# Security warning regarding Grasscity



## Sativa Dragon (Jan 23, 2016)

Hello Folks

Just a quick FYI, there is a Mod on Grasscity by the name of Chunk who traced my buddies IP address and PM'd him because he thought the guy had two accounts, somehow this guy found out what country, what state/province and what town he lived in, needless to say my buddy threatened the mod and was subsequently banned.

So just be aware that the Mods there will log your IP, this means that if Law enforcement gets a warrant for there servers you will be discovered.

I am not an expert on this and I hope RIU has a security measure in place to prevent this from happening.


----------



## UsernameXXX (Jan 23, 2016)

Well if that is true there isn't much difference between the mods and thous dirty cops who abuse of power (hope I got the translation right). Not much you can expect from random people...


----------



## torontoke (Jan 23, 2016)

Mods on any website can see a users IP address its not hard.
If your worried just use one of those tor programs to mask ur ip


----------



## 757growin (Jan 23, 2016)

Lols. Rollitup traced my shit and pmd me. I'm not scared. So they do it here as well..


Sativa Dragon said:


> Hello Folks
> 
> Just a quick FYI, there is a Mod on Grasscity by the name of Chunk who traced my buddies IP address and PM'd him because he thought the guy had two accounts, somehow this guy found out what country, what state/province and what town he lived in, needless to say my buddy threatened the mod and was subsequently banned.
> 
> ...


----------



## Sativa Dragon (Jan 23, 2016)

Just seemed like a dick move to flex the mod muscle.

https://forum.grasscity.com/organic-growing/1299862-no-till-gardening.html/page-601

Post# 12013

The Mod posted this after the PM's to him saying he knew where he was and that he was the same dude as another member.


----------



## sunni (Jan 23, 2016)

*Any forum * has IP checks, it a system check, 
Im sure some people dont realize this, but this is not an unknown thing it happens on any forum regardless of the content of the forum itself. 

When we see an IP its a long digit number that provides us with your mobile phone provider or internet provider you use, your basic general area like state, and city.
The city is almost always off , right now my IP says I live in Anchorage alaska, I live not even remotely close to anchorage.

When a user at rollitup creates a secondary account with the same IP it pops up , but just the number does, we the mod staff would have to physically check the number to see the information like service provider, state and city. And we at rollitup really dont care about that, what we care about is that someone is creating a second account under the same IP. To which than we check if its a spouse or friend creating an account or someone creating a "sock puppet" account to harass or troll the forum (which is than banned)

I cant speak for grasscity, but we at rollitup do not share this information with anyone, our mod staff are well respected people (civilians) who will not share your information.
And we on our servers side is well protected from any means of law enforcement, they cannot just come on here and get your IP.


Its really best if you fully understand what an IP address is , and how forums work before spreading mass paranoia rumors , those never help anyone. ever.


----------



## Sativa Dragon (Jan 23, 2016)

torontoke said:


> Mods on any website can see a users IP address its not hard.
> If your worried just use one of those tor programs to mask ur ip


Thanks man he wasn't and he will from now on he is scared now, and I told him he shouldn't worry but now the poor guy is chopping his plants, I know he will regret it but that mod "CHUNK" is a complete dick for saying that shit to him.


----------



## Sativa Dragon (Jan 23, 2016)

Okay thanks for filling me in, I will pass it on, I didn't think they were going to rat on him but they certainly did scare the shit out of him which is just plain ignorant.

Thanks Sunni


----------



## sunni (Jan 23, 2016)

Hes being over paranoid. it doesn't give you the exact location or house number of the person. It gives the GENERAL location/area and it isnt always correct. 

