Find who used IP one year ago possible ?

andika · June 01, 2017, 12:52:40 PM

Hello,

Recently I received a notification from criminal investigators to report data about some IP used 6 months ago. Luckily that was the only client using the server all this time, so I provided them with requested data, but if the client would have leave the service after one month of usage and then another few clients.. I would have no chance to cache the user. The only solution would be to check all emails sent by hostbill platform (when VPS was deployed) over time and search the reported IP. Is there any way to see listed absolutely all emails sent by hostbill ? Is there any other way to achieve what I need ?

Thank You

d4f · June 02, 2017, 10:39:11 AM

Are we talking only VPS and similar here or also shared hosting?
In shared hosting you can't attribute IP's by customer and whether you're even allowed to keep relevant log files for months depends a lot on the country you're in (most of EU for example, a couple of days to weeks maximum).

All hostbill emails are in its database so you can just run a "LIKE" query on the tables with the IP address.
If you have the IPAM plugin (and are actually using it

) then you have an "Audit log" when going to the IP's details/edit page where all attributions are listed with timestamp.

Note: in many countries you are legally required to archive emails in a searchable but not alterable format anyway. If that applies to you then you could search the emails there too.

andika · June 04, 2017, 09:25:44 AM

Quote from: d4f on June 02, 2017, 10:39:11 AM
Are we talking only VPS and similar here or also shared hosting?
In shared hosting you can't attribute IP's by customer and whether you're even allowed to keep relevant log files for months depends a lot on the country you're in (most of EU for example, a couple of days to weeks maximum).

All hostbill emails are in its database so you can just run a "LIKE" query on the tables with the IP address.
If you have the IPAM plugin (and are actually using it ) then you have an "Audit log" when going to the IP's details/edit page where all attributions are listed with timestamp.

Note: in many countries you are legally required to archive emails in a searchable but not alterable format anyway. If that applies to you then you could search the emails there too.

Its VPS related. I only rent Dedicated from DC, also subnet IPs to make VPSs, I don't think IPAM its any use to me.
I have found it on database , thank you !
I can see you know many things, can you tell me on which countries is mandatory to "archive emails in a searchable but not alterable format anyway" ? I didn't knew that

d4f · June 07, 2017, 03:49:00 AM

Quotecan you tell me on which countries is mandatory to "archive emails in a searchable but not alterable format anyway" ?

I _think_ there is a EU-wide legislation but most EU-countries (especially UK and Germany) have very strict own laws for businesses in that regard. Outside the EU, I have no idea about the current legislation as it doesn't affect us

QuoteI don't think IPAM its any use to me.

Hostbill's IPAM plugin manages and monitors dedicated IP address attribution to customer services so it would be _exactly_ what you need to lookup which customer had what IP at date X.

andika · June 09, 2017, 03:58:04 AM

Quote from: d4f on June 07, 2017, 03:49:00 AM
as it doesn't affect us

How is that ? Why not ?

d4f · June 12, 2017, 03:56:45 AM

QuoteHow is that ? Why not ?

Our colocation is in Germany so we have to fulfill german laws and not e.g. US. So I won't know about US laws for data retention

andika · June 13, 2017, 01:44:46 PM

I see, can you share you German DC name ?