How Do I Delete Any Record of IP Logging?

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Scam Warning
movedtoomuch
Registered User
Posts: 11
Joined: Sun Jul 29, 2007 4:55 pm

How Do I Delete Any Record of IP Logging?

Post by movedtoomuch » Sun Aug 02, 2009 4:35 pm

Our board has registered members, and an anonymous login for posting sensitive information. I really do not want someone coming to me one day asking for the IP address of those people if something goes legal. I assume I can find those IPs tied to messages? How do I delete that information so I can not provide something I do not have - BEFORE it is requested.

I have tried all kinds of searches already to find an answer, but no luck.

narqelion
I've Been Banned!
Posts: 7235
Joined: Sat Dec 13, 2008 5:00 pm
Contact:

Re: How Do I Delete Any Record of IP Logging?

Post by narqelion » Sun Aug 02, 2009 5:12 pm

Have a look through this topic, starting with the post linked.

User avatar
EXreaction
Former Team Member
Posts: 5666
Joined: Sun Aug 21, 2005 9:31 pm
Location: Wisconsin, U.S.
Name: Nathan

Re: How Do I Delete Any Record of IP Logging?

Post by EXreaction » Sun Aug 02, 2009 6:34 pm

narqelion wrote:Have a look through this topic, starting with the post linked.
Also note the last reply from HoL. ;)


TBH, there isn't much you can do without a dedicated system. phpBB isn't the only thing with logs and IP addresses of users visiting the server. It all can be traced with enough time and effort as long as you are keeping those logs too (like apache access logs).

narqelion
I've Been Banned!
Posts: 7235
Joined: Sat Dec 13, 2008 5:00 pm
Contact:

Re: How Do I Delete Any Record of IP Logging?

Post by narqelion » Sun Aug 02, 2009 6:49 pm

EXreaction wrote:Also note the last reply from HoL. ;)
Just an opinion, nothing more nothing less. ;) Not being able to tie a specific IP address to a specific post is basically what anybody in that topic was asking for. Personally I have IP session validation disabled, always have even going back to when I used IPB. Never had a problem with session hijacking, thanks though. ;)

Yet another example of treating board admins as children who do not have the *sense* look after themselves. Free will. Ever heard of it? :P

movedtoomuch
Registered User
Posts: 11
Joined: Sun Jul 29, 2007 4:55 pm

Re: How Do I Delete Any Record of IP Logging?

Post by movedtoomuch » Sun Aug 02, 2009 10:13 pm

I host my board on a 3rd party host (1&1). Since it is my database and can edit it, I would guess I could delete some type of information? Maybe their server tracks something, but somebody would need to then request legally from them to get that information. And, I am guessing if someone dug enough, a backup might exist someplace, but probably not worth digging. To clarify, we have one userid that anybody can use and I really do not want to know WHO is posting certain information. Not illegal, but just touchy subject matter. If some idiot wanted to ask me for the IP address of someone posting under that loginid, I would like to say "I do not have a clue and we do not track the IP, or erase them on a regular basis". Have been doing this for a few months now and have no problems at all with hacking or abuse. I am not concerned with security at this point.

User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 50812
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve
Contact:

Re: How Do I Delete Any Record of IP Logging?

Post by stevemaury » Sun Aug 02, 2009 10:48 pm

Tell the idiot "no". Problem solved.
For REALLY good and VERY inexpensive hosting CLICK HERE

I can stop all your spam. I can upgrade or update your Board. PM or email me. (Paid support)

movedtoomuch
Registered User
Posts: 11
Joined: Sun Jul 29, 2007 4:55 pm

Re: How Do I Delete Any Record of IP Logging?

Post by movedtoomuch » Mon Aug 03, 2009 12:17 am

re: tell the idiot no!

In most cases that will work. I envision a situation where the "idiot" wants to identify someone that may have posted questionable information or borderline inflammatory, and they get a court order to reveal the source. All rather marginal and I think not illegal, but just none of their damn business. I would like to say, sorry, can not help you.

Roberdin
Registered User
Posts: 203
Joined: Sun Nov 24, 2002 3:56 pm
Location: London, United Kingdom

Re: How Do I Delete Any Record of IP Logging?

Post by Roberdin » Mon Aug 03, 2009 12:23 am

If you receive a court order, you will be required to hand over the information, however it is recorded; including in back-up copies or on the web server logs. It won't say, "Hand over the information, unless it's too much trouble".