I think whats happening here is you and your friend dont understand or know what an IP address is
This isnt something to be panicking about 

facebook, skype, forums,google, bing searches, amazon, ebay, *everything* you do on a computer has your IP address logged your IP address is a long numerical number that is associated with your computer /device and your internet service provider.

some people like to err on the side of caution and they use VPN or TOR to mask their IP and bounce the signal around so that the number is not ever the same or that the IP number isnt specific to their location. (fyi if you choose to use this here at rollitup they dont always work)

No ones security was breached, the mod chuck while i cant say if hes an asshole or not, hes not a mod here i dont go on grasscity, 
BUT all he did was get notified by the forum system that your buddy created 2 accounts under the same IP, 
did he flex his mod muscles? i dont know i didnt see the message 

When people create 2 accounts under the same IP we at rollitup message the users as well to tell them they cannot have multiple accounts here, unless one is a spouse or a roommate or something typically though users create 2 accounts to use the forum to troll and harass people with the secondary account. 

at Rollitup we protect your IP addresses, we have security measures in place to make sure your accounts information like email, and IP address are safe.
Dont get too upset or worried. We have never ever had any law enforcements try to issue rollitup any type of warrant for anything ever done on our website or for IP's to be release


----------



## jeroly (Jan 24, 2016)

sunni said:


> And we at rollitup really dont care about that, what we care about is that someone is creating a second account under the same IP. To which than we check if its a spouse or friend creating an account or someone creating a "sock puppet" account to harass or troll the forum (which is than banned)


First of all, I can understand an interest in doing folks from having multiple accounts. However, to use ip addresses as anything other than just another tool and as a clue to potential fraud rather than as proof, is fraught with problems.

First of all, most folks don't have fixed ip addresses. Each time they reconnect they are assigned an address from a pool of addresses associated with their ISP.

Secondly, most people's routers use NAT (network address translation) so everyone on a home network appears to the outside world as if they're all using the same address, but the router keeps track of which device is associated with each data stream.

Moreover, what about folks who use public computers, say at a library? If someone else accessed the site from that device previously, both IDs would be linked to that same address.


----------



## fandango (Jan 24, 2016)

sunni said:


> *Any forum * has IP checks, it a system check,
> Im sure some people dont realize this, but this is not an unknown thing it happens on any forum regardless of the content of the forum itself.
> 
> When we see an IP its a long digit number that provides us with your mobile phone provider or internet provider you use, your basic general area like state, and city.
> ...


Question here,
I have 2 computers here and was thinking I might like to use both with my same account?the other computer is windows and I should be able to start posting pictures from it,while this computer is a chrome book and will not post pictures I think?
Can I use 2 different computers on RIU?


----------



## sunni (Jan 24, 2016)

fandango said:


> Question here,
> I have 2 computers here and was thinking I might like to use both with my same account?the other computer is windows and I should be able to start posting pictures from it,while this computer is a chrome book and will not post pictures I think?
> Can I use 2 different computers on RIU?


yes of course i use my phone my table and my computer for rollitup thats totally fine. tons of people use secondary devices


jeroly said:


> First of all, I can understand an interest in doing folks from having multiple accounts. However, to use ip addresses as anything other than just another tool and as a clue to potential fraud rather than as proof, is fraught with problems.
> 
> First of all, most folks don't have fixed ip addresses. Each time they reconnect they are assigned an address from a pool of addresses associated with their ISP.
> 
> ...


most folks actually do have a fixed IP address,or one thats very similar in numbers, i look at IP addresses on here on a daily basis. It creates logs of any IP address the account has used , if the person is pretty stationary its usually all the same numbers

public computers as a library , i worked at a library this website was on the banned list. so its unlikely someone would be using their public library to surf rollitup
ive never seen anyone use a public computer for rollitup, let alone MULTIPLE people who use it who would come up in the SAME location to connect both accounts together
regardless even if someone did use a public computer what does that matter? They arent breaking rules, in that case their IP would move on.
But like i said ive never ever seen a case like that , and ive been here a long time.
Youre pondering the "what ifs" to challenge our use of banning sock puppet accounts...lets us do our job 


believe me its very easy to see when someone creates multiple accounts for the purpose of spamming the forum or trolling which is what we use IP's for in terms of banning, which is what OP's friend got banned for at grasscity...

ive been doing this job for a really long time. Im pretty well adapt to what we use the IP's for.
Its also pretty rare we have 2 accounts here that are "family" accounts, where people have themselves, their spouse or their other family members all using different accounts for our website, we arent exactly www.disney.com here.

