LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   General (http://www.linuxquestions.org/questions/general-10/)
-   -   is IP banning more difficult than banning user accounts? (http://www.linuxquestions.org/questions/general-10/is-ip-banning-more-difficult-than-banning-user-accounts-4175459153/)

newbiesforever 04-22-2013 12:58 PM

is IP banning more difficult than banning user accounts?
 
Websites like this ban IPs because that's the only thing close to a foolproof way of banning rulebreakers, but I notice that other sites may only bother to ban user accounts--which, of course, is much less effective because the banned users can simply create new accounts.That led me to wonder why those sites don't bother to ban IPs. Is it probably only because they don't really care, or is IP banning more difficult in some way (more expensive, for instance)?

Kustom42 04-22-2013 01:28 PM

Quote:

Originally Posted by newbiesforever (Post 4936604)
Websites like this ban IPs because that's the only thing close to a foolproof way of banning rulebreakers, but I notice that other sites may only bother to ban user accounts--which, of course, is much less effective because the banned users can simply create new accounts.That led me to wonder why those sites don't bother to ban IPs. Is it probably only because they don't really care, or is IP banning more difficult in some way (more expensive, for instance)?

Most of these sites that do username bans are doing them via a web admin portal for a FOSS product like phpbb or some other forum software they downloaded online. Most of the FOSS CMS/Forum products don't have a quick way to do an IP ban because it is a server level config change. It's not difficult most just don't know how. Like parallel parking to a 13 year old.

John VV 04-22-2013 02:13 PM

if you have access to the Apache "httpd.conf"
you can use the hack for reversing the allow ONLY people from the local domain

reversing the "Allow,Deny " statement and putting the offending ip address in the "Deny" group will block that ip ONLY ( or a group)

-- from memory so look it up --
Code:

Order Allow , deny
Allow all
Deny 123.456.789.901 098.765.432.109 ( blank space and continue with the list it WILL get VERY LONG !!!

not the best but it works , but REQUIRES daily update from say AWStats or the like

TobiSGD 04-22-2013 02:19 PM

An IP ban is far from being fool-proof, anyone knowing how to use one of the thousands of open proxies out there can not be stopped by an IP ban, so many forums, especially technical ones with knowledgeable members, just don't bother with IP bans, simply because it is easy to circumvent them.

SLW210 04-22-2013 02:47 PM

AFAIK, if you have several members with the same IP you would be blocking all of them (for example, 3 people that work at the same company that share an IP or sign on from school, etc).

Usually, just banning a user name will get the message across.

Kustom42 04-22-2013 03:43 PM

Quote:

Originally Posted by John VV (Post 4936650)
if you have access to the Apache "httpd.conf"
you can use the hack for reversing the allow ONLY people from the local domain

reversing the "Allow,Deny " statement and putting the offending ip address in the "Deny" group will block that ip ONLY ( or a group)

-- from memory so look it up --
Code:

Order Allow , deny
Allow all
Deny 123.456.789.901 098.765.432.109 ( blank space and continue with the list it WILL get VERY LONG !!!

not the best but it works , but REQUIRES daily update from say AWStats or the like


This is good info and really is the best. Not a hack IMO. Apache is by design a "restrictive server" so it will only allow traffic that you tell it to. That was the design so you could limit to specific IP addresses. The more correct answer is to drop the traffic on the network layer before it even gets to the software layer using iptables or a firewall but this is Apache's "correct" way of blocking traffic by IP address.

273 04-22-2013 03:52 PM

Added to these:
Quote:

Originally Posted by TobiSGD (Post 4936653)
An IP ban is far from being fool-proof, anyone knowing how to use one of the thousands of open proxies out there can not be stopped by an IP ban, so many forums, especially technical ones with knowledgeable members, just don't bother with IP bans, simply because it is easy to circumvent them.

Quote:

Originally Posted by SLW210 (Post 4936673)
AFAIK, if you have several members with the same IP you would be blocking all of them (for example, 3 people that work at the same company that share an IP or sign on from school, etc).

Usually, just banning a user name will get the message across.

There is also the fact that a user may well get a new IP address periodically -- some will get a new IP address virtually every time they connect to the internet. With mobile access or dialup it's pretty common to get a new IP address every time you connect, with ADSL and cable the addresses tend to stick for longer. Then there are those connecting from public WiFi -- you may ban a whole cafe but still not have banned the user.
I bet I've posted to this site from a dozen IP addresses at least.

John VV 04-22-2013 05:29 PM

adding the ip's to the deny section of the httpd.conf though will create a very long list
and 90+% might be a proxy service

Now in some cases it dose a good job
for example
the Univ. of Chicago servers were trying , very badly, to mirror two of my sites .
to the tune of over 30+gig in bandwidth a DAY sometimes .
not just downloads but EVERYTHING( over and over and over and over ....) including icons and banner images and php files


It is not "fool proof"

"fail to ban " good

with a cable connection the ip stays the same , for most of the time .But from a history with Comcast it CAN change 6 times in one day or be the same for 6 months .

273 04-22-2013 05:40 PM

Quote:

Originally Posted by John VV (Post 4936774)
with a cable connection the ip stays the same , for most of the time .But from a history with Comcast it CAN change 6 times in one day or be the same for 6 months .

I've had my [UK] cable IP change three or four times in one week but I seem to have had this one for over a year. The changes tend to correspond to my ISP having problems, which makes sense.

unSpawn 04-22-2013 06:24 PM

Quote:

Originally Posted by newbiesforever (Post 4936604)
Websites like this ban IPs because that's the only thing close to a foolproof way of banning rulebreakers, but

No. LQ is not like other sites: we (or rather: Jeremy) rarely decide to restrict access at the network level. If it's decided it's necessary it's only done after carefully weighing all the facts at hand. Apart from obvious cases like spammers or clear threats banning an account is a last resort option only: LQ moderators have to follow proper procedure before banning becomes a valid option.

newbiesforever 04-22-2013 07:03 PM

Quote:

Originally Posted by unSpawn (Post 4936804)
No. LQ is not like other sites: we (or rather: Jeremy) rarely decide to restrict access at the network level. If it's decided it's necessary it's only done after carefully weighing all the facts at hand. Apart from obvious cases like spammers or clear threats banning an account is a last resort option only: LQ moderators have to follow proper procedure before banning becomes a valid option.

... that really was beside the point. My point was that when LQ (and any other sites that ban IPs) ban IPs, their motive is to make it difficult for the rulebreakers to return. And if anything, I was noting that LQ is indeed not like other sites (as you said), in that it has more technical expertise than many sites and takes security more seriously.




Quote:

Originally Posted by TobiSGD (Post 4936653)
An IP ban is far from being fool-proof, anyone knowing how to use one of the thousands of open proxies out there can not be stopped by an IP ban, so many forums, especially technical ones with knowledgeable members, just don't bother with IP bans, simply because it is easy to circumvent them.

Yes, well, note that I said "the only thing close to foolproof," not "foolproof." Before it was mentioned here, I already knew how I can circumvent an IP ban without advanced networking knowledge (which I lack): assuming one was banned while using a desktop computer at home, go to a public place with wi-fi and access the website using a laptop.

unSpawn 04-22-2013 07:47 PM

Quote:

Originally Posted by newbiesforever (Post 4936828)
... that really was beside the point. My point was that when LQ (and any other sites that ban IPs) ban IPs, their motive is to make it difficult for the rulebreakers to return. And if anything, I was noting that LQ is indeed not like other sites (as you said), in that it has more technical expertise than many sites and takes security more seriously.

I can't comment on the practices of other sites but arguments like network ACL maintenance, collateral damage from "greedy" matches and circumvention all apply, besides LQ allows any user to register an(other) account(s). LQ needs to be as accessible as possible. To put it in perspective: blocking IP addresses or ranges is that much a last resort option it's requested only once every few years and even then it'll be granted for a short period of time. So the "when" part of your statement doesn't even enter the equation, it's that rare. And what you say about other sites "may only bother to ban user accounts" in your OP is what actually applies to LQ.

Clear enough?

cynwulf 04-23-2013 04:03 AM

I use tor to access this site during the day (at work) and a lot of exit nodes are blocked - seems pointless...?

sundialsvcs 04-25-2013 07:40 PM

And here's a :hattip: to you, unSpawn and the others, for the excellent job that you do. (To me, it is an utterly thankless job that often borders on being disgusting, if done well, and I am quite loathe to do it myself.)

jefro 04-25-2013 07:58 PM

Also many people have dynamic IP's so you don't just ban a single user, you ban entire groups.


All times are GMT -5. The time now is 02:14 AM.