Home | Community | Message Board
You are not signed in.
Sign In New Account
Forum Index Search Posts Trusted Vendors Highlights Galleries FAQ User List Chat Store Random Growery


This site includes paid links. Please support our sponsors.

General Interest > Science and Technology
Threaded Mode Threaded  Previous topic Previous  View all topics Index  Next topic Next 

Welcome to the Shroomery Message Board! You are experiencing a small sample of what the site has to offer. Please login or register to post messages and view our exclusive members-only content. You'll gain access to additional forums, file attachments, board customizations, encrypted private messages, and much more!

Shop: Mushroom-Hut Substrate Bags   Unfolding Nature Unfolding Nature: Being in the Implicate Order   Kraken Kratom Red Vein Kratom   PhytoExtractum Kratom Powder for Sale   Myyco.com Isolated Cubensis Liquid Culture For Sale   Left Coast Kratom Buy Kratom Capsules

Jump to first unread post Pages: 1
Thor: Serious security issue
    #575292 -

First of all I would like to say that I am not posting this to attack anyone. I just have a serious security concern, and hope that it can be addressed and corrected. Yesterday, I registered a nick here at the shroomery. When I received the confirmation e-mail, I noticed that my IP address was listed in the e-mail. I did some research, and in numerous post it is stated that the shroomery does not track IP addresses. So, what is up? I registered two different nicks yesterday just to see if it would do it again.Sure enough there it was again. This is a serious security issue for those who post here at the shoomery. Granted it was not my true IP address that it registered. I use proxy servers surf the internet. Still though, my concern is for others who may not be aware of this, and for the entire community. Thor, I was hoping you could explain what is going on. Why is the shroomery logging IP addresses. I know you have stated that it does not, but currently it is happening. When did this start? If you still hold that the shroomery does not tack IP addresses, then why is the IP address being sent out on confirmation e-mails.Again, I hope you take no offense to my questions. I'm merely trying to figure out what the deal is.

Extras: Filter Print Post Top
Re: Thor: Serious security issue [Re: zoodoo]
    #575315 -

Maybe I can shed a little light on this subject.....

The word, "Log" and "uses" is intertwined here.... The Shroomery doesn't keep a database of IP addresses. Or in other words it doesn't "log" your IP address. For some email clients to work they need an IP address, any one. It can be from a proxy server or your actual address...doesn't matter.

This is so that the following mail server can understand that it actually came from another computer. Does that make sense? Think of it this way, if I send you an email, YOUR email server won't recognize that its an incoming email if my IP address isn't in the header. It would just bounce back to you as "undeliverable". Your mail server needs it in order for you to get the letter.

The Shroomery doesn't keep IP addresses. People sometimes get paranoid when they see that their IP address is in the Shroomerys server. The server needs an IP address.

Its up to you to decide wether or not you want to "hide" your IP address by using a proxy. Just as you said, when you tried to register other nicks, the IP address of your proxy server showed up. Thats a good thing, thats exactly what proxies are for!

So in short, the Shroomery doesn't keep IP addresses....it just needs to use them for a short period of time.

Hope that helps?

Lana


--------------------
Myco Supply - Distributors of Mycological Products
http://www.MycoSupply.com

The Premiere Source for Mushroom Growing Supplies.
Visit us online or call us toll free

Extras: Filter Print Post Top
Re: Thor: Serious security issue [Re: Lana]
    #575411 -

We used to have it so that it wouldn't send the IP address but I think it is a good idea to keep it there incase someone tries to signup a nickname with your email address. This was if you didn't signup you can see who did (as you are the only one able to view your email). The IP address is not kept in a database and is erased after the script has been executed. This is for your own security and does not pose a security threat to yourself.


--------------------
Your friendly neighborhood loon

Extras: Filter Print Post Top
Re: Thor: Serious security issue [Re: Lana]
    #575424 -

Thanks Lana and 3D :smile:

Two very smart people.

Extras: Filter Print Post Top
Re: Thor: Serious security issue [Re: Thor]
    #575429 -

So your telling me you guys don't sit around in a circle smoking and laughing about who the puppets are?

