1

Topic: Anonymous forum

I am thinking about using PunBB for several small forums. It will replace forums that are today running under a modified version of PhpBB.

We have however one special requirement: The forum participants must be completely anonymous. The users will be manually entered into the system, and will receive their username/password on a seperate system. No email address will be registered.

The main problem is however that no IP-addresses should be stored together with the posts. Ie if you gain complete access to the system, it should should not be possible to assosiate messages (possible sensitive information) and IP-addresses (or other identificators).

I have not looked at the PunBB-code yet. I thought I first should ask you how much work it would be to do such a change. Any ideas?

Re: Anonymous forum

It would be quite the job to do that, but I suppose it's possible... You'd have to edit quite alot of queries tho.

Re: Anonymous forum

elbekko wrote:

It would be quite the job to do that, but I suppose it's possible... You'd have to edit quite alot of queries tho.

Nope smile
get_remote_addr(): just change it so it always returns 0.0.0.0 and you should be fine with the IP thing tongue

4

Re: Anonymous forum

Thanks Smartys and elbekko. Then I will test punBB.

Might I run into other problems setting this to 0.0.0.0? Are there things like spam-filters that can stop multiple posts from the same IP? Would making it return a hash or encrypted IP be better?

I am always a bit sceptical to making such changes to the source, since it might make upgrading a lot more difficult. If we make such a change, and integrate it as a user-selectable option, could it be submitted to your CVS?

Re: Anonymous forum

pere wrote:

Thanks Smartys and elbekko. Then I will test punBB.

Might I run into other problems setting this to 0.0.0.0? Are there things like spam-filters that can stop multiple posts from the same IP? Would making it return a hash or encrypted IP be better?

I am always a bit sceptical to making such changes to the source, since it might make upgrading a lot more difficult. If we make such a change, and integrate it as a user-selectable option, could it be submitted to your CVS?

I seriously doubt Rickard would add the option for users to choose to hide their IP, simply because it makes tracking down and dealing with abusive people much more difficult)
And the only thing changing that would affect is registration (currently it's set to only allow one registration per hour, but you can change that in register.php or by using a mod that makes it a config option).

Re: Anonymous forum

we had to revisited this issue today, so for reference, this is what you change:

in include/functions.php, around line 680

// Try to determine the correct remote IP-address
//
function get_remote_address()
{
    //return $_SERVER['REMOTE_ADDR'];
    return "127.0.0.1";
}

(commented out REMOTE_ADDR and replaced it with 127.0.0.1)

Re: Anonymous forum

As I said, you also need to change register.php

Re: Anonymous forum

oh yes! thanks for reminding me smile

for reference again, this is around line 80 in register.php:

// Check that someone from this IP didn't register a user within the last hour (DoS prevention)
    $result = $db->query('SELECT 1 FROM '.$db->prefix.'users WHERE registration_ip=\''.get_remote_address().'\' AND registered>'.(time() - 3600)) or error('Unable to fetch user info', __FILE__, __LINE__, $db->error());

...I guess you alter the number of seconds (3600) here

Re: Anonymous forum

Or remove it, since there's no way to tell the difference between IPs anymore.

Re: Anonymous forum

You can alternatively cron a sql query to clean the ips from your database.
You will always have the ips since the last clean up on your database. I guess that's not as clean as you want your database to be, but it keeps your punbb instalation as it is.

Re: Anonymous forum

Won't this give problems in the online list?

Re: Anonymous forum

elbekko wrote:

Won't this give problems in the online list?

The guest online count won't be incorrect