On Thu, Mar 21, 2013 at 08:30:38PM +0000, Xyne wrote: > Lukas Fleischer wrote: > > >> Do the IPs need to be visible? In the case of a single IP a simple ban > >> button > >> will suffice. A proxied IP will be completely different every time so > >> subsequent addresses are unrelated. That only leaves netmasked dynamic > >> IPs. It > >> would be enough to have an interface button connected to a query that > >> returns > >> all users with an IP in the netmasked range (/24?). You could even > >> automatically flag user accounts that share a range with banned IPs, again > >> without divulging the IP address. > > > >This is not the whole truth. To stop the latest spam attack, we had a > >look at the web server logs, noticed that the spammer was using Tor, > >generated a list of Tor exit nodes and added that to the IP ban list. > >How would you do that without seeing any IP addresses? How would you > >figure out if a spammer is just controlling 4-5 small subnets or using > >proxies at all? > > Fair enough. > > Incidentally, can a banned IP address still be used to browse the site and > download packages? There are many people who use Tor and other proxies for > various reasons and it would be a shame if they have to suffer due to one > basement-dwelling troll. Essentially only the login and post forms would need > to respect the ban.
We only block account creation and login. If a spammer still has a valid session, we can clear all active sessions to enforce a logout. > > Sorry if this has been addressed already. I haven't read through the patches. > > > > >If you feel strongly about not showing IP addresses, we could hide IP > >addresses for TUs and only show them to the AUR administrator(s) who can > >skim through the logs anyway. > > Please do. Thanks. > > >Yes, they can. I did not mean to allege anything here -- I just wanted > >to make sure that banning a range of IP addresses doesn't > >(unintentionally) block any Trusted Users or developers. > > That would make for a great post in the stupid computer mistakes thread... it > would be on the same level as ssh'ing into a box and killing the network.
