Jump to content
Larry Ullman's Book Forums

Do You Hash Ip Addresses When You Store Them?


Guest Deleted
 Share

Recommended Posts

Guest Deleted

I was talking to a friend the other day about how in the past I've collected IP addresses and stored them in plain text. Their purpose was to help me catch rule breakers on the site. For instance, if somebody goes and posts a bunch of pornography all over the message boards, gets in trouble, then says, "It wasn't me! Somebody got on my account!" we could compare their IP addresses to the IP address of the person who made the posts, to see if it was them.

 

Well anyway my friend expressed concerns over what could happen to those users if the database was ever hacked. She pointed out that some IP addresses will basically lead you to the user's doorstep and if the hacker wanted to, they could stalk those people.

 

Protecting people's IP addresses seems like a good idea but once they're hashed, you can't get them back. I thought at first that you could just compare the hashes (instead of the IP addresses) but then I realized that with salts they'll all be different, even for the same IP.

 

Perhaps encryption is an option but, as far as I know, the encryption key has to be stored somewhere in the server's file system.  If they broke into the database surely they could break into the rest of the server, couldn't they? Is it often that hackers find a way into both?

 

What do you guys think about all this?

Link to comment
Share on other sites

The short answer is that I don't see a need to hash them. The long answer is that most people don't realize that IP addresses are:

 

A ) Frequently shared by multiple people (For example, an entire office might use one public IP address.)

B ) Frequently change

 

This means that while the idea of blocking an IP address is fine and common, it is possible that an IP address was previously used by someone bad but is now used by someone okay. 

 

Also, I really don't think an IP address will lead a hacker to someone's doorstop. My IP address will get you to my router, which is insignificant. And my IP address will be different next week. And you're not storing the person's actual information with the IP address, so that's not really a concern. And if someone hacks your database, you'll undoubtedly have bigger issues. 

 

And, finally, one could argue that since IP addresses are clearly defined (what they can be), all possible IP addresses are already publicly known.

Link to comment
Share on other sites

Guest Deleted

Hmm, ok.

 

What about letting site admins see IP addresses? For instance, I used to have it where the site would show admins what IP address made what post. They could also go to anybody's profile and see what their last IP was.

 

Good? Bad?

Link to comment
Share on other sites

Guest Deleted

Anybody know? If you do let me know because what you say will influence what advice I give my friend :)

Link to comment
Share on other sites

Seems like pretty inconsequential information to collect. If, for some reason, you had a legal dispute over something that someone did to your site, the web hosting provider would probably provide all the information necessary about the user.

Link to comment
Share on other sites

What I originally answered still applies here: IP addresses aren't a security measure and aren't reliable. You can let an admin see a user's last IP address, but that's not going to be as useful as you might think.

Link to comment
Share on other sites

Guest Deleted

What are your thoughts on this from a safety standpoint? What if an admin wanted to stalk somebody from the website? Even if the IP just gave them the city or the general location of the person, that would be bad, right?

Link to comment
Share on other sites

Answer 1: my first reply still applies. 

Answer 2: if a site has potential stalkers as administrators, it has bigger problems then those administrators seeing IP addresses. 

 

Let me turn this around and ask you: what's the harm in an administrator seeing an IP address for a user which might allow the administrator see what city or general location that person is in (at the moment of the IP address being recorded)? What is the harm and how would that be bad?

Link to comment
Share on other sites

Guest Deleted

I can answer that question for myself but not for my friend until I see her later today and can show it to her. Anyway, my personal take is that if somebody just has your IP address, and no other information, they can't find you because they have nothing to distinguish you from every other person in that town--and that's assuming the IP address even traces to the right town. It could be a proxy or it could trace to the nearest big city.

 

Now, If the admin had more information, like your full name, it would be easier to find you, but if they have information like that, they don't necessarily need your IP to track you down. There are lots of people search websites.

 

Another way I look at this is, if somebody wants your IP address bad enough, it is easy enough for them to get it on their own. All you have to do is set up a website that snags the IP address with $_SERVER['REMOTE_ADDR'] and stores it in the database, and then just tell that person, "Hey, I just redid my site's layout. Will you tell me what you think of it?" and give them the link. If they go then bam, their IP address is nabbed.

 

So, I don't personally feel like hiding IP addresses from admins offers anybody much protection.

 

So yeah, that's me. As for my friend, she seems a lot more nervous about IP addresses, but I think it's because she doesn't know a lot about them. I'm trying to collect information so I can make her quit worrying :) I don't think anything is going to happen to anybody just because my sites collect IPs that admins can see.

 

Edit: I asked her and to summerize what she said:  She said she sees my point and you guy's points and thinks its fine to let admins see IP's if that's what you want to do. She said with her personally, she likes to be overly cautious verses under cautious, and if a stalker knew anything about her she'd rather them know she is one person in a particular state rather than one person in a particular town, because she wouldn't feel comfortable being that narrowed down. She said since this is the way she likes things to be, she likes to extend that courtesy to others, so she's not going to collect IP addresses with her site. 

 

That's ok, right? You guys said yourselves that IP's aren't as useful as I thought so it doesn't matter if she doesn't collect them, right? If you think it's ok then I'll just tell her that if that's why she doesn't want to collect IP's, then she can do that.

Link to comment
Share on other sites

Guest Deleted

She doesn't want to collect them anyways, so I guess I can just let her do what she wants :)

 

Anyhoo thanks, guys.

Link to comment
Share on other sites

I think that if someone has your name they can find you. The only exception would be those with a very common name such as Jane Smith. Then tracking down the one Jane Smith among the hundreds would be easier because you know their location. Even if your name is not common, it only makes it a little easier to know their location.

That is why it is my opinion that a female should not use her real name online. Males are at risk too but more females get stalked.

There doesn't seem to be much value in storing the IPs.
For my website, I keep the IP and username in an Errors table, but I don't keep the IP in the Users table. I check for either IP or username with 10 errors today then they are locked out until tomorrow (unless they contact me to reset it). Even though the savvy can change the IP I will catch any that don't.

One thing that you should do to keep from getting stalked is not to argue with people. After you are in an argument for awhile, you will drop it, but the stalker will never drop it. I don't mean avoid debates about programming, web design, etc.

You might like to take a look at this book:
Net crimes & misdemeanors : outmaneuvering web spammers, stalkers, and con artists / by J.A. Hitchcock, or similar.
 

Link to comment
Share on other sites

Guest Deleted

I got safety conscious a few years ago and stopped using my real name on-line. I've made people mad at me before and while they never threatened to do anything to me, I got a little paranoid about how they could have stalked me if they wanted to. To avoid ever being in that situation again, I just don't give out identifiable information unless there is a clear reason to do so.

 

Well, since I'm not blabbing everything to everybody anymore, if somebody gets mad at me again, they will be less likely to be somebody that I blabbed to, and if that is the case, then I won't worry about anything :)

 

I also try really, really hard to not anger people in the first place. This is partially because of the above and partially because I am just a non-confrontational, anti-drama kind of person. I like being at peace with people and I hate irritating them.

 

And I don't mean to sound like a worry wort. I honestly feel pretty safe virtually all the time when I'm on-line.

Link to comment
Share on other sites

Guest Deleted

Oh, and for what it's worth, I can see all of your IP addresses. I see the IP addresses for everyone that posts. Not that I've ever given it a moment's thought before.

 

Speaking of which, I once had a turnkey forum that kept track of that too.(I think it was phpBB) In fact, it was what first gave me the idea to track IPs. Is it a useless feature?

Link to comment
Share on other sites

 Share

×
×
  • Create New...