kinda agree with this, was thinking that too
| RuneTrack Forums http://runetrack.com/forums/ |
|
| IPs http://runetrack.com/forums/viewtopic.php?f=3&t=50 |
Page 1 of 1 |
| Author: | Dontlietome7 [ Thu Oct 15, 2009 7:42 pm ] |
| Post subject: | IPs |
Publishing IPs of people who viewed a sig is risky; somebody can make harvesting SW. I guess that approx. 250 of 1000 players are high-levelled and 20 of them have easily hackable computers (they're still using Firefox 2, theydon't have an anti-virus SW). It's quite dangerous. Please change some numbers to Xs. EDIT: Thanks for the update. |
|
| Author: | dsaltland25 [ Thu Oct 22, 2009 7:30 pm ] |
| Post subject: | Re: IPs |
kinda agree with this, was thinking that too
|
|
| Author: | Sword Kill11 [ Thu Oct 22, 2009 10:30 pm ] |
| Post subject: | Re: IPs |
While I understand the concern, the thing is - there's no way to know what IP matches who. You could look at anyone's profile IPs, and it's impossible to know which one belongs to who, making it all completely safe. Looking at it from your way, then technically Tip.it (the largest RuneScape fansite forum) would be the worst offender of all, seeing as they have the IPs logged of many top players *and* a way to directly link them to a specific account username. Every single fansite or clansite forum you sign up on automatically logs both your IP *and* account name (usually one's character name) - RuneTrack systems only do the former, not the latter. |
|
| Author: | Laur [ Sun Oct 25, 2009 9:22 am ] |
| Post subject: | Re: IPs |
Maybe to make it that tiny little bit safer, while still showing all the IPs, sort the IPs in ascending order, or randomise them? I think showing which IPs have seen each profile is a good idea: can see where in the world people are interested in a certain player 
|
|
| Author: | Dontlietome7 [ Tue Nov 17, 2009 12:57 pm ] |
| Post subject: | Re: IPs |
I agree. However the 1st IP in the full list is IP of first person who saw the signature. Usually people create RuneTrack profiles for themselves so it's not safer than tip.it 
|
|
| Author: | Sword Kill11 [ Wed Nov 18, 2009 1:02 am ] |
| Post subject: | Re: IPs |
Dontlietome7 wrote: I agree. However the 1st IP in the full list is IP of first person who saw the signature. Usually people create RuneTrack profiles for themselves so it's not safer than tip.it But usually people create Tip.it accounts for themselves - meaning the first IP address logged on a Tip.it account would most definitely be that person as well. However, I've decided to just go with Laur's idea and display the IP addresses in descending order, so that the first IP address to view a RuneTrack account will almost never appear at the #1 spot on the list. This should now take care of any safety issues. 
|
|
| Author: | Laur [ Thu Nov 19, 2009 10:36 am ] |
| Post subject: | Re: IPs |
Maybe for a little bit of added security so that those with only a few IPs viewing their profile, only show the IPs after at least say 25 unique IPs have viewed? Still have the counter but just not show the IPs to everyone for security reasons until many have viewed the profile. |
|
| Author: | maxromulan [ Thu Nov 26, 2009 7:52 am ] |
| Post subject: | Re: IPs |
Hi Sword Kill11 I too am very concerned about the publishing of IP’s against player profiles. Regardless of them being displayed in chronological or numerical order, these lists are a great source of information to hackers. Yes, they may find it harder to pick whose IP belongs to which account now, but did it occur to you that every address in every list belongs to someone who plays Runescape. Someone could write a harvesting tool to download masses of IP’s then target each of them with a trojan keylogger. Some kid could read a post of mine on a third party forum and be hacked without ever having visited Runetrack. Maybe I should bring this a little closer to home. I am sure that everyone in the FFDN forums will have read at least one of your posts - this means that the list attached to your name contains the IP address of every member of FFDN. Considering how many high profile players are members there, I find this quite disturbing. These players are not expecting to have their security compromised on an external website. It’s not just your list either, everyone on FFDN is logged against multiple profiles as soon as they open any thread. There really is no need to display individual IP’s. The total number of unique addresses would be more than sufficient. If you prefer a little more detail, then a count per region or country would be great too. This concern of mine is not unfounded. Until recently, I have been unaware of any direct hacking attempts made against me. I have always been security conscious and have been