Is there a way to see the IP from which a specific post was made?
I don’t think Discourse tracks IP at that level. As far as I know it only tracks it by Registration and Last Login/Visit on the User, not on a post/topic.
1 个赞
Huh. I’m surprised. Per post/topic IP logging would help to see if an account was compromised.
4 个赞
Again this is needed for security or even legal reasons, as if some entity requests the IP from where the msg was posted from
1 个赞
It would be a good idea if we recorded the IP with each post. Do we have the data structures in place to do this, @zogstrip? Maybe as a post actions or post history table column?
5 个赞
Yeah, each post revision should store the ip that created it.
9 个赞
Perhaps also consider storing if an API key was used in combination with the IP to create the post, this might aid in any clean up as a result of an API key abuse - either a users or the master API key.
3 个赞
I revive this old topic. Is it still so that it’s not possible to determine from which IP address a post was sent from?
Seeing that nobody answered, I suppose it is not possible.
I am asking because this week a regular user contacted us admins at our forum. (This is something any admin could run into so sharing the experience is smart.) He told that he hadn’t written a post which had been posted from his account. Obviously I killed all his active sessions and forced him to reconfirm his email. The email hadn’t been changed btw. That could be deduced by looking where the system had previously sent email digests (a nice tip!). The user told that he also changed his password so he should be safe from future attacks.
It is weird that the post was nothing offensive or “funny” or anything that you might be tempted to post on someone else’s behalf. It was a proper post on a proper topic! It would make no sense that someone would work to hack his account just to publish that post.
So probably someone had access to a device where the user had a live session going or the user had saved his password to a browser. But the user denies that: he claims that he uses the forum only with his phone and his PC. He says that there is no chance someone had access to those.
We have no clue of how we could gain more clues of what happened. Seeing the IP address from which the post was sent from would be a nice hint.
1 个赞
Assuming it was recent you can just grep for his username in the nginx logs.
zgrep username /var/discourse/shared/standalone/log/var-log/nginx/access.log.*.gz
3 个赞
It was two days ago. Thank you for the tip! The fellow admin @ljpp should try this and ask for help if he needs.
你好,如何获取这些信息?我和话题作者有同样的问题,这些信息出于安全和法律原因将非常有用。
是应该……而不是确实。存在 GDPR 合规等问题,我不指望我们近期会添加此功能。
3 个赞
好吧,我完全理解你们不想添加此功能,但我怀疑这与 GDPR 并无关联。
根据 GDPR,尽管 IP 地址属于私密/个人信息,但出于合法目的(例如追踪安全相关事件或未经授权的访问尝试),可以收集和处理这些数据(甚至无需同意)。
我并非主张在任何情况下都必须记录每一个 IP 地址,但或许你们可以考虑设置一个限制,例如仅保留最近 30 天的记录(以及与之关联的操作),作为除仅记录最近一个 IP 之外的额外选项。
4 个赞
我认为类似这样的东西还没有实现,所以我将把这个话题移到 #feature。
2 个赞