(answered) Vulnerability

Status
Not open for further replies.

NullAndVoid

Bluelighter
Joined
Aug 13, 2010
Messages
56
big-brother-is-watching.jpg
 
Hmmm... Are the moderators aware that IP addresses of visitors to Bluelight can be collected by anyone?
 
If you see where we have a site setting incorrect, and IPs are visible to anyone, please raise it to our attention. As I can check, IPs are not visible to unregistered lurkers, nor to registered members, and even moderators. Sr. Staff (Sr. Mods and Admin) have visibility to them, in order to check for alias accounts, but even those are purged after a short time.

Is there something more you either don't understand and are assuming, or something you've found which we should address?
 
Okay, I'll explain. Please bear in mind that I have not done this.

I can host a picture on a webserver then link that picture into a post on this site.

When people view the picture it is loaded onto their computer from my webserver.

When they download the picture from my webserver they leave their IP address along with the site they navigated to me from in the access log.

All the IPs in the log with a reference to bluelight will be viewers of this site.

It would be possible to narrow this down. Like posting in a forum like this with very few visitors. Lets say I get a response and only one person has read my post. I then know the IP address of that one person.

Anyway I could test this and PM you a sample of the log if you want proof.

This is a bummer as the only way to protect against this is to remove all images on this site that are hosted externally.
 
1st rule dont download any files if you dont have to and be sure its from reliable source-poster-site.
Simply with the picture on your server you attach troyan or brute force,witch can send you logs from downloader`s pc constantly.

Be safe and thank you for care Null ;)
 
I guess the key to this is posted in the guidelines.

Do not incriminate yourself!

If you manage to gain the attention of the authorities through your actions no this website bear in mind that it would not be hard for them to triangulate your IP without busting into the server room.
 
^ self incrimination is identifying yourself as a person who could reasonably be charged with a crime. Participation on a harm reduction forum is not criminal.

I'm sure you are going to motivate some of the more hyper-vigilant about security folks to alter their participation. When I want people hyper-vigilant I also go to illustrating the worst case scenario as you are doing.

Bottom line, BL is hyper-vigilant about no drug transactions or sourcing specifically to keep BL from being a hub of criminal activity in both reality and by the perception of observers. Steps are taken all the time by members and staff to maximize safety in all sorts of ways. Thanks for pointing that out.
 
This is a vulnerability of any forum or even viewing a website. Actually, this isn't really a vulnerability of BL, but rather one of the unscrupulous issues of browsing forums and websites.
 
if youre on the internet... youre vulnerable. people can get your IP in so many different ways... bluelight has not much to do with that.
 
I always cringe when I see people starting threads like "What's in your current stash?" 8)

Just remember to use common sense. Don't talk blatantly about illegal activities that you're doing, or planning to do. As far as I know, information posted on Bluelight can't be used directly by law enforcement to arrest you, but it can be used as evidence if you're already being investigated. Think before you post!
 
Dude, the cops/feds don't give a fuck about small time shit, especially anything under a felony... now if someone came on here talking about "oh hit me up i got a couple thousand E pills or Roxi's, or Keys of coke" i can see them looking more into it.


other then that, don't worry so much dude, seriously they don't care about someone with a quarter bag of tree or a few xanax bars.
 
This is a vulnerability of any forum or even viewing a website. Actually, this isn't really a vulnerability of BL, but rather one of the unscrupulous issues of browsing forums and websites.

^ This.

When they download the picture from my webserver they leave their IP address along with the site they navigated to me from in the access log.

Yes, but all this really gives you is a list of various IP addresses used by random visitors to BL. We get a LOT of traffic (even if posts in some places don't reflect it) all across our board, and at the end of the day you'd really just be left with a lengthy IP list and nothing to correspond it with. In simpler more terms, you could catch fish this way but not realistically one specific fish (in your refined case, you wouldn't know who your one viewer was..).

People shouldn't be concerned about this, but again as was mentioned, you can always take certain measures (blocking photos, using proxies, etc.)...
 
Status
Not open for further replies.
Top