So thank you for saying using IP is fraught with problems, but we rarely make mistakes and it works out extremely easy and for what we use IP's for.
Either than using IPs to determine "sock puppet " accounts which we are correct in determining almost all the time, we dont use IP's to give away like candy which was what OP was concerned about.
Every single forum and website tracks IP, your comments really have nothing to offer the OP who was worried about IP addresses and security issues and who sees them
The op was unaware that website track IP's at all.


----------



## jeroly (Jan 24, 2016)

sunni said:


> .
> Youre pondering the "what ifs" to challenge our use of banning sock puppet accounts...lets us do our job
> 
> l.


Huh? As I specifically wrote,

"First of all, I can understand an interest in doing [s/b stopping] folks from having multiple accounts. "

I'd actually like to say thanks for keeping this site relatively free of trolls and spammers!


----------



## sunni (Jan 24, 2016)

jeroly said:


> Huh? As I specifically wrote,
> 
> "First of all, I can understand an interest in doing [s/b stopping] folks from having multiple accounts. "
> 
> I'd actually like to say thanks for keeping this site relatively free of trolls and spammers!


two people using the same public library computer popping up with same ip's .....its a bit of a stretch "idea" 
its a very highly unlikely situation , its not happened yet
and i worked in a library rollitup was not something you could access.

dont take the comment too hard thats why theres a smiley face at the end of it


----------



## hondagrower420 (Jan 24, 2016)

Has your buddy heard about swatting?

If he plays online games. People have been known to track you down and then call in your beating your wife or making bombs and the swat team comes.

Pretty sure a kid got shot and a dog in 2 seperate incidents of "swatting".

Just a heads up. I would be more concerned about that than the mods of a marijuana based forum.


----------



## hondagrower420 (Jan 24, 2016)

And you just put his info all on blast.

You said he started chopping plants after this. It would be safe to assume that he is growing at his place of residence. 

You really should think before you type, it seems that younger people tend to let out more personal info online than they realize.


----------



## sunni (Jan 24, 2016)

hondagrower420 said:


> Has your buddy heard about swatting?
> 
> If he plays online games. People have been known to track you down and then call in your beating your wife or making bombs and the swat team comes.
> 
> ...


 way to make people paranoid LOL!!!!!!
most of those "swatting" stories are false 
http://www.snopes.com/media/notnews/swatted.asp



hondagrower420 said:


> And you just put his info all on blast.
> 
> You said he started chopping plants after this. It would be safe to assume that he is growing at his place of residence.
> 
> You really should think before you type, it seems that younger people tend to let out more personal info online than they realize.


the OP's friend is just being paranoid
i can say this probably what happend

op friends made 2 accounts, one was to troll the website grasscity and be a dick
mod caught it, mod writes
"why do you have 2 accounts under one ip address"
than the user flips out and goes psycho cause he didnt realize that ip addresses are tracked on everything you do hes just ignorant to what an ip address is


----------



## hondagrower420 (Jan 24, 2016)

@sunni does Riu have a code of ethics regarding sensitive personal data?

When I worked for .com I had access to sensitive data. If I was caught misusing it you were subject to prosecution and terminated. 

I don't think people would be allowed to be mods if they infringed upon users.


----------



## sunni (Jan 24, 2016)

hondagrower420 said:


> @sunni does Riu have a code of ethics regarding sensitive personal data?
> 
> When I worked for .com I had access to sensitive data. If I was caught misusing it you were subject to prosecution and terminated.
> 
> I don't think people would be allowed to be mods if they infringed upon users.


we've never had a mod who misused information like your user emails or ip addresses.
anyone who becomes a mod here is "interviewed" and post history is taken into account,, mods are volunteers we are not contracted employees 
if someone applied to be a mod who has a past post history of being mean to users or flipping out , breaking rules we wouldnt take you on.
you have to generally be a good user prior to being a mod.

we demod anyone who knowingly abuses their ability to mod
if someone went as far as sensitive data like an IP address the owner would take over it 
but its never happened so theres no like "rule book protocol" it just would be handled per incident.

