There are all kinds of reasons IPs get banned. A forums manager might ban an IP because the user at it is spamming. An admin of an email server might also ban IPs for spamming. A web service might ban an IP for using an API in an unapproved way.
On this site, we used to ban IP’s in the forums all the time (the new forums have been much better in spam prevention). I also sometimes ban IPs from inside WordPress. There is a setting to “blacklist” IP’s in the admin area on the Settings > Discussion page. There are few in there from spammers, and a variety of people I thought just shouldn’t come ’round here no more. In looking at this list now, some of these IP’s have been in here for years. Is that acceptable?
At the time of blockage, and IP address might belong to Danny Doucher, but after sometime, the IP address might be reassigned and now belong to Susie Supercool. I certainly wouldn’t want to punish Susie for Danny’s crimes.
So, how long should we ban IP’s for? Wikipedia, who certainly needs to deal with IP blocking on a regular basis, has a few choice words:
Most IP addresses should not be blocked more than a few hours, since the malicious user will probably move on by the time the block expires.
IP addresses should almost never be indefinitely blocked. Many IP addresses are dynamically assigned and change frequently from one person to the next, and even static IP addresses are periodically re-assigned or have different users. In cases of long-term vandalism from an IP address, consider blocks over a period of months or years instead. Long-term blocks should never be used for isolated incidents, regardless of the nature of their policy violation.
I can get on board with that. IP blocks should only last a limited time, since all IPs eventually change. Most blocks should be short, but if you experience long-term bad activity, make the ban longer. In the case of this site and WordPress, the Discussion Settings also offer a Moderation list, so you don’t actually have straight blacklist IP’s at all if you don’t want, and even if you do, you can move them from the blacklist to the moderation list after a while and be fine.
Anyone else have any theories or research to share?
Interesting, I never really thought about it. Then again I’ve never had to ban someone’s IP, but some good food for thought I ever have to.
To be it all depends on the severity of the bad activity. Different situations should be handled different ways but I disagree with long-term ip bans just for the reason stated above in the post that you don’t want to punish someone else for that person’s bad act.
Consider your audience. Since I write for an English speaking audience and all my business is domestic, I have zero problems banning (e.g. Chinese, Israeli, Russian, Korean, Farsi) addresses at the server level (Apache, allow, deny). Why give them any information in case they come back for more serious exploits later on?
Why.
80% of Chinese speak English.
Just look a this sight statistics: Russia, India, China.
That statistic was made up on the spot or your resources are seriously flawed.
Got nothing to say, but “Danny Doucher” is funny. Thanks for what is sure to be an absurd fit of laughter!
I don’t know the possibility of this but baning MAC address would the ultimate goal in my opinion because like you mention IP change very frequent.
There is no way for the web server to know your MAC address since it doesnt “travel through” routers. Maybe when IPv6 gets going everyone will get a dedicated IP??
It’s actually easier to change your mac address than it is to change your IP since most IPs are given out by ISPs, but Mac addresses are written into your network interface. All modern network interfaces support changing of the mac address via software.
In any case, it’s highly unlikely (albeit not impossible) for the server to figure out your mac.
Speaking on the Wikipedia front (as an administrator), we general escalate IP blocks for run-of-the-mill vandals pretty consistently; I tend to block for 24 hours right off the bat. If an IP’s vandal edits come hot on the heels of a block timing out, I’ll block them for a longer period. When an IP goes back to a school (high school or college), they tend to get blocked for much longer periods (it’s been more than once that a high school IP has been blocked until the general end of the school year). Open proxies get blocked for years at a time.
Also, it should be pointed out that we can block IPs in such a way that still allows users that have accounts to still edit if they’re stuck on those IPs.
Susie Supercool sounds hot.
I kind of have a crush on her already.
I bet her tweets are hilarious and she wrote a custom Sinatra app to track sales of her CSS-themed jewelry on Etsy. Plus her Hacker News karma is through the roof and she goes on girl’s night out with Violet Blue, Leah Culver and Veronica Belmont all the time.
Why can’t I ever meet a geek girl like that?
That’s how I picture her too.
Try harder then!
If you’re in school (like me), there are plenty of those (also depends on the school).
They’re out there :)
çok enteresan bir yazı BAN İP ha vay be
If someone isn’t a spammer rather just a troll that’s committing a bannable offense don’t IP ban them. Instead just force them to pay to access your site or a network of sites you own. If you just IP ban them they’ll just become enraged and head to a friend’s house, TOR, a library, etc. As where if they actually have to crack open their wallet every time they commit a bannable offense they’ll probably think twice.
LOL!
I’ve always had more of a problem with other servers who are scanning for security vulnerabilities. In this case I think its pretty safe to ban them long term.
Maybe we need a plugin that will let you ban an IP for a set amount of time. I wonder if there’s anything in the WordPress API that would let you hook into the built in IP blocking functionality.
It sounds super cool!
Danny Doucher FTL!
