is the glass half-full or half-empty? I say it is both.
|
mm.
addict
Registered: 06/15/99
Posts: 605
Loc: England
Last seen: 2 months, 4 hours
|
Re: Thor: Serious security issue [Re: BuzzDoctor]
#598773 - 04/04/02 03:08 PM (21 years, 5 months ago) |
|
|
I think you'd be ok, php contains functions to retrieve ip details, and it's mail function just passes the generated email to the outgoing mail server. there is no need for any of it to be written to disk at all, it is only transiently in memory.
--------------------
MAPS.org: supporting psychedelic and medical marijuana research since 1986
|
Lana
Head Banana
Registered: 10/27/99
Posts: 3,109
Loc: www.MycoSupply.com
|
Re: Thor: Serious security issue [Re: BuzzDoctor]
#599057 - 04/04/02 08:46 PM (21 years, 5 months ago) |
|
|
Hi BuzzDoctor,
Well, I'll be the first to admit that I'm not 100% sure about where discarded emails go. This is something that the folks who actually host The Shroomery would know.
This brings me to the Shroomery Raffle.
With the Shroomery raffle, Thor was able to create a stand alone server for the Shroomery. This is good in the way that load times will be faster and things will be smoother, but security in general will be tighter.
But back to you question, many webhosting companies allow a certain percentage of space for emails only. Why do they do this? Spam. Mass mailing spammers will get webhosting space for $19.95 simply to host junk remove lists
ANYWAY....most webhosting companies have a quota that is limited to email. Some even delete email after 30/60/90 days...
I wish I could answer your question, but I can only give "guesstimates"
One last thing.... For those of you who are a little paranoid about the Shroomery logging IP addresses. You should be MUCH more concerned about your ISP logging them.
Earthlink for example already (has been for almost 2 years) been using Carnivore to scan emails and surfed websites.
But thats a whole other story:)
Lana
--------------------
Myco Supply - Distributors of Mycological Products
http://www.MycoSupply.com
The Premiere Source for Mushroom Growing Supplies.
Visit us online or call us toll free
|
nugsarenice
Carpal Tunnel
Registered: 06/04/00
Posts: 3,442
Loc: nowhere
Last seen: 18 years, 1 month
|
Re: Thor: Serious security issue [Re: Lana]
#604733 - 04/10/02 08:34 PM (21 years, 5 months ago) |
|
|
Earthlink? heh? I thought that was the inside trading company, maybe I was wrong, I need to stick to Aol and all their sub ordinates
|
Demon
A Drug AgainstWar
Registered: 06/18/00
Posts: 457
Loc: j00/2 m07h3/2
Last seen: 19 years, 6 months
|
 Re: Thor: Serious security issue invoving kids [Re: Mr. G]
#663638 - 06/05/02 04:52 AM (21 years, 3 months ago) |
|
|
That's not fair. You shouldn't have to be 18 to access ANYTHING on the net, provided it's not private information.
--------------------
"Sex is like a gun.. you aim, you shoot, you run" - Aerosmith
Come visit SacredShrooms.org!
|
Larrythescaryrex
teardrop on the fire
Registered: 07/19/00
Posts: 11,004
Loc: further down the spiral
Last seen: 9 months, 13 days
|
Re: Thor: Serious security issue invoving kids [Re: Demon]
#663648 - 06/05/02 04:58 AM (21 years, 3 months ago) |
|
|
Fair or not, if it was ever vital to the survival of the community, I would say kick out the minors.
larry
--------------------
RIP Acidic_Sloth
Sunset_Mission said:
"larry the scary rex
verily scary when thoroughly vexed
invoke the shadows and dust, cast a hex
mercifully massacring memories masterfully
relocate from Ur to 8th density and become a cosmic bully
mulder and scully couldn't decipher his glyphs
invoke the shadows and dust, smoke infernal spliffs"
April 24th 2011
|
|
Threaded
Previous
Index
Next
Kratom Powder for Sale 
Buy Kratom Capsules 
Red Vein Kratom 
Unfolding Nature: Being in the Implicate Order 
Substrate Bags
Edit 
Reply 
Lana
Mojo_Risin
1 2 all )
Alien
Akira4321
mm.
ImOver18