Message Board

http:BL Use/Development

Older Posts ]   [ Newer Posts ]
 http:bl API and privacy concerns
Author: M.Porte   (28 Sep 07 9:56am)
Hello,

I am not sure if that's relevant as I don't know exactly how the DNS system works.

If I do a filtering (or just to get stats) of the visitors on my site, querying http:BL at every visit with their IP, I will be broadcasting, with my API key the list of visitors to my site.

Does PHPot log all of that? could someone intercept the DNS query or check the cache for my API key, etc.. etc..

If any of these is possible, it's kind of threatening for the privacy of my "real" visitors...

Pierre
 
 Re: http:bl API and privacy concerns
Author: J.Yard2   (29 Sep 07 8:50pm)

Your visitors probably did a DNS lookup to get the IP address of your site so they could visit. That could be logged by all DNS server(s) that receive the request. So your visitors privacy, in terms of visiting your site, is already outside your control.

Don’t believe Project Honey Pot would have access to this info. though, unless you are doing DNS lookups via a server they control. But I could also be wrong, wouldn’t be the first time, and wouldn’t be the last time for sure.
 
 Re: http:bl API and privacy concerns
Author: A.Stanislav   (30 Sep 07 11:41am)
PHP most certainly will know that have you queried http:BL for each and every IP address you query. But that does not mean they will know those are the visitors to your web site because they do not know why you have looked up an IP address.

And they will not know where the query originated from, the way DNS lookup works. You query your DNS server, which in turn queries the root DNS server for .org, which then queries the DNS server for httbl.org. By the time your query reaches PHP servers, they do not know where the query came from. They do know which specific IP you were looking up with your key. But they do not know it started at your web site.

Also, your DNS server will then cache the result of that query for some time, an hour or so. Any additional queries during that hour (or so) will not hit PHP servers. So, even if a visitor to your web site goes to several web pages (or if you are querying for each image and things like that), PHP will only know that you made one single query about that IP address. But they will not know whether it was your web server doing the querying, or maybe you just manually checking up some random IP address from your home.

So, all they know is what IP addresses you have looked up. But they do not know why you looked them up.

Not much of a privacy concern then (as J.Yard2 pointed out, them looking up your IP reveals their intention to visit your web site to their own ISP, which is potentially more threatening). There is one security concern I can think of, though: Any one of those intermediate DNS servers between your web site (or home) and PHP can use their logs to steal your private key.



do not follow this link

Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | Cloudflare Site Protection | Contact Us

Copyright © 2004–17, Unspam Technologies, Inc. All rights reserved.

contact | wiki | email