Also, why would a court order be given if there was no possibility of the user breaching a law? You realise that it may be you who is held accountable if the actual poster cannot be located.
Roberdin

narqelion
I've Been Banned!
Posts: 7235
Joined: Sat Dec 13, 2008 5:00 pm
Contact:

Re: How Do I Delete Any Record of IP Logging?

Post by narqelion » Mon Aug 03, 2009 1:10 am

stevemaury wrote:Tell the idiot "no". Problem solved.
Not really. The whole point of this request is plausible deniability. You cannot be forced to hand over records that are not kept in the first place. It seems obvious to me that the OP here is looking for a way to eliminate any situation where they could be dragged into an e-discovery process should some idiot file a frivolous lawsuit (and let's be honest here, 99.99% of civil suits here in the US are frivolous greed mongering), most likely civil from what the OP is describing. No law has to actually be broken for a court order for discovery to be issued, all that is necessary is an allegation. There are perfectly reasonable and legal reasons for protecting the anonymity of discussions, be they on the internet or in person. Confidential informants used by law enforcement and journalists, whistleblowers etc. Or you could just be posting some really embarrassing personal information, thoughts or feelings. It is really not up to us to judge. ;)

@movedtoomuch, I commend you for being far sighted enough to protect yourself in this manner, it is much more common than you would think and unless your activities are regulated under regs like sarbanes-oxley or jsox where specific records retention policies are mandated, the less records you keep the better off you are. :)

If you read through the topic I linked you to earlier you should be able to achieve what you desire.

User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 50812
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve
Contact:

Re: How Do I Delete Any Record of IP Logging?

Post by stevemaury » Mon Aug 03, 2009 1:13 am

Lots of amateur lawyers here.

Narqelion, the vast majority of civil lawsuits in this country are divorce, eviction, foreclosure, collection and business disputes, You mean they are all greed-mongering?
For REALLY good and VERY inexpensive hosting CLICK HERE

I can stop all your spam. I can upgrade or update your Board. PM or email me. (Paid support)

narqelion
I've Been Banned!
Posts: 7235
Joined: Sat Dec 13, 2008 5:00 pm
Contact:

Re: How Do I Delete Any Record of IP Logging?

Post by narqelion » Mon Aug 03, 2009 1:24 am

stevemaury wrote:Narqelion, the vast majority of civil lawsuits in this country are divorce, eviction, foreclosure, collection and business disputes, You mean they are all greed-mongering?
What is the core motivation for most of those civil actions you listed? $$$ Why could they not be settled without involving the courts? $$$ What are the damages being sought, $$$ Greed, pure and simple. It always seems to come down to money.

As a retired lawyer, you and I will likely never agree on whether the current legal system in the US (civil & criminal) is hopelessly broken and why, which is just as well since it's extremely off topic. :P

movedtoomuch
Registered User
Posts: 11
Joined: Sun Jul 29, 2007 4:55 pm

Re: How Do I Delete Any Record of IP Logging?

Post by movedtoomuch » Mon Aug 03, 2009 3:43 am

If you have ever been involved in a legal action, all kinds of information can come forth, much of which is not illegal, but instead uncomfortable and difficult. If one does not HAVE the information, one can not release it. Pretty simple stuff I thought.

Agree or not, lots of legal actions and depositions and discovery take place that never end up in final legal action. I am not saying what is good legal or bad, but just know how it is. Many companies now are forced to maintain email records, and all kinds of stuff. I am not. Not yet anyways. But, if it exists, I can be required to provide it.

User avatar
EXreaction
Former Team Member
Posts: 5666
Joined: Sun Aug 21, 2005 9:31 pm
Location: Wisconsin, U.S.
Name: Nathan

Re: How Do I Delete Any Record of IP Logging?

Post by EXreaction » Mon Aug 03, 2009 3:54 am

Either way it's completely useless without your own self managed dedicated server as there are other logs that can be used to track what IP address was used to make a certain post easily.

User avatar
Techie-Micheal
Security Consultant
Posts: 19511
Joined: Sun Oct 14, 2001 12:11 am
Location: In your servers

Re: How Do I Delete Any Record of IP Logging?

