[aur-dev] [PATCH] Add an IP ban list

Lukas Fleischer archlinux at cryptocrack.de
Thu Mar 21 17:25:21 EDT 2013


On Thu, Mar 21, 2013 at 08:30:38PM +0000, Xyne wrote:
> Lukas Fleischer wrote:
> 
> >> Do the IPs need to be visible? In the case of a single IP a simple ban button
> >> will suffice. A proxied IP will be completely different every time so
> >> subsequent addresses are unrelated. That only leaves netmasked dynamic IPs. It
> >> would be enough to have an interface button connected to a query that returns
> >> all users with an IP in the netmasked range (/24?). You could even
> >> automatically flag user accounts that share a range with banned IPs, again
> >> without divulging the IP address.
> >
> >This is not the whole truth. To stop the latest spam attack, we had a
> >look at the web server logs, noticed that the spammer was using Tor,
> >generated a list of Tor exit nodes and added that to the IP ban list.
> >How would you do that without seeing any IP addresses? How would you
> >figure out if a spammer is just controlling 4-5 small subnets or using
> >proxies at all?
> 
> Fair enough.
> 
> Incidentally, can a banned IP address still be used to browse the site and
> download packages? There are many people who use Tor and other proxies for
> various reasons and it would be a shame if they have to suffer due to one
> basement-dwelling troll. Essentially only the login and post forms would need
> to respect the ban.

We only block account creation and login. If a spammer still has a valid
session, we can clear all active sessions to enforce a logout.

> 
> Sorry if this has been addressed already. I haven't read through the patches.
> 
> 
> 
> >If you feel strongly about not showing IP addresses, we could hide IP
> >addresses for TUs and only show them to the AUR administrator(s) who can
> >skim through the logs anyway.
> 
> Please do. Thanks.
> 
> >Yes, they can. I did not mean to allege anything here -- I just wanted
> >to make sure that banning a range of IP addresses doesn't
> >(unintentionally) block any Trusted Users or developers.
> 
> That would make for a great post in the stupid computer mistakes thread... it
> would be on the same level as ssh'ing into a box and killing the network.


More information about the aur-dev mailing list