Edited by boxtop703 (03/11/02 12:05 AM)

Extras: Filter Print Post Top
Re: Thor: Serious security issue invoving kids [Re: ]
    #580057 -

I have been approached by, and I am sure all the vendors have been fooled into doing business with, kids under 18. I think this site, for it's and the users protection, should make it a 18 and over site. You could at least put a sign-in button or question that makes the person have to lie to get in the shroomery. If they lie, the blame is on them. I think vendors should do the same thing, even more seriously and stronger. Do you really want to sell spores to people under 18? You could put a button "over 18" that goes to the "business". You could put a under 18 that goes to.........Disney? I don't know. Just make it them who has to lie or break rules to get on, and you are at least covered (or have a defense rather then nothing. The trouble with minors is that they request illegal things, thye run their mouths too much, they order from vendors then Mom and or Dad find a couple of cakes fruting and hit the PC. It isn't going to take them long to find the gathering place, and probably the vendor. I know a spore vendor who just sold a print to a minor that was faking and using a college address. He had cakes fruting and when his fater found them he called the FBI, and the DEA, and the Sheriff department in the vendors county. That is kind of scary, even though it is legal and we do nothing illegal. It is not illegal have or deal in spores anywhere i know of except California. i don't know if the law doesn't allow posession at all, or just no shipping there from out of state. We Mycologists get a bad rap for no reason. There was even a big slam article in the Local Newspaper in Palm Beach Florida a few months ago slamming "shroomers", and lisitng the Internet as the number one problem and specifically mentioned this site and the Lycaeum (sp)?
Just a suggestion, what have others thought about this? Has anyone else ran into problems? No, I was NOT the vendor, this was a year and a half ago. Mr.G








--------------------
"Mr.G with a rose, in and out of the garden goes, country gharden in the wind and the rain whereever he goes the people all complain!"
"The Grateful Dead" Thanks boys, I miss you Jerry!
Did it hurt that much?

Extras: Filter Print Post Top
Re: Thor: Serious security issue [Re: Lana]
    #597141 -

What about the emails that were sent to new users that contain this ip? Previously sent emails are discarded? When were they discarded? Was a free-space wipe done? What about backups?

I've seen this subject come up many times here and I have a hard time believing there are no logs or emails with ip's that don't end up *somewhere* that's not un-recoverable, intended or unintended. Data tends to be sticky.

Not paranoid, just wondering.

Buzz


--------------------
Is the glass half-full or half-empty? I say it is both.

Extras: Filter Print Post Top
Re: Thor: Serious security issue [Re: BuzzDoctor]
    #597584 -

I'm not sure how wwwthreads goes down, however. All webservers log ip's. They are in a shared log file, and you wont be able to tell wich users is wich. The bulletin board may contain ip addresses for its use, wich could be eliminated by using a mask? Maybe something like x1x.23.41.12x for 216.23.41.122 or something to hide hte actual address, but have enough of it to prevent multiple signups, etc, etc.

Another thing is your ISP! Some isp's give out any amount of information to anyone at anytime. I could call up with your ip address, and get your info. Other isp's wont give any away without a warrent, no matter who's at their door.


--------------------
The DJ's took pills to stay awake and play for seven days.

Extras: Filter Print Post Top
Re: Thor: Serious security issue [Re: tak]
    #597910 -

I know for a fact that my ISP requires a warrant before giving any information unless it is requested by the user of the account. If someone's account was logged onto the internet over a weekend that they weren't home, and they want to know exact times - they'll get that info, but only connection times. This is providing they can prove they are the owner of that account. Dialup users with dynamic ip's require a bit more work, but not much.

But about my previous post - Lana? Can you help me out with that?

Buzz


--------------------
Is the glass half-full or half-empty? I say it is both.

Extras: Filter Print Post Top
Re: Thor: Serious security issue [Re: BuzzDoctor]
    #598773 -

I think you'd be ok, php contains functions to retrieve ip details, and it's mail function just passes the generated email to the outgoing mail server. there is no need for any of it to be written to disk at all, it is only transiently in memory.


--------------------
MAPS.org: supporting psychedelic and medical marijuana research since 1986

Extras: Filter Print Post Top
Re: Thor: Serious security issue [Re: BuzzDoctor]
    #599057 -

Hi BuzzDoctor,
Well, I'll be the first to admit that I'm not 100% sure about where discarded emails go.  This is something that the folks who actually host The Shroomery would know. 