I think a big part of how long a ban is depends on how emotionally affected the administrator is. If the guy took a shot at the admin’s mother, then a ban may be more lengthy than if the admin’s forum was just being spammed. If it’s personal, rational thinking may be compromised and infinite bans could be dealt.
I agree with you on that a ban should only last a short period of time. At most, IMHO, is a year or two.
Thing is, if you ban my IP, I disconnect my cable modem, wait 5 seconds, then reconnect it and I’m back, unbanned. IP banning, in my experience, works best with obvious spam bots, a person can easily get around a ban though.
On my website I have a vBulletin forum which used to get a lot of spam. I installed a well know vBulletin plug-in called vbStopForumSpam. Basically what it does is compares a new users IP against a database of spamming IP’s from the site stopforumspam.com.
After about 5 days I had at least 20 users open support tickets saying they could not join my forum. The plug-in had detected their IP as a known spamming IP.
I had to remove the plug-in. So I agree with this posts. Long term IP bans are not useful. If anything they block genuine users who are unlucky enough to be assigned the IP you banned.
Email servers quite often use blacklists from services such as http://www.spamhaus.org/ and http://www.team-cymru.org/Services/Bogons/
If there’s a WP/Forum plugin that uses that, that’d probably cut out a lot of spam. mod_security also cuts out a lot if properly configured especially in heavily targeted software like WP and phpBB3.
I personally like the idea of users of the site voting into oblivion spam and abusive comments. It means the site is policed by the users and not the site admin which coincidently side steps UK libel law as the site admins aren’t doing any editing or approval of comments and so can’t be sued. UK Libel Reform is way overdue, especially now that the US has passed it’s anti-Libel tourism law.
I’ve also seen sites where users get scored on their behaviour such that repeated abuse gives them a negative score and their comments aren’t seen by default.
I like Robert’s idea of paying for access too. I would guess most abusive users would just go away if they had to pay to regain access.
I believe that in content generated websites which is open to vandalism, you must have one of two things: either a very good spam block, or make account registration mandatory.
This way, you can safely block the offending account, without affecting any other IP addresses or users.
Hello,
Nice topic.. agreed! trust me, I have experienced this. Like, I was blocked in a forum ( limiting IP )… and, I was on a cable net ( where a lot of many computers are connected to each other through LAN ) and only one server ( and computers/users internet IP is same as Server ) so, indirectly that forum actually blocked each user of that cable network. and Nobody was able to use that forum in the cable network ( LAN ).
if it needed, perhaps you should ban all IP from that region/country …
∆
∆ ∆
dididoitrite?
I’m not a big fan of IP bans, but coming from the IRC undergrounds I feel the need, sometimes, to stick a ban on some IPs – even on C classes sometimes.
It reduces drastically the incoming mess and idiocy of some people, speaking for forums and active-websites (not chats); the risk is probably to reject some people coming from those classes but I do love to keep it clear and idiot-proof =)
I tend to block a IP for just a few hours. Odds are if they are able to exploit (or annoy) your website they will know to get behind a proxy or know how to change there IP address.
Emails on the other hand, I ban for life.
I run everyone that hits one of my sites through the http://www.stopforumspm.com API. Its easy to check and block spammers that way. If they haven’t shown up again after a two month period I drop them. However, there are spammers who use the same IP repeatedly for periods of time. You also must deal with TOR networks spammers, for that I use ZB Block. Excellent tool
Nice one. In one of my recent project I use this feature. After reading this I realize I did a very big mistake. I block the IP’s for forever !! I am working again on it though! Lets see what I can do……
Great article. Im off to retweet !
I think it depends on how often that specific IP’s and its subnets spamming. Just give them forever ban if its happen too often
I’m leaving no comment, just checking your form.
Following Wikipedias lead sounds reasonable with the IP banning time frames, with trying to limit the spam, you are also trying to moderate the quality. LT
I personally don’t agree with IP banning – I have personally visited a few phpBB forums and received an IP ban, even though I had never visited that website before.
There are better ways to prevent spam.
For phpBB, you might want to check out Preventing spam in phpBB 3.0.6 and above.
Also, the new forum software you’re using may be better at preventing spam, but it lacks way too many features.
Just my opinion, of course.
If I ban somebodies IP Address is forever +1 day… LOL! just kiddin’. Nice post, in fact I haven’t really thought about it until I read this one. I guess you are right, the problem is not so much the IP as the person behind the IP. High quality spammers are not using their IPs anyways, so there is nothing to be gained by blocking anything. If you want to block a particular user that you hate (who happens to not know about proxies) then yes, block the crap out of their IP adddress, and enjoy the process.
The only real way of blocking a spammer is to find him in the real world and let your dobermans do the talking (if you know what I mean and if you happen to have dobermans…) :)
I tend to block IP’s by country on highly secure websites, usually only within administration areas. No point in having the admin area open to India, Russia etc if the only place it will be accessed is in EU.
For general websites IP blocking is rarely needed, and if it is it’s usually a temporary ban. There are other ways to prevent spam.
If the IP general it is not necessary to ban it.