careful about which sites I visit. Considering your status as a RSOF Forum Moderator and the calibre of the people that recommended it to me, I considered this website to be relatively safe. Since creating my profile on this website, I have been subjected to numerous DDOS attacks. This stopped briefly when I changed my name, then restarted when you linked my old name to my new name. I changed my IP address and now use a proxy to visit your site. The DDOS attacks have completely stopped. I am also aware of members of FFDN who have experienced similar problems. The linking of the old name to the new, and displaying both on Runetrack is another thing that I am really disappointed with. No other reputable website takes it upon themselves to go against Jagex wishes and display name change history. Jagex specifically told you that this was against their policy. I repeat, NOT EVERYONE CHANGES THEIR NAMES BECAUSE THEY HAVE DONE SOMETHING WRONG! You have no right to invade our privacy. In a world where identity protection on the internet is paramount, please have some consideration for the security of the people who have placed their trust in you. I know you probably didn’t think you were doing anything wrong by displaying this information, but the truth is you are. |
|
| Author: | Sword Kill11 [ Thu Nov 26, 2009 10:59 pm ] |
| Post subject: | Re: IPs |
Hi maxromulan, Well firstly, you are certainlly the only one I've ever heard of having any security issues due to the IP lists (and no, I have not heard of any FFDN members who have experienced similar problems), which may suggest that it may not have anything to do with RuneTrack at all. But again, arguing that aspect will go nowhere on either end, as there's really no way to know for certain how someone got a hold of your information. And as no one here can actually confirm these DDOS you claim to be experiencing, stating that they are a direct cause of RuneTrack (which I'm not saying you necessarily are) would be a bit on the side of fear-mongering. Anyway, I've now come up with a solution that will make everyone happy. IP addresses will now display X's within them, as to not give out the complete address. For example, 50.150.200.250 will now appear as 50.150.200.XXX on the IP list. And because geolocation for an IP address is only based on the first 3 octets, removing the last octet will not inhibit future features I have in mind for display geographical information (like country/region tracking). maxromulan wrote: I repeat, NOT EVERYONE CHANGES THEIR NAMES BECAUSE THEY HAVE DONE SOMETHING WRONG! Of course not. From what I've seen, the vast majority of players who change their name simply grew tired of their old name, and wanted to change it to something that better reflected their personalities and interests. I think that's great, and I'm glad Jagex allows players to do that.Though the most significant issue resulting from this that I've seen is name confusion - Jagex failed to provide a practical way of keeping track of who anyone actually is anymore. Interestingly enough, you (and 1 other person) are the only one who seem to be against allowing people to maintain their identities by providing name histories. Everyone else's comments that I've heard on that feature have been very positive and supportive of the fact that people can now easily find out who they are without going around and constantly reminding/telling everyone. Not only this, but it also serves as an easy way for people to prove their identities to others if needed. I believe the number of people who prefer to have everyone know their previous display name far outweighs those who don't (and many people, but yes not all, within that small fraction of those who want to remain anonymous are likely doing so for malicious reasons). I am not providing anymore information than Jagex themselves are. Jagex does have an in-game feature which allows people to see a name change by hovering over a player's name - the problem is that it's temporary, and only goes 1 display name into the past. I'm simply taking what information is already 100% publicly available and compliling it in my own way for easier access. |
|
| Author: | maxromulan [ Fri Nov 27, 2009 12:07 am ] |
| Post subject: | Re: IPs |
