How does it help the tracking IP's of registered users by LQ moderators

LQ moderators track IP of users who post in LQ.
How difficult it is and how does it help?

It's just a case of recording the source IP of a post when they are submitted.

It has plenty of uses, geo location etc, but the most common use is to find spam coming from the same source addresses under different account names etc.

Hi there,

Quote:

Originally Posted by bloodstreetboy LQ moderators track IP of users who post in LQ.

do they? Well, they might; it's even likely for them to do. But how do you know?

Quote:

Originally Posted by bloodstreetboy How difficult it is and how does it help?

Not difficult at all. The sender's and the receiver's IP address is an intrinsic part of any IP data packet. It's readily available on the server side. How you access this information depends on the technique you're using. In PHP, for example, you have it in $_SERVER['REMOTE_ADDR'], if I'm not mistaken, in Perl you can retrieve it from the process's environment variables.

Whether it helps? Hmm... helps with what??
It may help to re-identify users who caught your attention earlier; it may reveal someone using multiple accounts concurrently to look like several persons; it may be a hint for judging the user's geographical location (though this is not very reliable). Don't forget, however, that the IP address of many private dialup lines may change frequently - daily, within minutes, or even with each single request.

On the other hand, there may be legal issues in some countries. Storing IP addresses may be forbidden, because under certain conditions they can be tracked and traced back to the owner of the dialup connection. Some consider that an indecent intrusion into people's privacy.

So whatever you do, be careful.

[X] Doc CPU

For more reference the moderators do NOT track IP addresses, that'd be really hard work. The software running the site does it for us. And we, as standard moderators can not see that information, only Jeremy can.

IP-address information is used by many site-driving packages as one of many ways that are used to battle spam. Which, for nearly every site these days, is a "battle of the 'bots'" far in excess of what you see as a user. If these defenses were not in place, I think that most sites would not be useful.

Quote:

Originally Posted by Doc CPU Hi there, do they? Well, they might; it's even likely for them to do. But how do you know?

I guessed.
It's a site of linux experts, for linux experts(including) and by linux experts.
They can use/create/develop everything that has been asked here in these years.

It looks like their web server is apache, db is mysql or may be mongo (no-sql) and server side language is php or may be perl.

But we never know how deep the site is, may be they are using BigTable for db and functional programming like Scala or Haskell for web development.

webmin might not have as administration functionalities, LQ admin may have.

Number of Graphs and Pie charts and Reports are there in the admin site just like stock market sites.

There is data like disk usage, memory usage, load because of number of users, stress, performance, Networking, IP based user data, country based user data, Browser based, OS based, many terms even I can not imagine.

When they can detect your distro, whatelse they can not do?

They know the meaning of security, not only achieving it but pursuing too, they know they are linux site that's why they are not loose like one of the most popular distribution's forum site which was hacked sometimes before.

They are silent but it doesn't mean they are idle. They know how to improvise, adapt and overcome.

They are number one in Linux. They are LQ.

(had been too much emotional. should not be taken much seriously.
Moral : can't live without LQ)

Quote:

Originally Posted by bloodstreetboy webmin might not have as administration functionalities, LQ admin may have. Number of Graphs and Pie charts and Reports are there in the admin site just like stock market sites.

Any server administrator has access to server logs, which can be used to elaborate statistics and the like, in order to monitor performance or to improve security. There's nothing wrong with that. Then of course you have policies that say how those data can be used, and how they can not. On this point I'd certainly trust much more LQ than, say, "Muzzlebook".

Quote:

When they can detect your distro, what else they can not do?

This sounds somewhat like FUD. And actually, it's your browser that sends information about your distro to the server, and it does it in the user agent header: not so much work in order to "detect" it, really. Edit the user agent information and your distro won't be "detected" anymore.

Quote:

They are silent but it doesn't mean they are idle. They know how to improvise, adapt and overcome. They are number one in Linux. They are LQ.

This sounds a bit rhetorical. Of course, if you intend to organize illegal activities, or to secretely conspire against anything, then LQ is not the right place to do that, no web site is the right place to do that.

Quote:

Originally Posted by bloodstreetboy It looks like their web server is apache, db is mysql or may be mongo (no-sql) and server side language is php or may be perl. But we never know how deep the site is, may be they are using BigTable for db and functional programming like Scala or Haskell for web development.

