This topic is part 1 of 4 parts series about Security and electronic traces
IP logging 101
Editors note: many members have asked if Overgrow.com logs Internet Protocol (IP) numbers. IP numbers are unique and pose a security threat, as each IP can be traced back to an individuals computer or service provider server. In addition, server logs can be used to track and identify individuals, and may be archived.
OG does not log IP numbers; this faq explains the IP logging process and some technical reasons why logging is not done.
1) nginx access logs log file for all http access to this site is completely disabled. If allowed to run on it, would create a file that would be gigabytes in size in no time at all.
This type of logging would grind this server to a halt. Do a google on http logs on busy servers and see what anyone will say about the overhead this logging produces trying to open one massive file every second to write to it.
2) postgres database - we have modified our forum platform to delete IP address of regular users (users of trust level 1+) after about 1 hour from the time the user leaves the site. We have published this modification (plugin) source code at github - discourse-ip-anonymizer.
So how can we ban?
We still record IPs of unregistered users so we can effectively prevent flooding and spam. We do not record IPs of registered members, but we can simply ban their user account by username.
What about any third parties?
Overgrow.com doesn’t use hosted services. It runs on own dedicated server hardware. Website also doesn’t expose your IP address to 3rd parties because it doesn’t use any external traffic analyzer (Google Analytics) or external ad service (e.g. Google Adsense/Adwords).
Last Updated: August 25th, 2016