anonymous ip loggin...
 
Notifications
Clear all

anonymous ip logging in forums  

  RSS
suxnet
(@suxnet)
New Member

Hello
I am doing a research paper on cyber bullying. I am not diving into the how to do things as I am not an expert in this field. I only took an intro course. But in my paper, I am supposed to come up with possible solutions to the problem. The thing where computer forensics coming into play is laws.
My current thing Im looking into and will talk about is the old website, Juicy Campus. It was out a few years ago but has shut down. Juicy Campus has always said, based on what Ive read, that there is anonymity and no ip logging. JC states they do not keep track of a given ip with a post. How is this really possible legally? If someone made a legit threat, the police need to get the ip to get the person. Do they just go to the isp and have them pull it from a query or is a website administrator legally bound to hand over the ip address and they just dont tell the board members in order to boost their confidence in the board?
Thanks!

Quote
Posted : 19/07/2011 8:21 am
hcso1510
(@hcso1510)
Active Member

I’ve never heard of juicy campus, but I do recall a few years ago receiving a FBI bulletin regarding an anonymous website that operated like a bulletin board based in the Netherlands. It contained some of the vilest crap the internet has to offer. I’m no expert on this, so I’ll be interested to see the replies as well, but I’d say that much of what is considered being "anonymous" has to do with how a website is set up? I don’t know that there is a requirement to retain any “ip logging” so I assume that if they don’t retain it they feel it is anonymous.

ReplyQuote
Posted : 19/07/2011 9:20 am
twjolson
(@twjolson)
Active Member

How is this really possible legally?

I am no expert, but why would you assume it is required? It'd be like the government requiring Walmart to check and record drivers licenses when people enter. For one, it's an invasion of privacy, and two it's government intrusion. I am not saying it isn't possible, but people would be mad.

ReplyQuote
Posted : 19/07/2011 9:53 am
suxnet
(@suxnet)
New Member

ISP has the address regardless and if the government wants it bad enough, they will get it.
I just dont know how the anonymous works on web board.
Yes, it would be considered an invasion of privacy. But in the case someone is making threats such as killing someone or up to terrorism, one would think there would be a way to track it. And if not, maybe there should be for those types of cases.

ReplyQuote
Posted : 19/07/2011 10:11 am
pragmatopian
(@pragmatopian)
Active Member

It's fairly simple if the site doesn't retain logs of the IP addresses of it's visitors then they're unlikely to be recoverable. Of course, you may be able to identify evidence elsewhere if you have a clear suspect then you may be able to retrieve internet history records from their computer, or the ISP that the suspect and/or the site in question use may hold relevant data.

Requiring every website to record and retain IP records for every visitor would be too much. Our lives are over-regulated as it is.

ReplyQuote
Posted : 19/07/2011 1:28 pm
Muirner
(@muirner)
Member

ISP has the address regardless and if the government wants it bad enough, they will get it.

But as you mentioned in the first post, if they do not log the IP they will not know which ISP to query and attempt to uncover subscriber information. I highly doubt that a cast all net would (or could) be thrown out to provide subscriber information for everyone who visited _____ site.

ReplyQuote
Posted : 19/07/2011 8:29 pm
kovar
(@kovar)
Senior Member

Greetings,

The site probably has only one, perhaps two, upstream providers. Those providers could either log traffic, or turn on logging if ordered by the court. Many ISPs keep flow information for billing and planning purposes, which could be illuminating as well.

-David

ReplyQuote
Posted : 19/07/2011 8:47 pm
4n6art
(@4n6art)
Active Member

From what I understand, most forums have the capability of logging IP addresses - this is generally to allow forum admins to ban certain IPs (ranges) based on abuse. However, if I am not mistaken there are settings that the admin can choose on whether to track or not track the IP. If the IP is not tracked - that's it.

David's point is well taken - there is an option of going to the upstream provider, but they would have to implicitly show that the IP accessed the forum (and not just the website hosting the forum - like FF for example) - but it may be a start.

I know there is no legal requirement on the part of a forum admin to track or save IPs. I would assume that if a cooperative admin was approached by an LEA on a knock-n-talk and asked to track IPs to see future messages or posts, they would/could do it. The operative phrase being "cooperative admin" )

-=Art=-

ReplyQuote
Posted : 19/07/2011 9:05 pm
suxnet
(@suxnet)
New Member

THANKS all for your responses.
Personally I think it would be beneficial to have ip tracking. Trying to prove someone guilty of one crime based on one forum post might be hard. But ip tracking, it would allow forensics investigators to find patterns in behavior.

