LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices

Reply
 
Search this Thread
Old 04-22-2013, 11:58 AM   #1
newbiesforever
Senior Member
 
Registered: Apr 2006
Location: Glendale, AZ
Distribution: Distro-homeless. Lost.
Posts: 1,874

Rep: Reputation: 62
is IP banning more difficult than banning user accounts?


Websites like this ban IPs because that's the only thing close to a foolproof way of banning rulebreakers, but I notice that other sites may only bother to ban user accounts--which, of course, is much less effective because the banned users can simply create new accounts.That led me to wonder why those sites don't bother to ban IPs. Is it probably only because they don't really care, or is IP banning more difficult in some way (more expensive, for instance)?
 
Old 04-22-2013, 12:28 PM   #2
Kustom42
Senior Member
 
Registered: Mar 2012
Distribution: Red Hat
Posts: 1,568

Rep: Reputation: 411Reputation: 411Reputation: 411Reputation: 411Reputation: 411
Quote:
Originally Posted by newbiesforever View Post
Websites like this ban IPs because that's the only thing close to a foolproof way of banning rulebreakers, but I notice that other sites may only bother to ban user accounts--which, of course, is much less effective because the banned users can simply create new accounts.That led me to wonder why those sites don't bother to ban IPs. Is it probably only because they don't really care, or is IP banning more difficult in some way (more expensive, for instance)?
Most of these sites that do username bans are doing them via a web admin portal for a FOSS product like phpbb or some other forum software they downloaded online. Most of the FOSS CMS/Forum products don't have a quick way to do an IP ban because it is a server level config change. It's not difficult most just don't know how. Like parallel parking to a 13 year old.
 
Old 04-22-2013, 01:13 PM   #3
John VV
Guru
 
Registered: Aug 2005
Posts: 12,906

Rep: Reputation: 1715Reputation: 1715Reputation: 1715Reputation: 1715Reputation: 1715Reputation: 1715Reputation: 1715Reputation: 1715Reputation: 1715Reputation: 1715Reputation: 1715
if you have access to the Apache "httpd.conf"
you can use the hack for reversing the allow ONLY people from the local domain

reversing the "Allow,Deny " statement and putting the offending ip address in the "Deny" group will block that ip ONLY ( or a group)

-- from memory so look it up --
Code:
Order Allow , deny 
Allow all
Deny 123.456.789.901 098.765.432.109 ( blank space and continue with the list  it WILL get VERY LONG !!! 
not the best but it works , but REQUIRES daily update from say AWStats or the like
 
Old 04-22-2013, 01:19 PM   #4
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Hanover, Germany
Distribution: Main: Gentoo Others: What fits the task
Posts: 15,592
Blog Entries: 2

Rep: Reputation: 4046Reputation: 4046Reputation: 4046Reputation: 4046Reputation: 4046Reputation: 4046Reputation: 4046Reputation: 4046Reputation: 4046Reputation: 4046Reputation: 4046
An IP ban is far from being fool-proof, anyone knowing how to use one of the thousands of open proxies out there can not be stopped by an IP ban, so many forums, especially technical ones with knowledgeable members, just don't bother with IP bans, simply because it is easy to circumvent them.
 
Old 04-22-2013, 01:47 PM   #5
SLW210
Member
 
Registered: Apr 2013
Location: South Central Florida
Posts: 43

Rep: Reputation: 10
AFAIK, if you have several members with the same IP you would be blocking all of them (for example, 3 people that work at the same company that share an IP or sign on from school, etc).

Usually, just banning a user name will get the message across.
 
