Brent 'Dax' Royal-Gordon <brentdax <at> gmail.com> writes:
I've actually thought about this sort of thing for
a site I've been
planning with anonymous users. The trick is to assign a *meaningless*
number that nonetheless consistently maps to a particular IP address.
CREATE TABLE anonips (
anonid INTEGER NOT NULL AUTO_INCREMENT PRIMARY KEY,
ipaddr INTEGER NOT NULL
);
Then add a Special:Anonip, limited to sysops, that looks up an
anonymous user number in the table and returns the IP address.
Yes, if you happen to get the same IP as a previous user, you'll know
their old IP address. But it doesn't have to be perfect.
Your idea looks good. I tried doing the MD5 thing. It does generate a nonsense
number that is almost impossible to crack, but WIKI didnt allow me to ban that
certain user. Hmm. Maybe the output string was too large etc or something and
the program was'nt designed to ban that long 'string' IP.
The aim is to prevent anyone from seeing the real IP. There can be simple digit
tranformations (put digit 7 in place 1, etc - kind of criss crossing) and
mathematical operations on the IP's to contort them beyond recognition. Repeat a
couple of times to really mix it up, for example:
---
123.456.789.xxx
68x.12x.543.x97
add, 10,25,30 and 43 to each of the respective segments
Jumble up again
add something again
---
And now you have a nonsense IP that's almost impossible to crack.
Regarding what a user said about "what if the formula is accessed by an
unfaithful admin": If anyone's able to get that formula, they are able to get
into my database anyway so there's no use of thinking "what if a hacker admin
got in". If they got in, they've gotten everything anyway.
So we can get a certain number that is a 1-to-1 and I've seen in once instance
that it allows us to ban single IP's as before. Do we admins really need real IP
addresses for the vandal, unless we want to report any vandalism act.
And oh, in our special:reverseip page, we could actually write the reverse
formula that gives us the real IP if we need it.
The only big problem is banning IP blocks. I dont know if that will work. I have
to try and see.