This brings me to the Shroomery Raffle. 

With the Shroomery raffle, Thor was able to create a stand alone server for the Shroomery.  This is good in the way that load times will be faster and things will be smoother, but security in general will be tighter.   

But back to you question, many webhosting companies allow a certain percentage of space for emails only.  Why do they do this?  Spam.  Mass mailing  spammers will get webhosting space for $19.95 simply to host junk remove lists

ANYWAY....most webhosting companies have a quota that is limited to email.  Some even delete email after 30/60/90 days...

I wish I could answer your question, but I can only give "guesstimates" :smile: 

One last thing....  For those of you who are a little paranoid about the Shroomery logging IP addresses.  You should be MUCH more concerned about your ISP logging them.

Earthlink for example already (has been for almost 2 years) been using Carnivore to scan emails and surfed websites. 

But thats a whole other story:) 

Lana 


--------------------
Myco Supply - Distributors of Mycological Products
http://www.MycoSupply.com

The Premiere Source for Mushroom Growing Supplies.
Visit us online or call us toll free

Extras: Filter Print Post Top
Re: Thor: Serious security issue [Re: Lana]
    #604733 -

Earthlink? heh? I thought that was the inside trading company, maybe I was wrong, I need to stick to Aol and all their sub ordinates

Extras: Filter Print Post Top
Re: Thor: Serious security issue invoving kids *DELETED* [Re: Mr. G]
    #663638 -

Post deleted by Demon

Reason for deletion: bcuz

Extras: Filter Print Post Top
Re: Thor: Serious security issue invoving kids [Re: Demon]
    #663648 -

Fair or not, if it was ever vital to the survival of the community, I would say kick out the minors.

larry


--------------------
RIP Acidic_Sloth

Sunset_Mission said:
"larry the scary rex
verily scary when thoroughly vexed
invoke the shadows and dust, cast a hex
mercifully massacring memories masterfully
relocate from Ur to 8th density and become a cosmic bully
mulder and scully couldn't decipher his glyphs
invoke the shadows and dust, smoke infernal spliffs"
April 24th 2011

Extras: Filter Print Post Top
Jump to top Pages: 1

Shop: Mushroom-Hut Substrate Bags   Unfolding Nature Unfolding Nature: Being in the Implicate Order   Kraken Kratom Red Vein Kratom   PhytoExtractum Kratom Powder for Sale   Myyco.com Isolated Cubensis Liquid Culture For Sale   Left Coast Kratom Buy Kratom Capsules

General Interest > Science and Technology
Threaded Mode Threaded  Previous topic Previous  View all topics Index  Next topic Next 

Similar ThreadsPosterViewsRepliesLast post
* Question for admin, and F-Secure Lana 2,158 2 05/28/01 12:18 PM
by 3DSHROOM
* Microsoft Issues Patch for 'Critical' Windows Secu Mojo_Risin 1,202 4 11/21/02 06:44 PM
by Mojo_Risin
* USA Patriot Act on Network Security Practice Lana 1,695 1 11/27/01 10:08 PM
by Ishmael
* Security Compromise at The Shroomery Lana 1,734 3 09/29/01 01:37 PM
by PGF
* Post deleted by Administrator
( 1 2 all )		 Alien 6,373 25 05/30/01 05:32 PM
by them_26
* Forum Security Akira4321 1,066 4 09/11/02 04:05 PM
by mickey_rourke
* Windows security mm. 1,873 1 06/01/01 06:08 PM
by Its Pat
* Hard drive installation issue. Help please! ImOver18 956 8 12/06/04 04:39 PM
by Cubieman420

Extra information
You cannot start new topics / You cannot reply to topics
HTML is disabled / BBCode is enabled
Moderator: trendal, automan, Northerner
2,697 topic views. 0 members, 0 guests and 2 web crawlers are browsing this forum.
[ Show Images Only | Sort by Score | Print Topic ]
Search this thread:

Copyright 1997-2026 Mind Media. Some rights reserved.

Generated in 0.028 seconds spending 0.006 seconds on 16 queries.