Old 04-22-2013, 02:43 PM   #6
Kustom42
Senior Member
 
Registered: Mar 2012
Distribution: Red Hat
Posts: 1,568

Rep: Reputation: 411Reputation: 411Reputation: 411Reputation: 411Reputation: 411
Quote:
Originally Posted by John VV View Post
if you have access to the Apache "httpd.conf"
you can use the hack for reversing the allow ONLY people from the local domain

reversing the "Allow,Deny " statement and putting the offending ip address in the "Deny" group will block that ip ONLY ( or a group)

-- from memory so look it up --
Code:
Order Allow , deny 
Allow all
Deny 123.456.789.901 098.765.432.109 ( blank space and continue with the list  it WILL get VERY LONG !!! 
not the best but it works , but REQUIRES daily update from say AWStats or the like

This is good info and really is the best. Not a hack IMO. Apache is by design a "restrictive server" so it will only allow traffic that you tell it to. That was the design so you could limit to specific IP addresses. The more correct answer is to drop the traffic on the network layer before it even gets to the software layer using iptables or a firewall but this is Apache's "correct" way of blocking traffic by IP address.
 
Old 04-22-2013, 02:52 PM   #7
273
Senior Member
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 3,369

Rep: Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782
Added to these:
Quote:
Originally Posted by TobiSGD View Post
An IP ban is far from being fool-proof, anyone knowing how to use one of the thousands of open proxies out there can not be stopped by an IP ban, so many forums, especially technical ones with knowledgeable members, just don't bother with IP bans, simply because it is easy to circumvent them.
Quote:
Originally Posted by SLW210 View Post
AFAIK, if you have several members with the same IP you would be blocking all of them (for example, 3 people that work at the same company that share an IP or sign on from school, etc).

Usually, just banning a user name will get the message across.
There is also the fact that a user may well get a new IP address periodically -- some will get a new IP address virtually every time they connect to the internet. With mobile access or dialup it's pretty common to get a new IP address every time you connect, with ADSL and cable the addresses tend to stick for longer. Then there are those connecting from public WiFi -- you may ban a whole cafe but still not have banned the user.
I bet I've posted to this site from a dozen IP addresses at least.
 
Old 04-22-2013, 04:29 PM   #8
John VV
Guru
 
Registered: Aug 2005
Posts: 12,906

Rep: Reputation: 1715Reputation: 1715Reputation: 1715Reputation: 1715Reputation: 1715Reputation: 1715Reputation: 1715Reputation: 1715Reputation: 1715Reputation: 1715Reputation: 1715
adding the ip's to the deny section of the httpd.conf though will create a very long list
and 90+% might be a proxy service

Now in some cases it dose a good job
for example
the Univ. of Chicago servers were trying , very badly, to mirror two of my sites .
to the tune of over 30+gig in bandwidth a DAY sometimes .
not just downloads but EVERYTHING( over and over and over and over ....) including icons and banner images and php files


It is not "fool proof"

"fail to ban " good

with a cable connection the ip stays the same , for most of the time .But from a history with Comcast it CAN change 6 times in one day or be the same for 6 months .
 
Old 04-22-2013, 04:40 PM   #9
273
Senior Member
 
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 3,369

Rep: Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782Reputation: 782
Quote:
Originally Posted by John VV View Post
with a cable connection the ip stays the same , for most of the time .But from a history with Comcast it CAN change 6 times in one day or be the same for 6 months .
I've had my [UK] cable IP change three or four times in one week but I seem to have had this one for over a year. The changes tend to correspond to my ISP having problems, which makes sense.
 
Old 04-22-2013, 05:24 PM   #10
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,285
Blog Entries: 54

Rep: Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854
Quote:
Originally Posted by newbiesforever View Post
Websites like this ban IPs because that's the only thing close to a foolproof way of banning rulebreakers, but
No. LQ is not like other sites: we (or rather: Jeremy) rarely decide to restrict access at the network level. If it's decided it's necessary it's only done after carefully weighing all the facts at hand. Apart from obvious cases like spammers or clear threats banning an account is a last resort option only: LQ moderators have to follow proper procedure before banning becomes a valid option.

Last edited by unSpawn; 04-22-2013 at 05:25 PM.
 
