[MOD request]IP Log

[weirdpeople]

could someone make an ip log because i need one so bad and it would be so useful in my forum.

[karlbenson]

IP log of what?
All ips are already recorded for each user and you can search by ip etc.

What is the specific reason why you need to have IPs so bad?
These days if anything Ips are next to useless since they most are dynamic or are some form of proxy.

[uberjon]

IP log of what?
All ips are already recorded for each user and you can search by ip etc.

What is the specific reason why you need to have IPs so bad?
These days if anything Ips are next to useless since they most are dynamic or are some form of proxy.

actually from what i understand. even with proxies and or dynamic. knowing that ip can be fairly useful.

most proxy sites would probably block all access to your site via their servers. (upon request and report of abuse)

also if things get out of hand with dynamic users. it would not be to hard to contact the ISP and request all access from the account that used ip x.x.x.x at 12:37 est and accessed x.x.x.x ip from all access to x.x.x.x ip even if their dynamic changes.

furthermore. if that dynamic user decides to use proxies as well. you could probably file harassment charges. maybe a few other things.. "mental abuse or stalking or even damage to your business/etc"

and im sure it would not be hard for an ISP to block their access to know proxy ports and IP's as well. or even cut their net 100% if you have proof and are willing to do something with it

very rarely will more than 1 dsl account or cable modem ssn access x.x.x.x ip at x time with x.x.x.x ip so it would be nearly impossible to not get caught at that even with dynamic.. if you dont catch them on the first abuse because someone else was there as well. odds are you will catch them the second time.

[karlbenson]

I can give you some examples of how IPs are almost useless.

Example 1
I have 20+ users on my forum who live all over the UK and ALL have the same IP whenever they are on.
This is because all of them use AOL as an ISP and AOL routes all its internet traffic through a few computers.
In this example knowing the IP as 12.345.678.90 is useless because there are 20+ users who use the IP on my forum online, so reporting it to the ISP is useless, they won't be able to differentiate which user was responsible.

AOL are not the only ISPs using open cache proxies like these, BritishTelecom and others all over the world are using them MORE and MORE

Example 2
User uses proxies.
It is not hard for a user to find an anonymous proxy (theres lists of millions of them which change daily on the internet).
So if a user wanted to harass your forum, they would only need to use one of them and the IP you would have would be to a computer in China).  I'm not talking about http://usemyproxy.com , these are IP addresses you enter into your browser to proxify what your loading.

But even if they did use http://usemyproxy.com 99.99% of these sites DO NOT keep records/logs of users using their services.  It is their PRIMARY aim to keep everything private/cloaked. I've yet to come across one which would investigate abuse, never mind ban anyone.

Dynamic IPs are even worse, if you ban one of these, you could be accidentally banning the next 'innocent' user who happens to be assigned to that IP. While the culprit has his changed every time he connects and so could continue what he started.

These are just two examples, I can post many many many more.

------------------------------------
So what do I recommend?  Well I would suggest not to ban any IP except temporarily (in the event of a spammer), because if you ban an ip used by an isp using some form of proxy, you can easily ban the whole of Texas from your forum.
Its not always possible to find out if the IP is a proxy, so you never know.

-----------------
As far pursing legal action against any users, well unless your in the same country and they've gone so far as threatened to kill you, you pretty much have 0% chance of taking them to court. Besides I think in most jurisdictions on forums its been thrown out of court for claims of "mental abuse or harassement" caused by users on forums [at least here in the UK I'm sure they have].

IPs used to be very useful 5 years ago when most were fixed/static.  However every year they are less and less useful.  Unfortunately many site/forum owners still believe the former was the case, which puts them in a false sense of security.
(Its like the MPAA in their litigation claiming that IPs are assigned to people.)