We dont have many mods though, so we keep out numbers fairly low


----------



## hondagrower420 (Jan 24, 2016)

sunni said:


> way to make people paranoid LOL!!!!!!
> most of those "swatting" stories are false


Shhhh.

I have posted my hometown and state in another thread.

@anzohaze and myself are the only 2 user of Riu in own city (i think, or the other users are scared)

Charleston SC stand up (that's for the op's paranoid friend)


----------



## hondagrower420 (Jan 24, 2016)

Riu has been my heaven for years. I had a different acct way back when I was outdoors in east Tennessee. I was on overgrow and Riu, that's it. 

These other forums can't really be all that bad man.


----------



## sunni (Jan 24, 2016)

hondagrower420 said:


> Riu has been my heaven for years. I had a different acct way back when I was outdoors in east Tennessee. I was on overgrow and Riu, that's it.
> 
> These other forums can't really be all that bad man.


i have heard GC is a little uh ...more strict than riu 
i guess it just all depends, users typically arent as uh innocent as they make themselves out to be,

im sure people go to GC saying they were unfairly banned on riu and how terrible we are


----------



## ttystikk (Jan 24, 2016)

Danny boy was a mod who went off the reservation pretty hard, banning people for no reason- like me. It DOES Happen, but thankfully it's rare. At least here.


----------



## hondagrower420 (Jan 24, 2016)

sunni said:


> i have heard GC is a little uh ...more strict than riu
> i guess it just all depends, users typically arent as uh innocent as they make themselves out to be,
> 
> im sure people go to GC saying they were unfairly banned on riu and how terrible we are


Yeah, I have been timidly jumping into toke and talk and politics. It is brutal in there. 

Most of the nonsense seems contained in there. 

But it is fun to bullshit. 

Like my momma always said, "if you dish it out, you better be able to take it"


----------



## sunni (Jan 24, 2016)

ttystikk said:


> Danny boy was a mod who went off the reservation pretty hard, banning people for no reason- like me. It DOES Happen, but thankfully it's rare. At least here.


and he was instantly demodded , banned and all the accounts were reinstated.
thats not an abuse of security though, he did not misuse IP addresses or emails or anything that would be considered a security breech.
thats just an abuse of mod powers with banning.


----------



## rshackleferd (Feb 1, 2016)

You can say all you want they are not going to go after people who "say" stuff. They want actual photos and other types of evidence that can directly convict you. I always had problems signing up under "tor", this is why i will never post pics and etc. under my account. Every single site but one will not let me sign up with tor. Rollitup will let me sign up but they never send the email code when i register under tor. I like this site but that brings up a red flag, so i keep my stuff under the radar.


----------



## sunni (Feb 1, 2016)

rshackleferd said:


> You can say all you want they are not going to go after people who "say" stuff. They want actual photos and other types of evidence that can directly convict you. I always had problems signing up under "tor", this is why i will never post pics and etc. under my account. Every single site but one will not let me sign up with tor. Rollitup will let me sign up but they never send the email code when i register under tor. I like this site but that brings up a red flag, so i keep my stuff under the radar.


I know why you can't sign up and it has nothing to do with using a tor 
You can't have multiple accounts at rollitup


----------



## rshackleferd (Feb 1, 2016)

sunni said:


> I know why you can't sign up and it has nothing to do with using a tor
> You can't have multiple accounts at rollitup


I was signing up a friend from his computer from his house, I also tried to sign up with tor first. I thought it might have been a mistake but sure enough they never sent him a code either.

Added: When you sign up with tor it hides everything, your ip, your signature, i mean everything. There is no way for riu to even know if its the same person or not unless you use register with the same email addy. Some email sites will not even accept registering under the "tor" network for several reasons, they cant track you or send you spam.