Old 04-22-2013, 06:03 PM   #11
newbiesforever
Senior Member
 
Registered: Apr 2006
Location: Glendale, AZ
Distribution: Distro-homeless. Lost.
Posts: 1,874

Original Poster
Rep: Reputation: 62
Quote:
Originally Posted by unSpawn View Post
No. LQ is not like other sites: we (or rather: Jeremy) rarely decide to restrict access at the network level. If it's decided it's necessary it's only done after carefully weighing all the facts at hand. Apart from obvious cases like spammers or clear threats banning an account is a last resort option only: LQ moderators have to follow proper procedure before banning becomes a valid option.
... that really was beside the point. My point was that when LQ (and any other sites that ban IPs) ban IPs, their motive is to make it difficult for the rulebreakers to return. And if anything, I was noting that LQ is indeed not like other sites (as you said), in that it has more technical expertise than many sites and takes security more seriously.




Quote:
Originally Posted by TobiSGD View Post
An IP ban is far from being fool-proof, anyone knowing how to use one of the thousands of open proxies out there can not be stopped by an IP ban, so many forums, especially technical ones with knowledgeable members, just don't bother with IP bans, simply because it is easy to circumvent them.
Yes, well, note that I said "the only thing close to foolproof," not "foolproof." Before it was mentioned here, I already knew how I can circumvent an IP ban without advanced networking knowledge (which I lack): assuming one was banned while using a desktop computer at home, go to a public place with wi-fi and access the website using a laptop.
 
Old 04-22-2013, 06:47 PM   #12
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,285
Blog Entries: 54

Rep: Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854
Quote:
Originally Posted by newbiesforever View Post
... that really was beside the point. My point was that when LQ (and any other sites that ban IPs) ban IPs, their motive is to make it difficult for the rulebreakers to return. And if anything, I was noting that LQ is indeed not like other sites (as you said), in that it has more technical expertise than many sites and takes security more seriously.
I can't comment on the practices of other sites but arguments like network ACL maintenance, collateral damage from "greedy" matches and circumvention all apply, besides LQ allows any user to register an(other) account(s). LQ needs to be as accessible as possible. To put it in perspective: blocking IP addresses or ranges is that much a last resort option it's requested only once every few years and even then it'll be granted for a short period of time. So the "when" part of your statement doesn't even enter the equation, it's that rare. And what you say about other sites "may only bother to ban user accounts" in your OP is what actually applies to LQ.

Clear enough?
 
Old 04-23-2013, 03:03 AM   #13
cynwulf
Senior Member
 
Registered: Apr 2005
Distribution: OpenBSD, FreeBSD
Posts: 1,297

Rep: Reputation: Disabled
I use tor to access this site during the day (at work) and a lot of exit nodes are blocked - seems pointless...?
 
Old 04-25-2013, 06:40 PM   #14
sundialsvcs
Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 5,377

Rep: Reputation: 1108Reputation: 1108Reputation: 1108Reputation: 1108Reputation: 1108Reputation: 1108Reputation: 1108Reputation: 1108Reputation: 1108
And here's a to you, unSpawn and the others, for the excellent job that you do. (To me, it is an utterly thankless job that often borders on being disgusting, if done well, and I am quite loathe to do it myself.)
 
Old 04-25-2013, 06:58 PM   #15
jefro
Guru
 
Registered: Mar 2008
Posts: 11,526

Rep: Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404Reputation: 1404
Also many people have dynamic IP's so you don't just ban a single user, you ban entire groups.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Banning IP addresses ErrorBound General 5 08-25-2006 05:14 AM
MEPISlovers banning certain people? galen Linux - Distributions 10 12-15-2004 12:47 AM
banning IP addresses in samba HedAche Linux - Networking 4 07-02-2004 04:01 PM
banning an IP digsby0007 Linux - Security 11 02-27-2004 12:02 AM
banning an ip im1crazyassmofo Linux - General 18 04-10-2003 10:07 AM


All times are GMT -5. The time now is 11:12 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration