Skip to main content
Home / Articles /

How Long Should We Ban IPs?

There are all kinds of reasons IPs get banned. A forums manager might ban an IP because the user at it is spamming. An admin of an email server might also ban IPs for spamming. A web service might ban an IP for using an API in an unapproved way.

On this site, we used to ban IP's in the forums all the time (the new forums have been much better in spam prevention). I also sometimes ban IPs from inside WordPress. There is a setting to "blacklist" IP's in the admin area on the Settings > Discussion page. There are few in there from spammers, and a variety of people I thought just shouldn't come 'round here no more. In looking at this list now, some of these IP's have been in here for years. Is that acceptable?

At the time of blockage, and IP address might belong to Danny Doucher, but after sometime, the IP address might be reassigned and now belong to Susie Supercool. I certainly wouldn't want to punish Susie for Danny's crimes.

So, how long should we ban IP's for? Wikipedia, who certainly needs to deal with IP blocking on a regular basis, has a few choice words:

Most IP addresses should not be blocked more than a few hours, since the malicious user will probably move on by the time the block expires.

IP addresses should almost never be indefinitely blocked. Many IP addresses are dynamically assigned and change frequently from one person to the next, and even static IP addresses are periodically re-assigned or have different users. In cases of long-term vandalism from an IP address, consider blocks over a period of months or years instead. Long-term blocks should never be used for isolated incidents, regardless of the nature of their policy violation.

I can get on board with that. IP blocks should only last a limited time, since all IPs eventually change. Most blocks should be short, but if you experience long-term bad activity, make the ban longer. In the case of this site and WordPress, the Discussion Settings also offer a Moderation list, so you don't actually have straight blacklist IP's at all if you don't want, and even if you do, you can move them from the blacklist to the moderation list after a while and be fine.

Anyone else have any theories or research to share?