Post by Techie-Micheal » Mon Aug 03, 2009 4:29 am

narqelion wrote:
stevemaury wrote:Tell the idiot "no". Problem solved.
Not really. The whole point of this request is plausible deniability. You cannot be forced to hand over records that are not kept in the first place. It seems obvious to me that the OP here is looking for a way to eliminate any situation where they could be dragged into an e-discovery process should some idiot file a frivolous lawsuit (and let's be honest here, 99.99% of civil suits here in the US are frivolous greed mongering), most likely civil from what the OP is describing. No law has to actually be broken for a court order for discovery to be issued, all that is necessary is an allegation. There are perfectly reasonable and legal reasons for protecting the anonymity of discussions, be they on the internet or in person. Confidential informants used by law enforcement and journalists, whistleblowers etc. Or you could just be posting some really embarrassing personal information, thoughts or feelings. It is really not up to us to judge. ;)
Funny you should mention e-discovery. Part of e-discovery is that you are required to keep that information. Telling the person "I don't have it" is no longer acceptable. Don't believe me? "Second, HIPAA, Sarbanes-Oaxley (SOX) and FINRA regulations require that many documents must be retained for several years. Finally, business users will demand many exceptions: emails, loose files, collaboration content, financial records, contracts, etc. that they want to save beyond the retention period for important business reasons. As a result, even companies with retention policies are going to have a substantial and growing amount of discoverable ESI and the electronic discovery costs that go with that." (http://www.clearwellsystems.com/e-disco ... retention/). Using the excuse "I don't have it" is no longer acceptable. If you are afraid of e-discovery requests coming in, I would hope that you would do everything you can to cooperate instead of risking getting yourself in to trouble. Now, if you want to argue that you don't fall under SOX, HIPPA, or anything else on your little corner of the internet, that's fine, but I I know from experience that telling a lawyer "I don't have it" won't work.

As for your earlier comment:
narqelion wrote:
EXreaction wrote:Also note the last reply from HoL. ;)
Just an opinion, nothing more nothing less. ;) Not being able to tie a specific IP address to a specific post is basically what anybody in that topic was asking for. Personally I have IP session validation disabled, always have even going back to when I used IPB. Never had a problem with session hijacking, thanks though. ;)

Yet another example of treating board admins as children who do not have the *sense* look after themselves. Free will. Ever heard of it? :P
How do you know you haven't had any problems with session hijacking? You don't log anything by your own admission, so how do you know for sure? It is a very bad idea to disable session validation. Bad things happen(tm). But hey, if you want trouble, go for it. :)
Proven Offensive Security Expertise. OSCP - GXPN

narqelion
I've Been Banned!
Posts: 7235
Joined: Sat Dec 13, 2008 5:00 pm
Contact:

Re: How Do I Delete Any Record of IP Logging?

Post by narqelion » Mon Aug 03, 2009 12:31 pm

Techie-Micheal wrote:Funny you should mention e-discovery. Part of e-discovery is that you are required to keep that information.
Actually that is not correct. Unless as a business or agency mandated by federal regs you are able to define you own records retention policy, I should know as I spent the better part of 2007 in CT with the corporate legal dept crafting the IT retention and archival property for all non-financial systems in my company. This process in my company was a direct result of litigation initiated by us against a former employee and the only requirement is that you have clearly defined retention periods and follow them. E-discovery itself is just the normal discovery process as applied to electronic records. :)
Techie-Micheal wrote:Second, HIPAA, Sarbanes-Oaxley (SOX) and FINRA regulations require that many documents must be retained for several years.
Did you not read my post? :P
narqelion wrote:@movedtoomuch, I commend you for being far sighted enough to protect yourself in this manner, it is much more common than you would think and unless your activities are regulated under regs like sarbanes-oxley or jsox where specific records retention policies are mandated, the less records you keep the better off you are. :)
EXreaction wrote:Either way it's completely useless without your own self managed dedicated server as there are other logs that can be used to track what IP address was used to make a certain post easily.
Not really, not tying a specific IP to a specific post directly is all that matters here and all the OP is asking for. :)
Techie-Micheal wrote:You don't log anything by your own admission, so how do you know for sure?
Where do you get that idea? I said I don't use IP session validation. ;)
narqelion wrote:Personally I have IP session validation disabled, always have even going back to when I used IPB.
movedtoomuch wrote:If you have ever been involved in a legal action, all kinds of information can come forth, much of which is not illegal, but instead uncomfortable and difficult. If one does not HAVE the information, one can not release it. Pretty simple stuff I thought.
You are correct, it is simple. Some people here, as you have now discovered for yourself, are presumptuous enough to think they know more about your situation than you do, just ignore them. :D

Post Reply

Return to “phpBB Discussion”