Uhm, yes we do know. It's a vBulletin site. That means PHP and one of MariaDB, MySQL or PostGreSQL

In addition to vBulletin, LQ includes WordPress, Drupal, MediaWiki, and some other stuff. Notice what these all have in common with vBulletin: they're all PHP:

http://www.linuxquestions.org/questi...7/#post3774706

LQ's web development team is just Jeremy himself, with some help from one other person:

http://www.linuxquestions.org/questi...ml#post5108729

If LQ starts using Scala, Haskell, BigTable or MongoDB, then Jeremy would announce it.

Hi there,

Quote:

Originally Posted by Philip Lacroix Any server administrator has access to server logs, which can be used to elaborate statistics and the like, in order to monitor performance or to improve security. There's nothing wrong with that. Then of course you have policies that say how those data can be used, and how they can not.

and note that this does not alway agree with the Privacy Acts of your own country. For instance ... was it facebook? Yea, I think it was, let's assume that for the moment. Recently, there was much of a hubbubb in Germany (once again) about how facebook is dealing with users' data, and that much of that violates German privacy laws. And then on facebook's behalf, the simple reply was, our Europe branch is based in Ireland, and Irish law allows us to do what we're doing. Boing!

Quote:

Originally Posted by Philip Lacroix And actually, it's your browser that sends information about your distro to the server, and it does it in the user agent header: not so much work in order to "detect" it, really. Edit the user agent information and your distro won't be "detected" anymore.

Not as easy, anyway. There may be some more faint giveaway about the browser being used (a certain combination of Accept or Accept-Encoding headers, maybe), and from the browser you may assume or exclude one or the other platform. Just to feed the overly paranoid ...

Quote:

Originally Posted by Philip Lacroix Of course, if you intend to organize illegal activities, or to secretely conspire against anything, then LQ is not the right place to do that, no web site is the right place to do that.

Exactly, from a legal and ethical point of view. Technically, you might be running your own server, not in a professional data center, of course, but in your barn, and SSL-encrypt all your data being exchanged, using a self-signed certificate. That would lock out the average amateur hacker. But you may be assured that governmental authorities like the NSA, the BND, the Mossad, the KGB and many others still have the power to intercept and decode the data. The more obfuscated it is, the more suspicious it looks, and the more effort they will put in getting at it.

[X] Doc CPU

Moved: This thread is more suitable in <Suggestions & Feedback> and has been moved accordingly to help your thread/question get the exposure it deserves.

I'm not sure what you're actually asking here, but as Chris said mods do NOT track your IP in any way. The information is stored on a per post basis, predominantly for use in spam heuristics. As noted, most of our sites are PHP (although http://linuxexchange.org/ is Python and django). I've made a variety of posts/mentions about our infrastructure, which is currently nginx and Percona/MariaDB on Linux.

--jeremy

Quote:

Originally Posted by bloodstreetboy I guessed. It's a site of linux experts, for linux experts(including) and by linux experts. They can use/create/develop everything that has been asked here in these years.

1) You formed an opinion (or more accurately, jumped to a conclusion) without any knowledge of the actual circumstances.
2) You stated your assumption as fact.

1 and 2 are both bad.

One thing that I've always wondered about is, since many ISPs dynamically allocate IP addresses to users, can those IPs really be blocked? The same goes for logging as well. Apart from geo-location, does an IP address really denote a real user? Suppose a user on dynamically allocated addresses has made a 100 posts each from a different address, what good does collection of that data actually do? I mean, there are a lot of sites that I use that log IP addresses, but since there is no telling if I may ever get that IP again, is it really a privacy concern?

Quote:

One thing that I've always wondered about is, since many ISPs dynamically allocate IP addresses to users, can those IPs really be blocked? The same goes for logging as well. Apart from geo-location, does an IP address really denote a real user?

An IP address denotes a computer (or a public-facing router), not a person. When you are fighting against spammers, you need to use every tool at your disposal, and that can include the ip address of an attack vector. You block an offending ip address, not an ISP nor a person; the offender gets a new address, you block it again, and the game goes on.

On my blog, I both use Akismet and have a bunch of rules to block spam comments, but I do still get a few; the amount, though, is cut down to a manageable level.

I used to self-host my website and took a look at the logs a couple of times. Apache logs every action a browser takes--every get and hit it makes, and the incoming ip is part of that record.

More to the point, there is nothing secret about an ip address; it's as public as a street address. Anyone who thinks there is any secrecy to it deludes himself.

The internet is a public place.