Displaying IP Addresses

RZetlin

Spaceman
I just notice on these forums that the IP addresses for each member are displayed openly.

I don't think it's wise to have the recorded IP address displayed like this for security reasons.
 
Most forums these days display the IP address openly. The main reason is that if someone decides to troll or spam the forum, it's much easier to find all the accounts using the same IP address and ban them than to do it one by one.

There really aren't any security implications either. Virii, botnets, spammers, etc. will find your computer easily enough. And IP addresses can't really be traced to email addresses, either. Script kiddies just do massive IP network scans all the time to find vulnerable machines. Either way, they're much faster methods than scouring forums for IP addresses (which may or may not still be valid) - mainly by just trying all addresses in a subnet (it works too - Windows machines will get infected within 5 minutes if not protected). To their benefit though, forums don't do a reverse-DNS lookup that resolves the IP to a name, so it's a tiny bit tricker to analyze.
 
However, AFAIK, nobody's been hacked due to their IP being displayed here, and I've lurked for years. *Knocks on wood*

You're far more likely to be portscanned as part of a range, rather than by being singled out by IP, anyways - 'tis easier on the script kiddie ;)

Finally, any half-decent firewall fixes whatever issues someone could cause w/ an IP (except maybe DoS - but again, who wants to DoS somebody here)

[EDIT - Worf beat me to it]
 
Worf said:
Most forums these days display the IP address openly. The main reason is that if someone decides to troll or spam the forum, it's much easier to find all the accounts using the same IP address and ban them than to do it one by one.

yes, but that's admin business, so only admins need see the ip.

even then, it should be a function of the forum software [ban ixnaythespammer and all from his ip] without the admins needing to deal with the ip address directly.

my main concern would be the possibility of someone getting geographic information from ip and crossmatching that somehow with my name, and it doesn't worry me personally because i happen to have a dirt-common name.
 
http://www.hamuniverse.com/ipscam.html

We find it actually reduces problems. It's come up before (http://www.crius.net/zone/showpost.php?p=147969&postcount=28), and the software at the time made hiding them unwieldy. Any time you come on irc, chat with someone over an IM program or play on a public game server, everyone there can easily get your IP address. It's not that big of a deal. At any rate, making a new thread about this is great way to complain, but a poor way to actually reach the technical admins with the ability to make any changes. We have a technical contact address at the bottom of every page for forum issues such as this.

warlock said:
my main concern would be the possibility of someone getting geographic information from ip and crossmatching that somehow with my name, and it doesn't worry me personally because i happen to have a dirt-common name.

Yeah, I'm worried every day that someone on the internet might someday discover my real name.
 
Last edited by a moderator:
You are IP-visible, it is true, but they are IP-visible, also; you are all IP-visible alike.

Starkey's reply to that thread is as valid today as it was in 2002: "The IP thing has been successful in keeping BobMcDob away, so I vote against supressing it."
 
RZetlin, I share your concerns about anonymity and security. However as others said the danger is minimal. Hackers wouldn't search forums for this information unless there is a reason to specifically target you (so be nice to us will ya ;-) ).
Regarding privacy it obviously IS a problem. However if you are really concerned about that you migth want to consider to use an anonymizer service or a proxy cascade. Also forge your UA while you are at it...
 
Bandit LOAF said:
Starkey's reply to that thread is as valid today as it was in 2002: "The IP thing has been successful in keeping BobMcDob away, so I vote against supressing it."

I thought we wanted him around for Reckoning? Not back then though, obviously.

IP's shouldn't be a major problem, anyway, I'd imagine a lot of them are NAT'd.
 
Oh nohs. Yuo will be teh hax0red bai acid burn an crash override!

Frankly, who cares? My firewall logs an IP if someone on IRC pings me and from there I can trace it. The trick is - don't do something you shouldn't be doing in the first place and no one will report you to your ISP.
 
warlock said:
my main concern would be the possibility of someone getting geographic information from ip and crossmatching that somehow with my name, and it doesn't worry me personally because i happen to have a dirt-common name.

Hi, Warlock. You live in San Leandro, CA. I'm coming with a chainsaw. :)

(As far as someone getting your name...listing your IP address is less dangerous than listing your email address)
 
ChrisReid said:
Yeah, I'm worried every day that someone on the internet might someday discover my real name.
Yeah, well, you should be... next thing you know, some crazed Wing Commander fanatic might try to find you at DragonCon!
 
Funny enough, someone was able to find my real name and address. (They sent me a package!).

They just visited the web site which I also linked to my real domain, which they found my resume... but that is an exception to the rule since I knew it's possible, just not how determined that certain someone was.

Think of it this way - if they can trace an IP to a real name easily, the RIAA won't be filing lawsuits based on IP addresses now, would they? They wouldn't need to go to the ISP to get that information. And a Comcast customer wouldn't be suing Comcast for Comcast giving their information to the RIAA. It's not easy, and it involves a lot of court time for whoever wants to find out who's at the other end of an IP address.

Plus, some IPs are highly dynamic, so even knowing the IP today doesn't mean it's the same possibly an hour from now. Port scanning and network mapping is far easier and gets you a bunch of IPs that are valid in minutes, rather than hours-old forum posts. (plus, visiting a forum requires work. port scanning and IP scanning takes seconds and is hands-off. Lazy wins.).
 
Back
Top