[erlend_sh]

*Sadr claps, because that's what you do after a good long speach*

[elfishtroll]

*Sadr claps, because that's what you do after a good long speach*

^??? Sadr has the clap



Lets look at the "good long speech"

Just let me start of by noting SMF does a PISS POOR JOB at this and has been SLOPPY IN THIS REGARD FOR YEARS

I have 20+ users on my forum who live all over the UK and ALL have the same IP whenever they are on.
This is because all of them use AOL as an ISP and AOL routes all its internet traffic through a few computers.
In this example knowing the IP as 12.345.678.90 is useless because there are 20+ users who use the IP on my forum online, so reporting it to the ISP is useless, they won't be able to differentiate which user was responsible.

yes, but AOL and others like that maintain and forward to your website new variables: HTTP_VIA and HTTP_X_forward_for. You report THOSE variables/values!
Also, for members with a rotating IP like AOL has you also:
1. serve them custom cached content like special cookies, make sure the rotating IP rotates within the getHostbyAddr reported hostname or IP block*
Anonomisers like Proxify will rotate through multiple IPs many of them on the PlanetLab and Codeen Networks

User uses proxies.
It is not hard for a user to find an anonymous proxy (theres lists of millions of them which change daily on the internet).
So if a user wanted to harass your forum, they would only need to use one of them and the IP you would have would be to a computer in China).  I'm not talking about http://usemyproxy.com , these are IP addresses you enter into your browser to proxify what your loading.

You can block all the proxies if you want, and detect those you dont already have blocked.
Whenever you come across a new one, block the SERVER it is on, this will eliminate thousands of other possibilities

It depends on your forum and market, but the ability of you as a site operator to REQUIRE Javascript (or even better, Flash and/or Java) gives you much better options as far as security is concerned.
With flash, you can store LSO's and check that when they come back after being banned, with Java you can even interrogate their hard drive ID or MAC address, plus if you force them to enable flash/java/javascript to access your site, you can find their IP even if they use a proxy

[karlbenson]

I am aware of 'HTTP_VIA' and 'HTTP_X_forward_for'.
My experience has been that AOL (UK as least) is that they don't give differing IPs.  Either the same for both or one is blank.  Thankfully though there are less AOL users these days.

The crappy free anonymisers ARE easy enough to ban.

Its the IP ones which you put through your browser which are the ones which are harder to detect server side. Of course anything running client side could always find the stuff out. (although there is a privacy and security issue).

[elfishtroll]

I am aware of 'HTTP_VIA' and 'HTTP_X_forward_for'.
My experience has been that AOL (UK as least) is that they don't give differing IPs.  Either the same for both or one is blank.  Thankfully though there are less AOL users these days.

The crappy free anonymisers ARE easy enough to ban.

Its the IP ones which you put through your browser which are the ones which are harder to detect server side. Of course anything running client side could always find the stuff out. (although there is a privacy and security issue).

Well, they are just as easy or as hard. It depends on the network they are plugging their values into

remember how it works:

baduser -->Proxy server A --->YourSite.com

Lets say they insert the "ProxyServerA" IP address and also specify a port# as well


ProxyServerA (PS-A) takes their info and the destination url headers and forwards them on to your site. But because PS-A is often handling many connections, it needs to negotiate as it connects to your site IN A MANNER THAT IS DIFFERENT COMPARED TO A REGULAR BROWSER! ( the browser -yours- is dedicated to handling YOU the difference, though subtle, CAN be detected consistently server side, often in the initial request headers (85%) and if you cache and compare subsequent requests especially with special custom content, 98%

- finally you can make certain assumptions based on the domain resolution of the IP address:
If it resolves to something with "server" "hosting" ".info" ".reverse.layer" or any such crap, you can high probability assert that it is not some guys 'home ISP '

we are a bit off topic, he wants an IP log....

since everything runs through index.php, he could simply APPEND to a text file the current IP address, the username, userIP and as many environment variables he deems necessary to retain.  Personally, I do not dump it into a database, but a delimited text file (which I can scan with grep).

This is because I dont want constant database I/O for activity I am not very likely to look at again. If I DO need to really do serious analysis, I can import the data into a SQL database (not my site db) and dig through it there.