----------



## sunni (Feb 1, 2016)

rshackleferd said:


> I was signing up a friend from his computer from his house, I also tried to sign up with tor first. I thought it might have been a mistake but sure enough they never sent him a code either.
> 
> Added: Its the same for almost all sites but one, kinda strange. It doesnt really matter, just will not post any photos and stuff of that nature. No biggy


Our website is secure not a single person has ever been convicted or had Riu used for any reasoning against them legally

While I totally respect your right to use a tor not all tors work with our website
This is to stop the spread of spam

I would rather have one person complain here and there about their tor not working than have the board littered with spam on a daily basis and most users would agree

But again this isn't your issue I know why you have this issue but I can't tell you because than you'd have two accounts and you can't have two accounts here


----------



## rshackleferd (Feb 1, 2016)

sunni said:


> Our website is secure not a single person has ever been convicted or had Riu used for any reasoning against them legally
> 
> While I totally respect your right to use a tor not all tors work with our website
> This is to stop the spread of spam
> ...


Spam? There are several other ways to do away with the spam bots if that's what you are talking about. For example some sites use the picture only humans can figure out during registration.


----------



## sunni (Feb 1, 2016)

rshackleferd said:


> Spam? There are several other ways to do away with the spam bots if that's what you are talking about. For example some sites use the picture only humans can figure out during registration.


We have several ways of making sure spam does not reach our forum
This happens to be one counter measure
As for your other post plenty of users use a tor here
The one you're using just doesn't work with our system
I see your edited post up top i know and am fully aware of what a tor is
But again I know why you're having a problem and I won't tell you why because you can't have multiple accounts here


----------



## rshackleferd (Feb 1, 2016)

I can use tor all day long after i have registered with my real ip address and email address. The issue becomes a problem when i first tried to register under tor,"same thing happened to a friend i was trying to help". Which tor are you talking about that lets you register with riu? This kinda info could be helpful in keeping us under the radar, IMO there should be a sticky since this is a very important topic for most users.

Added: I use the edit bottom a lot because im stoned and leave out and forget a lot of stuff...lol. Im glad you can see the edited versions


----------



## sunni (Feb 1, 2016)

rshackleferd said:


> I can use tor all day long after i have registered with my real ip address and email address. The issue becomes a problem when i first tried to register under tor,"same thing happened to a friend i was trying to help". Which tor are you talking about that lets you register with riu? This kinda info could be helpful in keeping us under the radar, IMO there should be a sticky since this is a very important topic for most users.


There's so many tors and Vpns out there
That we can't go and attempt to try them all out and than list them for what works for rollitup

While it may seem like an important top topic to you and some other users the majority of the forum does not use a tor or Vpn

While we respect the rights of users to use one
It isn't our job to source , try out and find third party applications like tors and Vpns and make sure they work with our website
Sorry


----------



## rshackleferd (Feb 1, 2016)

ok thanks for the info sunni, Im just really paranoid, I dont even trust vpns especially when they are located within the states. However thanks for the info.


----------



## lawlrus (Feb 1, 2016)

jeroly said:


> First of all, I can understand an interest in doing folks from having multiple accounts. However, to use ip addresses as anything other than just another tool and as a clue to potential fraud rather than as proof, is fraught with problems.
> 
> First of all, most folks don't have fixed ip addresses. Each time they reconnect they are assigned an address from a pool of addresses associated with their ISP.
> 
> ...


It's an imperfect system but the best available at the time. Either way it is a private site and the owners/administrators are not obligated to allow you to post any more than you are obligated to use the site yourself. And at the end of the day, there are very few illegitimate bans going down the pipeline...everybody always has a story, but if you're getting banned you probably did something to deserve it and need the timeout anyways.


----------



## kmog33 (Feb 1, 2016)

sunni said:


> *Any forum * has IP checks, it a system check,
> Im sure some people dont realize this, but this is not an unknown thing it happens on any forum regardless of the content of the forum itself.
> 
> When we see an IP its a long digit number that provides us with your mobile phone provider or internet provider you use, your basic general area like state, and city.
> ...


Has a spouse ever been banned thinking it was a sock puppet? Spouse and friend is ok though I get from your post. I was on a site you literally couldn't log in two users from the same computer. So if you had someone over and they wanted to login they would have to bring a separate computer lol. It was a game so I guess it may be a bit different though. 


