Go to main content

Textpattern CMS support forum

You are not logged in. Register | Login | Help

#1 2015-10-17 18:19:18

ruud
Developer Emeritus
From: a galaxy far far away
Registered: 2006-06-04
Posts: 5,068
Website

Request for comment: removal of IP ban functionality (comments)

See the discussion here

The proposal is to remove the IP ban functionality from comments. The devs have unanimously voted to remove it completely, unless there are convincing arguments for keeping this functionality in TXP. If you are using the ipban table for other purposes at the moment, please respond as well.

Be sure to read the discussion at Github (see link above) first.
TL;DR: Banning based on IP address is not very effective and will become even less so when the world switches to IPv6.

Offline

#2 2015-10-17 18:44:18

etc
Developer
Registered: 2010-11-11
Posts: 5,194
Website GitHub

Re: Request for comment: removal of IP ban functionality (comments)

I currently use it, but have no idea of its efficiency and can live without. Dropping it will also remove IP ban check from the comments form, so +1.

Offline

#3 2015-10-18 00:18:48

phiw13
Plugin Author
From: Japan
Registered: 2004-02-27
Posts: 3,196
Website

Re: Request for comment: removal of IP ban functionality (comments)

I’ve never used IP banning either, removing this functionality is perfectly OK with me.


Where is that emoji for a solar powered submarine when you need it ?
Sand space – admin theme for Textpattern

Offline

#4 2015-10-18 04:36:22

colak
Admin
From: Cyprus
Registered: 2004-11-20
Posts: 9,091
Website GitHub Mastodon Twitter

Re: Request for comment: removal of IP ban functionality (comments)

In my case I don’t use comments anymore but would a plugin be hard to make for this? Maybe the plugin could be released with the next txp version, so as to satisfy those who would want the banning feature.

Last edited by colak (2015-10-18 05:24:16)


Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.

Offline

#5 2015-10-18 07:16:42

NicolasGraph
Plugin Author
From: France
Registered: 2008-07-24
Posts: 860
Website

Re: Request for comment: removal of IP ban functionality (comments)

I uses comments but never used the IP ban funtionnality. I could live without…


Nicolas
Follow me on Twitter and GitHub!
Multiple edits are usually to correct my frenglish…

Offline

#6 2015-10-18 12:07:25

gaekwad
Server grease monkey
From: People's Republic of Cornwall
Registered: 2005-11-19
Posts: 4,260
GitHub

Re: Request for comment: removal of IP ban functionality (comments)

+1.

Offline

#7 2015-10-18 15:57:56

towndock
Member
From: Oriental, NC USA
Registered: 2007-04-06
Posts: 329
Website

Re: Request for comment: removal of IP ban functionality (comments)

Agreed. Never used it.

Any IP banning we do is with a firewall. Textpattern has a different mission.

Offline

#8 2015-10-18 19:30:02

candyman
Member
From: Italy
Registered: 2006-08-08
Posts: 684

Re: Request for comment: removal of IP ban functionality (comments)

Apart having a smaller code are there any advantages from removing it?

Offline

#9 2015-10-18 19:58:43

philwareham
Core designer
From: Haslemere, Surrey, UK
Registered: 2009-06-11
Posts: 3,564
Website GitHub Mastodon

Re: Request for comment: removal of IP ban functionality (comments)

candyman wrote #295987:

Apart having a smaller code are there any advantages from removing it?

Yes, as stated at the start of the topic – the ip ban function is unreliable and soon to be obsolete. Having features in the system that don’t work is worse than not having them at all. Also this is why the import function has been recently removed.

Offline

#10 2015-10-18 20:04:15

Bloke
Developer
From: Leeds, UK
Registered: 2006-01-29
Posts: 11,449
Website GitHub

Re: Request for comment: removal of IP ban functionality (comments)

candyman wrote #295987:

Apart having a smaller code are there any advantages from removing it?

Yes, as Phil says, it doesn’t work very reliably.

More detail: at its most simplistic level (and I’m not sure this still happens in real life, but it certainly used to) say I host with SuperISP, along with Johnny Troll. Every time we dial up/sign in we’d get assigned an IP from a pool at SuperISP; my router is assigned an IP address, and Johnny is assigned a different one.

You start getting a tonne of abusive comments from Johnny Troll so you ban his IP. He thus stops posting. Next time I log in, I might be assigned his old IP from the available pool. If I try to comment on your site, I’m told I’ve been banned, even though I’ve never posted to your site. He gets a different IP when he next logs in and can thus spam you from that address instead.

If you spot this, you might start to ban ranges of IPs from SuperISP to try and thwart Johnny’s efforts, but in reality you are also blocking more and more potentially legitimate users from ever commenting if they happen to get assigned one of the banned IPs. If Johnny’s resourceful he can change his own IP easily enough anyway, so your blocks won’t stop him.

The deal with IPv6 is a different, but related, animal as Ruud highlights in the Git thread. You’ve also got people using proxy services, so if you ban one of those, then anybody else using them gets banned from commenting, and so forth. The whole thing is a complete mess. Spam comment prevention is either manual (moderated) or a heuristic process using clever analysis to weed out the most likely offenders. Banning by IP is outdated, unreliable, and a waste of everyone’s time.

Is that good reason enough? ;-)


The smd plugin menagerie — for when you need one more gribble of power from Textpattern. Bleeding-edge code available on GitHub.

Txp Builders – finely-crafted code, design and Txp

Online

#11 2015-10-18 20:29:25

hcgtv
Plugin Author
From: Key Largo, Florida
Registered: 2005-11-29
Posts: 2,722
Website

Re: Request for comment: removal of IP ban functionality (comments)

Bloke wrote #295989:

Is that good reason enough? ;-)

Yes, very well explained.

On a related topic, seeing as the course appears to be attacking old and crufty, what’s the policy with deprecated code?

Offline

Board footer

Powered by FluxBB