How to keep my users save.

MohammadHI

Hello, my name is Mohammad, I don't want to give too much info about what I'm doing due to the fear of the death penalty, but I and a group of people are wanting to open a website to fight against Saudi Arabia government. We would like to use VanillaForums for the website itself but we don't have any idea how to stop vanilla forums from logging IPS or any other info that could give the locations of the users or admins if the server itself was a raid by the government or hack.

R_J

If you create a file /conf/bootstrap.before.php and write following contents in it, you should be able to mask all IP addresses and Vanilla will always use that false one:

<?php
$_SERVER['REMOTE_ADDR'] = '127.0.0.1';

Given that the background of this question is very severe, I would ask more people. Maybe you can also ask on reddits phphelp group.

But please don't forget that your http server also logs IP addresses. Only preventing Vanilla from collecting this information can't be enough.

I wish you all the best with your project!

MohammadHI

@R_J said:
If you create a file /conf/bootstrap.before.php and write following contents in it, you should be able to mask all IP addresses and Vanilla will always use that false one:

<?php
$_SERVER['REMOTE_ADDR'] = '127.0.0.1';

Given that the background of this question is very severe, I would ask more people. Maybe you can also ask on reddits phphelp group.

But please don't forget that your http server also logs IP addresses. Only preventing Vanilla from collecting this information can't be enough.

I wish you all the best with your project!

Thanks for the advice.

R_J

There are more server variables that you might want to change:

HTTP_X_ORIGINALLY_FORWARDED_FOR
HTTP_X_CLUSTER_CLIENT_IP
HTTP_X_FORWARDED_FOR
HTTP_CLIENT_IP
REMOTE_ADD

But as I've said before: you might get better help in a forum/discussion group that is not focused on one special php script.

MohammadHI

@R_J said:
There are more server variables that you might want to change:

HTTP_X_ORIGINALLY_FORWARDED_FOR
HTTP_X_CLUSTER_CLIENT_IP
HTTP_X_FORWARDED_FOR
HTTP_CLIENT_IP
REMOTE_ADD

But as I've said before: you might get better help in a forum/discussion group that is not focused on one special php script.

Would I do it like this:
<?php
$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
$_SERVER['HTTP_X_ORIGINALLY_FORWARDED_FOR'] = '127.0.0.1';
$_SERVER['HTTP_X_CLUSTER_CLIENT_IP'] = '127.0.0.1';
$_SERVER['HTTP_X_FORWARDED_FOR'] = '127.0.0.1';
$_SERVER['HTTP_CLIENT_IP'] = '127.0.0.1';
$_SERVER['REMOTE_ADD'] = '127.0.0.1';

Any other variables I should add?
Thanks again for the help!

R_J

As far as I have seen, this server variables seem to be the only ones that are used for determining the visitors IP in Vanilla.

Concerning logs of the server, you could start with this article: https://yawnbox.com/index.php/2012/07/27/sop-for-disabiling-ip-address-logging/

MohammadHI

@R_J said:
As far as I have seen, this server variables seem to be the only ones that are used for determining the visitors IP in Vanilla.

Concerning logs of the server, you could start with this article: https://yawnbox.com/index.php/2012/07/27/sop-for-disabiling-ip-address-logging/

K, thanks.

x00

if you are waiting until you are getting to web application level it is already too late. IPs are already supplied and logged at various stages.

The safest thing for your users is for them to access your site through a proxy, which might be pertinent if the site is hosted outside SA and could be easily blocked.

If you want to be really sophisticated is use dark web/ techniques and not have your site located anywhere in particular but communicate in federation, with a more suitable protocol.

However this is not great for non-technical users, and I'm guessing you want a certain overtness to put external pressure in SA.

x00

I would provide information on how to use a proxies, like Tor.

MohammadHI

@x00 said:
I would provide information on how to use a proxies, like Tor.

K, thanks.