Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
MAC ADDRESS? How to identify users?
I'm finding it extremely difficult to moderate and block users who have started to commit illegal activity (fraud for e.g.)
With static ip's and a complete lack of ip log history for users, how am I suppose to track and block these ip's ?
Is there anywhere at all on the database that logs the MAC address of the users?
How can i stop these users when vanilla has such a basic user logging system? It only records the last ip address, in order to even track a users ip's I have to check every single post they have made and look at the logged ip address from there (that's if i'm lucky and they've made posts).
Have you guys thought about implementing a better logging system in order to help block people conducting fraud etc.? Or is that just bad luck for the webmaster...
With static ip's and a complete lack of ip log history for users, how am I suppose to track and block these ip's ?
Is there anywhere at all on the database that logs the MAC address of the users?
How can i stop these users when vanilla has such a basic user logging system? It only records the last ip address, in order to even track a users ip's I have to check every single post they have made and look at the logged ip address from there (that's if i'm lucky and they've made posts).
Have you guys thought about implementing a better logging system in order to help block people conducting fraud etc.? Or is that just bad luck for the webmaster...
0
Answers
$ ifconfig -a | grep HWaddr
eth0 Link encap:Ethernet HWaddr 00:80:48:BA:d1:20
or http://www.alobbs.com/macchanger/
i find it odd that your forum users are committing "illegal" activity, or that you would reference it as such. Freedom of speech is powerful, and the repression of this right is frightful. If your forum is tailored to a specific topic or group, then the site should allude to an expected stance if you will on the various subjects that are bound to come up. For users to commit illegal activities on a discussion forum means that the environment created has fostered these ideas, or that users are spamming your forums to talk about illegal things. I still doubt the legality of such activities until proven otherwise
@dandv
there are some really great researchers and some interesting reads/studys/white papers/ poc's etc about defeating panopticlick (browser uniqueness).
the moment that users are unable to surf the net anonymously, is the moment that big brother controls the net. until then, the onslaught continues
Also, @dandv, awesome website. Thanks for turning us onto it.
Regardless however, under US law internet discussion boards fall under the classification of "private forum" and are therefore not subject to the laws of "Free Speech". Administrators are perfectly justified in defining their own rules and enforcing them in whatever way they see fit.
Vanilla Forums COO [GitHub, Twitter, About.me]
depending on the states stance and the current interpretation by the supreme court of the 1st AM. I have seen argued that a public forum open to registration for new users is protected by the first amendment.
"the content on the Internet is as diverse as human thought." We should take care that this defining characteristic of the greatest forum for free speech ever invented isn't whittled away through millions of private choices whose cumulative effect no one would desire."
http://www.aclu.org/blog/free-speech-technology-and-liberty/private-companies-shape-what-you-say-and-read-online
can being a user of an online service, public or private, revokes one right to free speech? The ACLU, EFF, and millions of Americans say no. The idea that we can voluntarily give up our constitutional rights.. and some would argue including myself intrinsic rights is preposterous
offtopic i know
I understand your point, we need to empower admins to effectively manage their forums, deter and prevent spam, manage users, ect ect, but not at the expense of privacy invasion and tactics that the end user don't want. Flash cookies/super cookies/LSO's/ panopticlick ... the list goes on and on.
You are also assuming that the user wants to achieve the aforesaid. What if i prefer to allow guest access, guest posting, no tracking ect. Not to mention there are ways to promote and protect user privacy, preventing the identification of a whistleblowers, and promoting free speech. pseudanonymity ..
"Protections for anonymous speech are vital to democratic discourse. Allowing dissenters to shield their identities frees them to express critical, minority views . . . Anonymity is a shield from the tyranny of the majority. . . . It thus exemplifies the purpose behind the Bill of Rights, and of the First Amendment in particular: to protect unpopular individuals from retaliation . . . at the hand of an intolerant society." supreme court
Please remember that privacy is a growing popular feature, and that intrusive laws and tactics are being debated/purposed/bills passed at an alarming rate. There are methods less intrusive to accomplish the mentioned tasks.
if you find interest in the topic might i mention
http://www.youtube.com/watch?v=t0aQojDGSD4
three parts, be sure to watch them all
I'm familiar with users hopping on socks5 proxies/tor networks etc. However the general population of scammers are not going to be aware of MAC address spoofing, so I'm trying to get 1 step ahead of them to identify and stop repeat scammers committing further offences. I am well in favor of identity protection, however you waive that right when you start scamming honest people for their hard earned money. Any scammers are named, shamed and the community works together to recover the money they have taken. This is the way it works in my community, if you have another opinion then I respect that, however your opinion means nothing to me as anonymity on my forum would be a complete disaster, as it's an underground invite only community where the only trust checker you have is your alias.
I don't have the police to administrate or investigate what happens on my forum. I am the only person able to do it. So I hope to have as many tools available as humanly possible to stop fraud on my forums.
Thanks to those suggesting earlier. I will check them out immediately.
This is very good answer
follow this link also
https://youtu.be/pd1XUI4Rnp4