Deanonymizing forum posts

Unfortunately I have a student who’s using anonymous forum posts to violate our site’s terms of service. How can I determine which account was used to post the messages so they can be banned?

I didn’t know you could make anonymous posts! Interesting.

Assuming that posting anonymously still requires you to be logged in, there should be a field in the DB record. (I don’t know where exactly to look, unfortunately.) But depending on how your logging is set up, and if no one else chimes in with better information, it might be faster to cross-check the timestamps of their posts with log messages:

  • nginx logs should have their IP address, and their IP address may also be on other traffic from their client that reveals their identity
  • LMS logs should have a [user 12345] element that indicates the authenticated user.

Hi @Rohan!
If you have direct access to MongoDB, you can use these commands to get all the posts:

use cs_comments_service

If you want to filter by course id, you can do:

db.contents.find({"course_id": "<course_id in the form 'course-v1:org+course_num+course_run'>"})

Just wanted to make sure you knew that there are separate advanced settings toggles for making discussions anonymous to other students (Allow Anonymous Discussion Posts to Peers) vs. making it anonymous to everyone (Allow Anonymous Discussion Posts):

Thank you, this seems viable. However, how do I connect to MongoDB on a tutor instance?

You can access the Mongo shell with mongo <mongo host or ip> -u <mongo user> -p <mongo password>. You can get these parameters from lms.auth.json and lms.env.json, or the yaml config files, depending on your installation.

I tried mongo on my Tutor AMI, and it just says command not found.

Eventually I found that the correct tutor-specific way to do this is

tutor local exec mongodb bash

There was no password prompt needed then after that.

And then I could do a variant on the recommended comment lookup command (seeing by specific title rather than everything in the course, since I want to deanonymize a specific post.)

use cs_comments_service
db.contents.find({"title": "<Forum post title>"})


Thanks @andres !

1 Like