Ask coding questions

← Back to all posts
Is it ok to get ips?
GatewayDuckYT (48)

Is it ok to get ips? I didnt know and i dont want to be banned they are hashed if i can do it so that its not the real one lol

Comments
hotnewtop
ch1ck3n (1622)

I still cant figure out how to collect IPs lol

GatewayDuckYT (48)

@ch1ck3n its easy if u work with javascript for over 5 years

SixBeeps (5060)

No, the Repl Mods regularly ban people who collect IPs. Hashing won't really solve the problem either, someone in the Repl.it Discord proved a brute-force method worked for cracking them.

GatewayDuckYT (48)

@Coder100 Hey i will not allow any of that here And fyi he doesnt log ips anymore!

GatewayDuckYT (48)

@Coder100 ok but please dont say bad things about him he has been banned and i am trying to make it good >:(

SixBeeps (5060)

@GatewayDuckYT If you want to appeal your ban, please send an email to [email protected]

Baconman321 (1059)

@SixBeeps Wait, why do they ban people who collect IP's?

I made an IP logger repl, is that legal?

I'm just saying, you shouldn't ban someone for collecting IP's, rather you should moderate what they do with the IP's.

I get the point tho....

GatewayDuckYT (48)

@Baconman321 bc ips could be use to help protect sites like mine from hackers and stuff

Baconman321 (1059)

@GatewayDuckYT It's unfair, too. Most people might not know that and get banned for doing so (I thought repl prevented you from collecting IP's, not banning you from doing so).

Baconman321 (1059)

@GatewayDuckYT Yes, but brute force is simple, since IP's consist of numbers. Of course, which IP you collect makes a difference (mac IP is a bit more complicated). Still, though. Brute force would take a while to guess correctly. Also, where would they input the IP? It's not like you use it to login. That said, they could copy/paste the code from the collected IP's into their own repl and use the same method. Best to encrypt and hash the IP's.

That said as well, I see why it might be a problem as most people here probably don't know how to do that kind of thing (or don't want to).

Repl wouldn't ban it if it wasn't for safety, but I think there are better ways than banning people.

GatewayDuckYT (48)

@Baconman321 or every time a user logs in have it auto put the ip with the user file

Baconman321 (1059)

@GatewayDuckYT ?

Wdym "user file", that's probably a feature on your end, so ok.

I just think it's unfair to "ban" people, it's like saying "don't enter the secret military base or we arrest you, we aren't going to have any methods to stop you from doing so, though".

Most of the time in programming, though, you can turn off a feature. Maybe you can't 100% block IP's, but at least don't "ban" people for doing so (like I've said before, so this is getting a bit redundant lol).

GatewayDuckYT (48)

@Baconman321 yes also yeah its a feature i have, but just putting it in the tos (you know most people dont read) then someone ip logges to help there site and boom they get banned without knowing and when they find out they have no info before hand to avoid that place

Baconman321 (1059)

@GatewayDuckYT Under 13 of the TOS:

You agree not to collect or harvest any personally identifiable information, including account names, from the Service, nor to use the communication systems provided by the Services for any commercial solicitation purposes. You agree not to solicit, for commercial purposes, any users of the Service with respect to their content;

Technically, the IP address is publically available to websites when you visit them. By visiting the website you agree to what they collect. However, I think it is a good idea to alert what you collect before you collect them.

Also under 14:

Modify, adapt, translate, or reverse engineer any portion of the Service;

So wait, the dark theme offered by mat is technically illegal?

Doesn't W3C prevent you from refraining people from reverse-engineering code? It doesn't sound right, but I think you shouldn't prevent people from reverse-engineering your JavaScript because it's publically accessible. Again, the whole "You can't enter the military base" thing.

Also:

We h2ly advise you to read the terms and conditions and privacy policies of any third party web sites or services that you visit.

"H2ly"???

