[aur-dev] [PATCH] Add an IP ban list

Xyne xyne at archlinux.ca
Wed Mar 20 17:54:58 EDT 2013


On 2013-03-19 22:42 +0100
Lukas Fleischer wrote:

>On Tue, Mar 19, 2013 at 05:12:23PM -0400, canyonknight wrote:
>> On Tue, Mar 19, 2013 at 9:23 AM, Lukas Fleischer
>> <archlinux at cryptocrack.de> wrote:
>> > This allows for specifying a list of IP addresses that will no longer be
>> > able to register new accounts and login. The list of banned IP addresses
>> > can be configured in "web/lib/config.inc.php".
>> >
>> > Signed-off-by: Lukas Fleischer <archlinux at cryptocrack.de>
>> > ---
>> 
>> What are your thoughts on taking this a step further and adding a
>> "bans" table to the DB schema? It could eventually be extended to
>> allow for TUs and Developers to ban IP addresses directly from the web
>> interface without ever having to muck around with the config file.
>
>Exactly what I was planning to do.
>
>We should also display each user's last login IP address in his profile
>(only visible to developers and TUs) and add a "Ban this IP address"
>button next to it. The "Save last login IP address" patch I submitted
>already adds the IP address to the Users table.

Do the IPs need to be visible? In the case of a single IP a simple ban button
will suffice. A proxied IP will be completely different every time so
subsequent addresses are unrelated. That only leaves netmasked dynamic IPs. It
would be enough to have an interface button connected to a query that returns
all users with an IP in the netmasked range (/24?). You could even
automatically flag user accounts that share a range with banned IPs, again
without divulging the IP address.

>Oh, and we might want to exclude TUs and developers from IP bans.

I haven't tried it, but can't TUs disable each other's TU status? The exclusion
would be trivial if so.


More information about the aur-dev mailing list