Meso-rx And Ip Address Logging

Discussion in 'Security, Privacy & Anonymity' started by Millard Baker, Dec 11, 2013.

  1. Millard Baker

    Millard Baker Member

    I've had a few questions about IP address logging. I thought it would be good to share this with everyone.

    The application that powers the MESO-Rx forum is called Vbulletin. By default, IP addresses are logged in two instances:

    They are logged with each new registration. And they are logged with each new post. This IP data provides an extensive historical record.

    The explicit purpose of the IP logging is to prevent/control spamming/trolling on the forum. Most forum administrators find this to be extremely useful for this purpose.

    As some of you may have noticed, MESO recently found it useful to expose an individual who had been using multiple handles to troll/spam the forum.

    While this may have been good for the forum, the amount of information obtained from his logged IP address records was troubling. MESO doesn't feel comfortable having this amount of information on anyone.

    Unfortunately, most members do not use TOR or VPNs to protect their privacy. So this led to the following decision:

    Effective December 11, 2013, MESO-Rx no longer maintains IP address logs as part of the Vbulletin application. These have been disabled. Furthermore, the historic record of IP address logs since the very beginning of the forum have been purged today. In other words, MESO has absolutely no IP address records stored for any current members in Vbulletin.

    Members who have registered prior to today will not have any IP address records logged in Vbulletin going forward from this date.

    Here are a couple of caveats:

    First, IP addresses will continue to be logged for new member registrations in Vbulletin. The log will include ONLY the IP address used at the time of registration and NOT IP addresses linked to posts. However, MESO will purge this data every 30 days.

    Secondly, the previous information is application-specific; it applies only to the Vbulletin application. I have been corresponding with MESO's web host regarding privacy issues related to IP addresses. IP addresses are logged at the server level (IIS) for troubleshooting purposes only; they are deleted within 30 days.

    The type of logs collected are known as system logs and are not correlated with user data. They are maintained solely for troubleshooting.

    MESO has the option of disabling these logs. But my web host has strongly advised against it. MESO has not ruled out disabling the logs in the future upon further review of the consequences of such an action.
    11BJJ, Cryptobolics, smiles and 14 others like this.
  2. Purge

    Purge Member

    Thanks for the proactive response on this issue! Now it's time to download TOR, since other forums don't seem to be as security conscious.
    Millard Baker likes this.
  3. ebkallday

    ebkallday Member Supporter

    Thank you Millard for being open about what goes on behind the scenes. And also thank you for looking out for our security!! Meso is a great place. Happy Holidays!
    BIGjaxx and Millard Baker like this.
  4. Millard Baker

    Millard Baker Member

    I encourage everyone to ask other forum administrators to at least purge the historic record of IP addresses logged by vbulletin.

    I can completely understand why forum owners would be reluctant to disable IP logging linked to posts. This would make it more challenging to ban spammers/trolls. But at least they can purge the IP address records from the past.

    It should be noted that disabling IP address logging in the vbulletin admincp options section is not sufficient. That will only prevent future logging. IN order to delete past logging, two simple SQL queries need to be run on the database.

    This is all easily done.
  5. Spyder

    Spyder Member

    Anyway you can add a SSL cert to the site?
    Millard Baker and TaoPhD like this.
  6. Millard Baker

    Millard Baker Member

    This is on my to-do list. There are a couple of issues I need to fix particularly changing paths to images so it won't continually give errors e.g. partially encrypted/mixed content errors. Also, there may be some issues related to SEO and indexing of the site.
    Spyder likes this.
  7. Thanks Millard another improvement to an already great forum.
    Millard Baker likes this.
  8. TheGuy85

    TheGuy85 Member

    Thanks Millard, glad to see you are proactively ensuring the safety of Meso members, you are a stand up guy in my book.
    Millard Baker likes this.
  9. ChillBill

    ChillBill Member

    Thanks for thinking about safety
    Millard :-bd
    Millard Baker likes this.
  10. pittbox

    pittbox Member

  11. Millard,thank you. Karma will come back to you my friend. Positivity will bounce nack
  12. Bounce back at you. Sorry I hit post before I was done
  13. Millard Baker

    Millard Baker Member

    Thanks, everyone!
  14. geauxtiger

    geauxtiger Member

  15. nophat

    nophat Member

    Whats the users name?
  16. Kubrick

    Kubrick Member

    Dbcpunk, bigmotherfucker, biggermotherfucker, and another one that I can't remember.
  17. drgreenthumb628

    drgreenthumb628 Member Supporter

    Thanks millard you really make this a great forum
  18. Misterboots

    Misterboots Member

    Spyder or anyone who knows, what is SSL and how will it work to better MESO? Definitely not doubting, just interested. I feel like I have seen that when ordering things online, from like ebay maybe?


    B double O
  19. Candyskull

    Candyskull Member

    You gotta learn some Google fu bootsie. To sum it up really quick it's data encryption between host (this site) and users (us). It's a step in protecting your identity.

    Now, go do these three searches for practice:

    beezil, Misterboots and flenser like this.
  20. Millard Baker

    Millard Baker Member

    The IP addresses for new member registrations between 2013-12-11 and 2014-01-05 have been deleted.
    flex001, Joeblack and fit2beking like this.