GatewayDuckYT (48)

Yes and i would belive u would be able to collect ips if u stated that u are going to have them hashed and it gets the public ip @Baconman321

@amasad @Crosis @CodingCactus tell me if i am wrong

Baconman321 (1059)

@GatewayDuckYT How many times have we had to say this to people lol?

Please don't mass-ping people. The whole reason why amasad's name wasn't a ping in my post was because of that reason.

How would you get a private IP anyways? I don't think it gets sent unless you [the user accessing the website] otherwise allow it to.

GatewayDuckYT (48)

@Baconman321 idk how but there is always away
also the ip can be used for many things good and bad

Some Good Things

  • help keep your website safe by tracking what users are doing on the website
  • if they are doing anything no good for the website with an ip you could ban him from getting in the website
  • also this could help with storing info (if used right) and do stuff cookies can't

Bad Things

  • accidentally leak ip address'
  • if you know how u could ddos or hack them (thinking about this you would need the real ip and not the hash one)
SixBeeps (5060)

@Baconman321 @GatewayDuckYT

rather you should moderate what they do with the IP's

Impossible. A Repl.it user collecting IPs could do all their dirty work locally instead of on a Repl.

Most people might not know that and get banned for doing so

It's is specified in the TOS like you said, and the question has been asked before.

So wait, the dark theme offered by mat is technically illegal?

That didn't require reverse-engineering. Besides, what they're talking about is the backend service, not the frontend.

Please don't mass-ping people

+1

if you know how u could ddos or hack them

And get their address, since IPs have geolocation capabilities.

you would need the real ip and not the hash one

Just unhash them

its not mine

Have the owner do it then

Baconman321 (1059)

@SixBeeps Yes, but I still think they shouldn't ban people. Besides, IP addresses are public; if it was bad it wouldn't be shown. Banning people for using Ip addresses sounds stupid. In fact, other hosts have stated that "we aren't going to ban you if we don't want you using it, we would just disable it". I know that's hard or impossible to do with IP's, but still I don't think you should "ban" people for using it.

Baconman321 (1059)

@SixBeeps

Just unhash them.

If hashing has no key and it's able to be unhashed, why is it used in the first place?

Hashing is generally irreversible. The problem is that you can brute-force guess a hashed IP because it's just numbers and there is only 10 numbers possible meaning that guessing takes a much shorter time than guessing a phrase that allows other characters.

SixBeeps (5060)

@Baconman321 Thing is, since the Repl can be looked at by the people who ban the IP loggers in the first place, that key isn't hidden anymore. Even if it's hidden in the .env, Repl.it likely has access to that.

Baconman321 (1059)

@SixBeeps Yea, so?

That's the point, it makes it much easier to stop malicious use of IP logging.

GatewayDuckYT (48)

@Baconman321 or hide it in the server file

Baconman321 (1059)

@GatewayDuckYT I just think it would be a good idea to just moderate who or how they use it. Let people with a certain reputation use IP logging, and don't for others.

I use google analytics which tracks people anyways, and you can actually see where they live @SixBeeps .

If I can't use google analytics though, then repl should just get rid of web hosting altogether. Ip logging or usage is practically impossible to avoid because if you don't do it then one of your services you use will.

It's just nonsense. I think it should be based off of who and how they use it instead of just banning it altogether. After all, admins can just look into the repl and see what they are using it for.

GatewayDuckYT (48)

@Baconman321 or using ips but destroying them make a random number (like tag) to that person then destroy the ip

Spotandjake (28)

@GatewayDuckYT actually he still does lol hashing does nothing when the standard is set and the size is so small it is really easy to crack and with an ip a user can be doxxed which can be dangerous. there are exceptions though like it has bassically been agreed upon that if run your domain through cloudflare you can ip ban but not log ips. though it is not worth testing and you still have to be careful. there are other ways to ban that are much more effective anyways a vpn or proxy can be used to avoid ip bans asap.