[aur-dev] [PATCH] Add an IP ban list

Xyne xyne at archlinux.ca
Thu Mar 21 16:30:38 EDT 2013


Lukas Fleischer wrote:

>> Do the IPs need to be visible? In the case of a single IP a simple ban button
>> will suffice. A proxied IP will be completely different every time so
>> subsequent addresses are unrelated. That only leaves netmasked dynamic IPs. It
>> would be enough to have an interface button connected to a query that returns
>> all users with an IP in the netmasked range (/24?). You could even
>> automatically flag user accounts that share a range with banned IPs, again
>> without divulging the IP address.
>
>This is not the whole truth. To stop the latest spam attack, we had a
>look at the web server logs, noticed that the spammer was using Tor,
>generated a list of Tor exit nodes and added that to the IP ban list.
>How would you do that without seeing any IP addresses? How would you
>figure out if a spammer is just controlling 4-5 small subnets or using
>proxies at all?

Fair enough.

Incidentally, can a banned IP address still be used to browse the site and
download packages? There are many people who use Tor and other proxies for
various reasons and it would be a shame if they have to suffer due to one
basement-dwelling troll. Essentially only the login and post forms would need
to respect the ban.

Sorry if this has been addressed already. I haven't read through the patches.



>If you feel strongly about not showing IP addresses, we could hide IP
>addresses for TUs and only show them to the AUR administrator(s) who can
>skim through the logs anyway.

Please do. Thanks.

>Yes, they can. I did not mean to allege anything here -- I just wanted
>to make sure that banning a range of IP addresses doesn't
>(unintentionally) block any Trusted Users or developers.

That would make for a great post in the stupid computer mistakes thread... it
would be on the same level as ssh'ing into a box and killing the network.



More information about the aur-dev mailing list