Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

MAC ADDRESS? How to identify users?

edited June 2011 in Vanilla 2.0 - 2.8
I'm finding it extremely difficult to moderate and block users who have started to commit illegal activity (fraud for e.g.)

With static ip's and a complete lack of ip log history for users, how am I suppose to track and block these ip's ?

Is there anywhere at all on the database that logs the MAC address of the users?

How can i stop these users when vanilla has such a basic user logging system? It only records the last ip address, in order to even track a users ip's I have to check every single post they have made and look at the logged ip address from there (that's if i'm lucky and they've made posts).

Have you guys thought about implementing a better logging system in order to help block people conducting fraud etc.? Or is that just bad luck for the webmaster...

Answers

  • dandvdandv New
    edited June 2011
    You can't log the user's MAC address because it doesn't get transmitted by TCP/IP. Otherwise, companies wouldn't bother with browser uniqueness and other tricks to identify users.
  • lucluc ✭✭
    Which version do you use?
  • The MAC address isnt a one stop shop to identify users... nor should we be in the business of identifying or promoting ways to track users

    $ ifconfig -a | grep HWaddr
    eth0 Link encap:Ethernet HWaddr 00:80:48:BA:d1:20

    or http://www.alobbs.com/macchanger/

    i find it odd that your forum users are committing "illegal" activity, or that you would reference it as such. Freedom of speech is powerful, and the repression of this right is frightful. If your forum is tailored to a specific topic or group, then the site should allude to an expected stance if you will on the various subjects that are bound to come up. For users to commit illegal activities on a discussion forum means that the environment created has fostered these ideas, or that users are spamming your forums to talk about illegal things. I still doubt the legality of such activities until proven otherwise

    @dandv
    there are some really great researchers and some interesting reads/studys/white papers/ poc's etc about defeating panopticlick (browser uniqueness).

    the moment that users are unable to surf the net anonymously, is the moment that big brother controls the net. until then, the onslaught continues

  • 2 words - Flash cookies

    Also, @dandv, awesome website. Thanks for turning us onto it.
  • noscript betterprivacy ect ect
  • TimTim Vanilla Staff
    I'm finding it extremely difficult to moderate and block users who have started to commit illegal activity (fraud for e.g.)

    ...

    Have you guys thought about implementing a better logging system in order to help block people conducting fraud etc.? Or is that just bad luck for the webmaster...
    The lack of tracking/logging in Vanilla is something we're working on internally, and these kinds of problems are one of our primary focuses right now. Sorry to hear you're running into problems, but the good news is that we're working very hard to solve this problem (and in a way that takes the burden off your shoulders as an administrator).
    nor should we be in the business of identifying or promoting ways to track users
    That is incorrect. These days there is every expectation that unless otherwise stated, the website you're viewing is probably tracking you as much as possible, either for commercial use (targeted advertising) or for some technological reason (writing a post before logging in, etc). Vanilla should be empowering forum administrators when it comes to leveraging their userbase and pruning their community for the purposes of creating a better environment for their target audience. Part of that is tracking.
    i find it odd that your forum users are committing "illegal" activity, or that you would reference it as such. Freedom of speech is powerful, and the repression of this right is frightful. If your forum is tailored to a specific topic or group, then the site should allude to an expected stance if you will on the various subjects that are bound to come up. For users to commit illegal activities on a discussion forum means that the environment created has fostered these ideas, or that users are spamming your forums to talk about illegal things. I still doubt the legality of such activities until proven otherwise
    People misbehave on forums. That is a fact of life and it has been this way since the dawn of the forum. When OP uses the word "illegal", he could very well be referring to users who are merely breaking rules specific to his forum. Even forums that are set up to discuss the most mundane, above-board topics can fall prey to trolls and miscreants seeking to cause mischief and otherwise break the rules.

    Regardless however, under US law internet discussion boards fall under the classification of "private forum" and are therefore not subject to the laws of "Free Speech". Administrators are perfectly justified in defining their own rules and enforcing them in whatever way they see fit.

    Vanilla Forums COO [GitHub, Twitter, About.me]

  • bobthemanbobtheman
    edited July 2011
    @Tim
    depending on the states stance and the current interpretation by the supreme court of the 1st AM. I have seen argued that a public forum open to registration for new users is protected by the first amendment.

    "the content on the Internet is as diverse as human thought." We should take care that this defining characteristic of the greatest forum for free speech ever invented isn't whittled away through millions of private choices whose cumulative effect no one would desire."

    http://www.aclu.org/blog/free-speech-technology-and-liberty/private-companies-shape-what-you-say-and-read-online

    can being a user of an online service, public or private, revokes one right to free speech? The ACLU, EFF, and millions of Americans say no. The idea that we can voluntarily give up our constitutional rights.. and some would argue including myself intrinsic rights is preposterous

    offtopic i know

    I understand your point, we need to empower admins to effectively manage their forums, deter and prevent spam, manage users, ect ect, but not at the expense of privacy invasion and tactics that the end user don't want. Flash cookies/super cookies/LSO's/ panopticlick ... the list goes on and on.

    You are also assuming that the user wants to achieve the aforesaid. What if i prefer to allow guest access, guest posting, no tracking ect. Not to mention there are ways to promote and protect user privacy, preventing the identification of a whistleblowers, and promoting free speech. pseudanonymity ..

  • i think the popularity of TOR and other like services is self evident. The fact that we need services like mixmaster remailers, mac and ip spoofing ect ect
  • LincLinc Admin
    I have seen argued that a public forum open to registration for new users is protected by the first amendment.
    There is a difference between the government regulating what can be said on a site and the owner regulating it. The former is what the First Amendment covers. It does not cover the latter, nor will you find any laws or court cases stating otherwise.
  • I would have to disagree... though i find the discussion off topic so i'll leave it be unless requested otherwise, i would hope that some of the devs and users understand the importance of anonymous communication

    "Protections for anonymous speech are vital to democratic discourse. Allowing dissenters to shield their identities frees them to express critical, minority views . . . Anonymity is a shield from the tyranny of the majority. . . . It thus exemplifies the purpose behind the Bill of Rights, and of the First Amendment in particular: to protect unpopular individuals from retaliation . . . at the hand of an intolerant society." supreme court

    Please remember that privacy is a growing popular feature, and that intrusive laws and tactics are being debated/purposed/bills passed at an alarming rate. There are methods less intrusive to accomplish the mentioned tasks.


    if you find interest in the topic might i mention
    http://www.youtube.com/watch?v=t0aQojDGSD4

    three parts, be sure to watch them all

  • edited August 2011
    These laws you're referring to are US law. Not everybody using vanilla are from the US, we have our own laws in each country, so as far as relevance to the original topic, you have definitely moved off-topic.

    I'm familiar with users hopping on socks5 proxies/tor networks etc. However the general population of scammers are not going to be aware of MAC address spoofing, so I'm trying to get 1 step ahead of them to identify and stop repeat scammers committing further offences. I am well in favor of identity protection, however you waive that right when you start scamming honest people for their hard earned money. Any scammers are named, shamed and the community works together to recover the money they have taken. This is the way it works in my community, if you have another opinion then I respect that, however your opinion means nothing to me as anonymity on my forum would be a complete disaster, as it's an underground invite only community where the only trust checker you have is your alias.

    I don't have the police to administrate or investigate what happens on my forum. I am the only person able to do it. So I hope to have as many tools available as humanly possible to stop fraud on my forums.

    Thanks to those suggesting earlier. I will check them out immediately.
  • This is very good answer
    follow this link also
    https://youtu.be/pd1XUI4Rnp4

Sign In or Register to comment.