AWStats IP anonymizer

Some thoughts of mine...

The upcoming DSGVO (de) GDPR (en) will have implications on any website. And they are complex. Generally, in Germany we had a data protection law quite similar to the GDPR, but most small enterprises were very relaxed... With the new GDPR in most countries the law gets more strict and - more important - enforcement with high fines is intended.

How are "we" doing now?

First, GDPR affects as well B2C as B2B. In Germany most important is to fullfill those parts being detectable by robots first. That is the imprint and the declaration of data protection. Check any formula, control your data flows, SSL is mandatory for anyone!! So, the first steps to be taken are those by website owners. Just to mention: GDPR is not only valid for digital data procession, also your paper cards have to follow these paragraphs.

Next part: Its for sure, that the IP belongs to the personal data. There are a lot others. There are few exemptions. E. g. those data necessary for the website to operate. IPs are such. Questions arise when going into the details. How long should an adress be saved? Can it be pseudnoymized/anonymized, is this allowed? To give you an impression: even soliciters have no common meaning, if saving for some days to allow fail2ban to work is allowed. There is already a great discussion on wordpress comments (but that's no imscp problem). As the whole intention of this law is data minimalism, everyone should ask himself: do I really need this data? For technical reasons (s. a.), for marketing reasons?

For any data to be processed, you need the admission of the data owner. Another reason is to keep them for legal reasons. According to the law, we are no telecom providers, so we don't have to log access data.

So, as the necessity for saving/deleting/anonymizing data derives from the client, opting in or out for such things should be implemented on a client level. Imagine there's a client providing a solution only for members having opted in for the logging of their IPs. This is defintively allowed, so this client should be able to log them via AWStats. Maybe a reseller/admin gets a switch for generally disabling this for all clients.

Resellers: they should have a document signed with the admin called mandatory data processing (in de: Auftragsdatenverarbeitung). Also the clients mostly have to sign such a thing with resellers.

Further on: Admins/Resellers should be able to answer the question, which personal data could be accessed by whome. By concept, the admin is able to see all client data of any reseller. For transparancy reasons the reseller has to tell this fact to his client or at least document this in his data processing list (in de: Verfahrensverzeichnis).

Application related aspects: some developers already began to analyse their applications for GDPR-readiness. Even DNS: they discuss, which data should be requested from a domain registrant, which data should be presented for a whois request. We have bind on board. Access to the imscp panel, provided by a webserver: there is a limited number of clients who easily may opt in whereas a blog has outnumbered users, unwilling to have registered their visit.

What could be a best solution:
- document, where in imscp personal data are collected
- who can see/change/delete them
- which data originate from imscp purposes
- which data originate from client applications / public website usage / standard server programs
- which of these data are so open, that the user gets knowledge of them
- which of these data are given because of technical reasons internally (e. g. apache log, mail log)
- for which of the personal data is an anonymisation necessary, because there is no legal justification
- where is there an interaction between imscp and other third party programs; which rules should be obtained in this case
- ... some more?

As said above: most important are all the data exposed to the public. Clients in the sense of impsp are public. Imagine a bad willing soliciter (they exist in Germany, because that's a profitable business model) will log in as client on an imscp administered system and is able to see personal data (visitors IPs)! This should be fixed first, even if we have to miss some functionality for some time. Data only visible for admins may be investigated and fixed later.

In the long run this will be a subject for quite a long time. Heavy stuff? Just wait for E-Privacy next year which goes more into the details.

Was this long comment helpful to you? Hope so

Quote

Anonymisieren der Besucherlogs bei I-MSCP
Logrotate anpassen

Wenn man das Statistiktool AWStats in I-MSCP deaktiviert hat, kann man einfach den Rotationszeitraum von Logrotate in den Dateien
/etc/logrotate.d/apache2
/etc/logrotate.d/imscp_panel
Anpassen. Dort rotate 365 ändern in rotate 7
Apache Log anonymisieren
Sollte die AWStats Homepagestatistik aktiv sein, ist es empfehlenswert die Logs zu anonymisieren. Dazu einfach in den Dateien
/etc/letsencrypt/options-ssl-apache.conf
/etc/apache2/sites-enabled/00_nameserver.conf
/etc/apache2/apache2.conf
den Wert %h gegen [IP] ersetzen. Dadurch wird statt der Besucher IP-Adresse jetzt ausschließlich [IP] in den Logs geschrieben.
Wichtig ist, dass nach jeder Aktualisierung des I-MSCP Panels noch einmal geprüft wird, ob die Dateien noch entsprechend eingestellt sind.

Display More

https://blog.ip-projects.de/an…dressen-bei-i-mscp-plesk/

Sofern es jemand benötigt...

Quote from _pAt

https://blog.ip-projects.de/an…dressen-bei-i-mscp-plesk/

Sofern es jemand benötigt...

I think this is not the fully part? - PHP Scripts can access to the IP address with global variable $_SERVER['REMOTE_ADDR'], so we cannot ensure, that Plugins (Wordpress,...) getting the ip address and stores this wherever.

Quote from Grex

I think this is not the fully part? - PHP Scripts can access to the IP address with global variable $_SERVER['REMOTE_ADDR'], so we cannot ensure, that Plugins (Wordpress,...) getting the ip address and stores this wherever.

This is the problem of the wordpress controller.