ReplyQuote
Posted : 19/07/2011 9:14 pm
4n6art
(@4n6art)
Active Member

Possibly… but that assumes that the person would be using the same username or handle in every forum and they have a static IP address assigned to them - or you could be targeting an entire company since their external (static, generally) IP would be the same for a lot (or all) of their employees.

THANKS all for your responses.
Personally I think it would be beneficial to have ip tracking. Trying to prove someone guilty of one crime based on one forum post might be hard. But ip tracking, it would allow forensics investigators to find patterns in behavior.

ReplyQuote
Posted : 19/07/2011 9:28 pm
lucpel
(@lucpel)
Member

Websites are usually not obligated to keep track of ip's, unless they are required to do it , like electronic bank services , or e commerce websites(of course, depends the jurisdiction). In criminal law cases law enforcement agents can order ISP's to show and preserve records.
But at the end, very few investigations will succeed , considering
1) An ip address by itself won't be enough evidence to convict someone.
2) If the supicious or the web server is located in other country than yours, you will first have to determine the applicable law, the natural court, so even if you get the location of the suspicious, the case will have to be very relevant in order to get international cooperation.

ReplyQuote
Posted : 20/07/2011 5:25 am
Passmark
(@passmark)
Active Member

There is another important point that I don't think was mentioned. Web servers running forum software typically have more than 1 layer of logging.

So there is the logging in the forum software itself (at least for the major packages) and there is also logging going on by the web server software (typically this is Apache or IIS)

So even if the forum logging is disabled, then the web server might have server logs with IP addresses that the hosting company could provide.

For example here is the Apache log entry of someone logging in and making a post in our forum.

178.45.49.75 - - [02/Jun/2011001445 -0400] "POST /forum/login.php?do=login HTTP/1.0" 200 20758 "http//mail.passmark.com/forum/newthread.php?do=newthread&f=6" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.01"

178.45.49.75 - - [02/Jun/2011001444 -0400] "GET /forum/newthread.php?do=newthread&f=6 HTTP/1.0" 200 23836 "http//mail.passmark.com/newthread.php?do=newthread&f=6" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.01"

You get their IP address and a lot of other information besides.

ReplyQuote
Posted : 26/07/2011 6:05 pm
jhup
 jhup
(@jhup)
Community Legend

For a busy website, I would keep no more than a few days worth of server logs, and only a subset/statistics thereafter.

There is another important point that I don't think was mentioned. Web servers running forum software typically have more than 1 layer of logging.

So there is the logging in the forum software itself (at least for the major packages) and there is also logging going on by the web server software (typically this is Apache or IIS)

So even if the forum logging is disabled, then the web server might have server logs with IP addresses that the hosting company could provide.

For example here is the Apache log entry of someone logging in and making a post in our forum.

178.45.49.75 - - [02/Jun/2011001445 -0400] "POST /forum/login.php?do=login HTTP/1.0" 200 20758 "http//mail.passmark.com/forum/newthread.php?do=newthread&f=6" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.01"

178.45.49.75 - - [02/Jun/2011001444 -0400] "GET /forum/newthread.php?do=newthread&f=6 HTTP/1.0" 200 23836 "http//mail.passmark.com/newthread.php?do=newthread&f=6" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.01"

You get their IP address and a lot of other information besides.

ReplyQuote
Posted : 27/07/2011 12:49 am
dwhyte
(@dwhyte)
New Member

There are two parts to the problem on forums like this, they may have logs despite saying they don't the fact is they wont comply because they're based offshore in a 'safe haven' and the parent ISP won't comply either, at the moment there are alot of issues with this with cybercrime forums based in Romania, Russia and certain NL providers - so this is common.

The easiest way to prove someone is hoping they have the same handle, same link signatures… things like that. You could ask upstream providers to log originators to the website - this is done already i'm sure to some current websites, but it's easy to get a free VPN and hook up TOR - you're then pretty much anonymous… providing credentials and profile data aren't the same as other forums they use.

Many of the gh0stmarket cybercrime forum got caught by having xbox gamer tags the same as handles on the forum ), they were suitably 'safe' with setup but not with forum profile D

Bit of a tough one, but the above are what you need to be aware of, IMO.

ReplyQuote
Posted : 29/07/2013 12:01 pm
Share: