RuneTrack Forums
It is currently Sun May 27, 2018 9:02 am

All times are UTC [ DST ]




Reply to topic  [ 18 posts ] 

Do you like hiding last 3 characters from IP lists?
Yes, alot 67%  67%  [ 4 ]
Yes, sort of 0%  0%  [ 0 ]
I don't care 33%  33%  [ 2 ]
No 0%  0%  [ 0 ]
Total votes : 6
Author Message
 Post subject: IPs
PostPosted: Thu Oct 15, 2009 7:42 pm 
Offline

Joined: Thu Oct 01, 2009 7:19 pm
Posts: 4
Publishing IPs of people who viewed a sig is risky; somebody can make harvesting SW. I guess that approx. 250 of 1000 players are high-levelled and 20 of them have easily hackable computers (they're still using Firefox 2, theydon't have an anti-virus SW). It's quite dangerous. Please change some numbers to Xs.

EDIT: Thanks for the update.


Last edited by Dontlietome7 on Wed Jan 06, 2010 6:44 pm, edited 1 time in total.

Top
 Profile  
 
 Post subject: Re: IPs
PostPosted: Thu Oct 22, 2009 7:30 pm 
Offline

Joined: Mon Jun 22, 2009 4:45 am
Posts: 3
kinda agree with this, was thinking that too :|

_________________
Image


Top
 Profile  
 
 Post subject: Re: IPs
PostPosted: Thu Oct 22, 2009 10:30 pm 
Offline
Site Admin

Joined: Sat Jun 06, 2009 12:38 am
Posts: 546
While I understand the concern, the thing is - there's no way to know what IP matches who. You could look at anyone's profile IPs, and it's impossible to know which one belongs to who, making it all completely safe.

Looking at it from your way, then technically Tip.it (the largest RuneScape fansite forum) would be the worst offender of all, seeing as they have the IPs logged of many top players *and* a way to directly link them to a specific account username.

Every single fansite or clansite forum you sign up on automatically logs both your IP *and* account name (usually one's character name) - RuneTrack systems only do the former, not the latter.

_________________
ImageImage


Top
 Profile  
 
 Post subject: Re: IPs
PostPosted: Sun Oct 25, 2009 9:22 am 
Offline
User avatar

Joined: Fri Jun 12, 2009 12:57 pm
Posts: 22
Maybe to make it that tiny little bit safer, while still showing all the IPs, sort the IPs in ascending order, or randomise them?

I think showing which IPs have seen each profile is a good idea: can see where in the world people are interested in a certain player :D

_________________
Laur - FFDN High Councilor

:E

Image


Top
 Profile  
 
 Post subject: Re: IPs
PostPosted: Tue Nov 17, 2009 12:57 pm 
Offline

Joined: Thu Oct 01, 2009 7:19 pm
Posts: 4
I agree. However the 1st IP in the full list is IP of first person who saw the signature. Usually people create RuneTrack profiles for themselves so it's not safer than tip.it :cry:


Top
 Profile  
 
 Post subject: Re: IPs
PostPosted: Wed Nov 18, 2009 1:02 am 
Offline
Site Admin

Joined: Sat Jun 06, 2009 12:38 am
Posts: 546
Dontlietome7 wrote:
I agree. However the 1st IP in the full list is IP of first person who saw the signature. Usually people create RuneTrack profiles for themselves so it's not safer than tip.it :cry:
But usually people create Tip.it accounts for themselves - meaning the first IP address logged on a Tip.it account would most definitely be that person as well.

However, I've decided to just go with Laur's idea and display the IP addresses in descending order, so that the first IP address to view a RuneTrack account will almost never appear at the #1 spot on the list. This should now take care of any safety issues. :)

_________________
ImageImage


Top
 Profile  
 
 Post subject: Re: IPs
PostPosted: Thu Nov 19, 2009 10:36 am 
Offline
User avatar

Joined: Fri Jun 12, 2009 12:57 pm
Posts: 22
Maybe for a little bit of added security so that those with only a few IPs viewing their profile, only show the IPs after at least say 25 unique IPs have viewed? Still have the counter but just not show the IPs to everyone for security reasons until many have viewed the profile.

_________________
Laur - FFDN High Councilor

:E

Image


Top
 Profile  
 
 Post subject: Re: IPs
PostPosted: Thu Nov 26, 2009 7:52 am 
Offline

Joined: Thu Sep 03, 2009 10:30 pm
Posts: 8
Hi Sword Kill11

I too am very concerned about the publishing of IP’s against player profiles. Regardless of them being displayed in chronological or numerical order, these lists are a great source of information to hackers.

Yes, they may find it harder to pick whose IP belongs to which account now, but did it occur to you that every address in every list belongs to someone who plays Runescape. Someone could write a harvesting tool to download masses of IP’s then target each of them with a trojan keylogger.

Some kid could read a post of mine on a third party forum and be hacked without ever having visited Runetrack.

Maybe I should bring this a little closer to home. I am sure that everyone in the FFDN forums will have read at least one of your posts - this means that the list attached to your name contains the IP address of every member of FFDN. Considering how many high profile players are members there, I find this quite disturbing. These players are not expecting to have their security compromised on an external website. It’s not just your list either, everyone on FFDN is logged against multiple profiles as soon as they open any thread.

There really is no need to display individual IP’s. The total number of unique addresses would be more than sufficient. If you prefer a little more detail, then a count per region or country would be great too.

This concern of mine is not unfounded. Until recently, I have been unaware of any direct hacking attempts made against me. I have always been security conscious and have been careful about which sites I visit. Considering your status as a RSOF Forum Moderator and the calibre of the people that recommended it to me, I considered this website to be relatively safe.

Since creating my profile on this website, I have been subjected to numerous DDOS attacks. This stopped briefly when I changed my name, then restarted when you linked my old name to my new name. I changed my IP address and now use a proxy to visit your site. The DDOS attacks have completely stopped. I am also aware of members of FFDN who have experienced similar problems.

The linking of the old name to the new, and displaying both on Runetrack is another thing that I am really disappointed with. No other reputable website takes it upon themselves to go against Jagex wishes and display name change history. Jagex specifically told you that this was against their policy. I repeat, NOT EVERYONE CHANGES THEIR NAMES BECAUSE THEY HAVE DONE SOMETHING WRONG! You have no right to invade our privacy.

In a world where identity protection on the internet is paramount, please have some consideration for the security of the people who have placed their trust in you. I know you probably didn’t think you were doing anything wrong by displaying this information, but the truth is you are.


Top
 Profile  
 
 Post subject: Re: IPs
PostPosted: Thu Nov 26, 2009 10:59 pm 
Offline
Site Admin

Joined: Sat Jun 06, 2009 12:38 am
Posts: 546
Hi maxromulan,

Well firstly, you are certainlly the only one I've ever heard of having any security issues due to the IP lists (and no, I have not heard of any FFDN members who have experienced similar problems), which may suggest that it may not have anything to do with RuneTrack at all. But again, arguing that aspect will go nowhere on either end, as there's really no way to know for certain how someone got a hold of your information. And as no one here can actually confirm these DDOS you claim to be experiencing, stating that they are a direct cause of RuneTrack (which I'm not saying you necessarily are) would be a bit on the side of fear-mongering.

Anyway, I've now come up with a solution that will make everyone happy. :)

IP addresses will now display X's within them, as to not give out the complete address. For example, 50.150.200.250 will now appear as 50.150.200.XXX on the IP list. And because geolocation for an IP address is only based on the first 3 octets, removing the last octet will not inhibit future features I have in mind for display geographical information (like country/region tracking).
maxromulan wrote:
I repeat, NOT EVERYONE CHANGES THEIR NAMES BECAUSE THEY HAVE DONE SOMETHING WRONG!
Of course not. From what I've seen, the vast majority of players who change their name simply grew tired of their old name, and wanted to change it to something that better reflected their personalities and interests. I think that's great, and I'm glad Jagex allows players to do that.

Though the most significant issue resulting from this that I've seen is name confusion - Jagex failed to provide a practical way of keeping track of who anyone actually is anymore.

Interestingly enough, you (and 1 other person) are the only one who seem to be against allowing people to maintain their identities by providing name histories. Everyone else's comments that I've heard on that feature have been very positive and supportive of the fact that people can now easily find out who they are without going around and constantly reminding/telling everyone. Not only this, but it also serves as an easy way for people to prove their identities to others if needed. I believe the number of people who prefer to have everyone know their previous display name far outweighs those who don't (and many people, but yes not all, within that small fraction of those who want to remain anonymous are likely doing so for malicious reasons).

I am not providing anymore information than Jagex themselves are. Jagex does have an in-game feature which allows people to see a name change by hovering over a player's name - the problem is that it's temporary, and only goes 1 display name into the past. I'm simply taking what information is already 100% publicly available and compliling it in my own way for easier access.

_________________
ImageImage


Top
 Profile  
 
 Post subject: Re: IPs
PostPosted: Fri Nov 27, 2009 12:07 am 
Offline

Joined: Thu Sep 03, 2009 10:30 pm
Posts: 8
Hi Sword kill11,

Glad you are making some changes. Removing some of the numbers would help considerably.

However, I would still like to know why you insist on providing lists, even if they’re now trimmed down.

For what purpose would anyone need to see individual IP’s or even part of IP’s?
ie, Why is a total by region not good enough? To be honest, a count or graph is a much more user-friendly option.

I really don’t get this one and cannot think of any legitimate reason, yet you seem adamant this information must be provided.

My concerns also come from years of working in the IT industry and having some understanding of security and customer identity protection. I have also seen first hand the devastating effects losing high level accounts can have on people. If the information you provide gives no tangible benefit to anyone but a hacker, then why provide it?

With regards to the DDOS attacks I was experiencing - you’re right, I have no proof it was a result of Runetrack, but it was awfully coincidental.


Top
 Profile  
 
 Post subject: Re: IPs
PostPosted: Fri Nov 27, 2009 12:57 am 
Offline
Site Admin

Joined: Sat Jun 06, 2009 12:38 am
Posts: 546
maxromulan wrote:
For what purpose would anyone need to see individual IP’s or even part of IP’s?
ie, Why is a total by region not good enough? To be honest, a count or graph is a much more user-friendly option.
Yes, graphs/charts would certainlly be a lot nicer and are something I'm considering on including in future updates. For now the IP list page doesn't really serve much of a purpose other than just a user's curiosity, but it's just the foundation from which more updates will eventually occur. Again, the Websites Viewed page isn't necessary either, but it's just interesting information.

Sure, I could remove the IP list now, but it would just come right back in a couple of months when I have the time to code some more worthwhile additions to it, which is why I don't see there be much point in just removing it temporarily. I was hoping to get these new features launched sooner, but have recently been working on some more basic design changes which increase site speed (some of my original scripts weren't all that efficient, and now that RuneTrack has so many members, they needed an update to handle it all).

I suppose it's also possibly just the type of person I am as well - I enjoy compiling and displaying as much information as I can, no matter how seemingly insignificant it may seem. Thinking about it, every single slot of every row of every table in the RuneTrack database (with the single exception of Competition Tracker passwords :P) is viewable through some way on the site.

I do understand the security concerns which is why I have gone ahead in not displaying full IP addresses anymore, but now that there aren't any issues, I don't see a problem with just keeping the list up there. :)

_________________
ImageImage


Top
 Profile  
 
 Post subject: Re: IPs
PostPosted: Fri Nov 27, 2009 9:28 pm 
Offline
User avatar

Joined: Thu Jun 25, 2009 12:03 am
Posts: 10
Location: Texas
maxromulan wrote:
...My concerns also come from years of working in the IT industry and having some understanding of security and customer identity protection...
With regards to the DDOS attacks I was experiencing - you’re right, I have no proof it was a result of Runetrack, but it was awfully coincidental.


What about working in the IT industry is giving you these concerns? I have worked in IT since the days of punch cards and paper tapes, and the compilation of data that Swordkill has done here in no way is a breach of anyone's security. I know a bit about IT security, and I am very comfortable being registered on this site.

As for your DDOS attacks, I know a lot of people registered on this site and have never heard from any of them coming under attack from visiting here.

Sword, great job! And thanks for all of the hard work you've put into this site! :thumbsup:

_________________
Image
Image


Top
 Profile  
 
 Post subject: Re: IPs
PostPosted: Sat Dec 19, 2009 8:11 pm 
Offline

Joined: Sat Dec 19, 2009 8:06 pm
Posts: 2
To be honest, I didn't read all the text in all the posts.

But please, just remove the IP list. It doesn't have any purpose.

And this is the only reason why I made an account for these forums.


Top
 Profile  
 
 Post subject: Re: IPs
PostPosted: Sat Dec 19, 2009 8:19 pm 
Offline
Site Admin

Joined: Sat Jun 06, 2009 12:38 am
Posts: 546
Zormo3 wrote:
To be honest, I didn't read all the text in all the posts.
Well, perhaps you should have, as this issue is now fixed as full IPs don't show anymore. :P

http://runetrack.com/ips.php?user=Zormo3

_________________
ImageImage


Top
 Profile  
 
 Post subject: Re: IPs
PostPosted: Sun Dec 20, 2009 10:37 am 
Offline

Joined: Sun Jun 21, 2009 8:18 pm
Posts: 4
Sword,
Just to let you know, the two IPs shown on the main profile page do not have the xxx's ;)


Top
 Profile  
 
 Post subject: Re: IPs
PostPosted: Sun Dec 20, 2009 11:17 am 
Offline
Site Admin

Joined: Sat Jun 06, 2009 12:38 am
Posts: 546
rocket700 wrote:
Sword,
Just to let you know, the two IPs shown on the main profile page do not have the xxx's ;)

Yes I'm aware of that - but as they're the two most recent IPs captured, they're always changing and likely never the IP of the account creator.

_________________
ImageImage


Top
 Profile  
 
 Post subject: Re: IPs
PostPosted: Wed Jan 06, 2010 6:33 pm 
Offline

Joined: Thu Oct 01, 2009 7:19 pm
Posts: 4
Thanks for the update. Thanks for detailed post, maxromulan.


Top
 Profile  
 
 Post subject: Re: IPs
PostPosted: Sat Aug 12, 2017 11:00 pm 
Offline

Joined: Fri Jul 21, 2017 1:45 am
Posts: 43
This page is very good,thank for sharing good topic.

ซอมบี้


Top
 Profile  
 
Display posts from previous:  Sort by  
Reply to topic  [ 18 posts ] 

All times are UTC [ DST ]


Who is online

Users browsing this forum: No registered users and 4 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group