Sent from my iPhone using Tapatalk


----------



## sunni (Feb 1, 2016)

kmog33 said:


> Has a spouse ever been banned thinking it was a sock puppet? Spouse and friend is ok though I get from your post. I was on a site you literally couldn't log in two users from the same computer. So if you had someone over and they wanted to login they would have to bring a separate computer lol. It was a game so I guess it may be a bit different though.
> 
> 
> Sent from my iPhone using Tapatalk


Yes it doesn't happen often but it has happened where we banned a spouse 
We are only human we make errors 

It is ok to have a roommate spouse or friend sign up it is better to inform us (the mod staff ) prior to doing so just to give us a heads up


----------



## kmog33 (Feb 1, 2016)

sunni said:


> Yes it doesn't happen often but it has happened where we banned a spouse
> We are only human we make errors
> 
> It is ok to have a roommate spouse or friend sign up it is better to inform us (the mod staff ) prior to doing so just to give us a heads up


Makes sense, thanks for the info. 


Sent from my iPhone using Tapatalk


----------



## hondagrower420 (Feb 1, 2016)

Everybody knows that sunni has an actual banishment hammer and comes to you house and starts swing. It's why she said spouses have accidentally been banned.

Sunni shows up swinging.

Hey Sunni, how are you?


Anyhow, are people really this paranoid? I mean you should just stop doing illegal activity if you are so skittish. 

If I was paranoid about a lea trying to conduct surveillance over the internet, on a forum. I would stop using said forum.


----------



## ODanksta (Mar 7, 2016)

I was friends with Somebeech.. He showed me exactly where I lived.. City, cross streets everything.. I've changed everything since..

Use an exif eraser on your photos.. That is all I can say..


----------



## sunni (Mar 7, 2016)

ODanksta said:


> I was friends with Somebeech.. He showed me exactly where I lived.. City, cross streets everything.. I've changed everything since..
> 
> Use an exif eraser on your photos.. That is all I can say..


thats having the location on your cellphone photos, this thread is about IP addresses. two different things
you drinking tonight?


----------



## ODanksta (Mar 7, 2016)

sunni said:


> thats having the location on your cellphone photos, this thread is about IP addresses. two different things
> you drinking tonight?


1 pint of R&R and one tall boy Coors original.

IP address and location from a cellular device is practicality the same thing..

Right?


----------



## sunni (Mar 7, 2016)

ODanksta said:


> 1 pint of R&R and one tall boy Coors original.
> 
> IP address and location from a cellular device is practicality the same thing..
> 
> Right?


no. not even close. 

this thread is about mods who pulled an ip address from someones account at grasscity and the person got super paranoid over it
what the person doesnt understand is that any forum uses IP tracking, and that IP addresses just tell general location like city and state, and service provider. and that an IP address doesnt "out" your location. 

data off your smartphone photos is a totally different thing, when you have your GPS on your smartphone active and you put a photo online anyone can pull the metadata information to know where that photo was taken, because its GPS its exact location or very close too pulling metadata off your photos is not something a moderator would use for their modding on a forum

see the difference? the topic youre bringing up is completely irrelevant to the subject matter of the OP .


----------



## sunni (Mar 7, 2016)

the topic youre talking about is this link here, which i created a thread on how to remove metadata from your photos prior to putting it onto here.
https://www.rollitup.org/t/security-smarts-removing-information-from-photos.887924/
@ODanksta


----------



## Fender Super (Apr 18, 2017)

hondagrower420 said:


> Riu has been my heaven for years. I had a different acct way back when I was outdoors in east Tennessee. I was on overgrow and Riu, that's it.
> 
> These other forums can't really be all that bad man.


GrassCity is cop central. I'll never post there.


----------



## greg nr (Apr 18, 2017)

Keep in mind that while your ip address may rotate from time to time, your mac address usually won't. Also, the patriot act requires ISP's to keep a log of what IP was used by what mac address and customer at specific times. They keep that data for 90 days as a rule.

VPN's can mask your IP/MAC addresses, but there are ways to trace around or through a VPN. And tor security is known to be broken.

It's really a question of who is looking for you and why. If it is a fed/state agency, they can easily find you; the question is why would they be looking. They don't need RIU's help. If it's a ripper, well, probably not so easy.


----------