Hi Sword kill11, Glad you are making some changes. Removing some of the numbers would help considerably. However, I would still like to know why you insist on providing lists, even if they’re now trimmed down. For what purpose would anyone need to see individual IP’s or even part of IP’s? ie, Why is a total by region not good enough? To be honest, a count or graph is a much more user-friendly option. I really don’t get this one and cannot think of any legitimate reason, yet you seem adamant this information must be provided. My concerns also come from years of working in the IT industry and having some understanding of security and customer identity protection. I have also seen first hand the devastating effects losing high level accounts can have on people. If the information you provide gives no tangible benefit to anyone but a hacker, then why provide it? With regards to the DDOS attacks I was experiencing - you’re right, I have no proof it was a result of Runetrack, but it was awfully coincidental. |
|
| Author: | Sword Kill11 [ Fri Nov 27, 2009 12:57 am ] |
| Post subject: | Re: IPs |
maxromulan wrote: For what purpose would anyone need to see individual IP’s or even part of IP’s? Yes, graphs/charts would certainlly be a lot nicer and are something I'm considering on including in future updates. For now the IP list page doesn't really serve much of a purpose other than just a user's curiosity, but it's just the foundation from which more updates will eventually occur. Again, the Websites Viewed page isn't necessary either, but it's just interesting information. ie, Why is a total by region not good enough? To be honest, a count or graph is a much more user-friendly option. Sure, I could remove the IP list now, but it would just come right back in a couple of months when I have the time to code some more worthwhile additions to it, which is why I don't see there be much point in just removing it temporarily. I was hoping to get these new features launched sooner, but have recently been working on some more basic design changes which increase site speed (some of my original scripts weren't all that efficient, and now that RuneTrack has so many members, they needed an update to handle it all). I suppose it's also possibly just the type of person I am as well - I enjoy compiling and displaying as much information as I can, no matter how seemingly insignificant it may seem. Thinking about it, every single slot of every row of every table in the RuneTrack database (with the single exception of Competition Tracker passwords  ) is viewable through some way on the site. I do understand the security concerns which is why I have gone ahead in not displaying full IP addresses anymore, but now that there aren't any issues, I don't see a problem with just keeping the list up there.
|
|
| Author: | David Starr [ Fri Nov 27, 2009 9:28 pm ] |
| Post subject: | Re: IPs |
maxromulan wrote: ...My concerns also come from years of working in the IT industry and having some understanding of security and customer identity protection... With regards to the DDOS attacks I was experiencing - you’re right, I have no proof it was a result of Runetrack, but it was awfully coincidental. What about working in the IT industry is giving you these concerns? I have worked in IT since the days of punch cards and paper tapes, and the compilation of data that Swordkill has done here in no way is a breach of anyone's security. I know a bit about IT security, and I am very comfortable being registered on this site. As for your DDOS attacks, I know a lot of people registered on this site and have never heard from any of them coming under attack from visiting here. Sword, great job! And thanks for all of the hard work you've put into this site! 
|
|
| Author: | Zormo3 [ Sat Dec 19, 2009 8:11 pm ] |
| Post subject: | Re: IPs |
To be honest, I didn't read all the text in all the posts. But please, just remove the IP list. It doesn't have any purpose. And this is the only reason why I made an account for these forums. |
|
| Author: | Sword Kill11 [ Sat Dec 19, 2009 8:19 pm ] |
| Post subject: | Re: IPs |
Zormo3 wrote: To be honest, I didn't read all the text in all the posts. Well, perhaps you should have, as this issue is now fixed as full IPs don't show anymore. http://runetrack.com/ips.php?user=Zormo3 |
|
| Author: | rocket700 [ Sun Dec 20, 2009 10:37 am ] |
| Post subject: | Re: IPs |
Sword, Just to let you know, the two IPs shown on the main profile page do not have the xxx's 
|
|
| Author: | Sword Kill11 [ Sun Dec 20, 2009 11:17 am ] |
| Post subject: | Re: IPs |
rocket700 wrote: Sword, Just to let you know, the two IPs shown on the main profile page do not have the xxx's Yes I'm aware of that - but as they're the two most recent IPs captured, they're always changing and likely never the IP of the account creator. |
|
| Author: | Dontlietome7 [ Wed Jan 06, 2010 6:33 pm ] |
| Post subject: | Re: IPs |
Thanks for the update. Thanks for detailed post, maxromulan. |
|
| Author: | vaiybora [ Sat Aug 12, 2017 11:00 pm ] |
| Post subject: | Re: IPs |
This page is very good,thank for sharing good topic. ซอมบี้ |
|
| Page 1 of 1 | All times are UTC [ DST ] |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|