On Thu, Mar 21, 2013 at 10:25 PM, Lukas Fleischer <archlinux@cryptocrack.de> wrote:
On Thu, Mar 21, 2013 at 08:30:38PM +0000, Xyne wrote:
Lukas Fleischer wrote:
Do the IPs need to be visible? In the case of a single IP a simple ban button will suffice. A proxied IP will be completely different every time so subsequent addresses are unrelated. That only leaves netmasked dynamic IPs. It would be enough to have an interface button connected to a query that returns all users with an IP in the netmasked range (/24?). You could even automatically flag user accounts that share a range with banned IPs, again without divulging the IP address.
This is not the whole truth. To stop the latest spam attack, we had a look at the web server logs, noticed that the spammer was using Tor, generated a list of Tor exit nodes and added that to the IP ban list. How would you do that without seeing any IP addresses? How would you figure out if a spammer is just controlling 4-5 small subnets or using proxies at all?
Fair enough.
Incidentally, can a banned IP address still be used to browse the site and download packages? There are many people who use Tor and other proxies for various reasons and it would be a shame if they have to suffer due to one basement-dwelling troll. Essentially only the login and post forms would need to respect the ban.
We only block account creation and login. If a spammer still has a valid session, we can clear all active sessions to enforce a logout.
It does also affect account modification, doesn't it? I didn't see any differentiation in process_account_form().
Sorry if this has been addressed already. I haven't read through the patches.
If you feel strongly about not showing IP addresses, we could hide IP addresses for TUs and only show them to the AUR administrator(s) who can skim through the logs anyway.
Please do. Thanks.
Yes, they can. I did not mean to allege anything here -- I just wanted to make sure that banning a range of IP addresses doesn't (unintentionally) block any Trusted Users or developers.
That would make for a great post in the stupid computer mistakes thread... it would be on the same level as ssh'ing into a box and killing the network.