Request for comment: removal of IP ban functionality (comments)

ruud · 2015-10-17 18:19:18

See the discussion here

The proposal is to remove the IP ban functionality from comments. The devs have unanimously voted to remove it completely, unless there are convincing arguments for keeping this functionality in TXP. If you are using the ipban table for other purposes at the moment, please respond as well.

Be sure to read the discussion at Github (see link above) first.
TL;DR: Banning based on IP address is not very effective and will become even less so when the world switches to IPv6.

etc · 2015-10-17 18:44:18

I currently use it, but have no idea of its efficiency and can live without. Dropping it will also remove IP ban check from the comments form, so +1.

phiw13 · 2015-10-18 00:18:48

I’ve never used IP banning either, removing this functionality is perfectly OK with me.

colak · 2015-10-18 04:36:22

In my case I don’t use comments anymore but would a plugin be hard to make for this? Maybe the plugin could be released with the next txp version, so as to satisfy those who would want the banning feature.

Last edited by colak (2015-10-18 05:24:16)

NicolasGraph · 2015-10-18 07:16:42

I uses comments but never used the IP ban funtionnality. I could live without…

gaekwad · 2015-10-18 12:07:25

+1.

towndock · 2015-10-18 15:57:56

Agreed. Never used it.

Any IP banning we do is with a firewall. Textpattern has a different mission.

candyman · 2015-10-18 19:30:02

Apart having a smaller code are there any advantages from removing it?

philwareham · 2015-10-18 19:58:43

candyman wrote #295987:

Apart having a smaller code are there any advantages from removing it?

Yes, as stated at the start of the topic – the ip ban function is unreliable and soon to be obsolete. Having features in the system that don’t work is worse than not having them at all. Also this is why the import function has been recently removed.

Bloke · 2015-10-18 20:04:15

candyman wrote #295987:

Apart having a smaller code are there any advantages from removing it?

Yes, as Phil says, it doesn’t work very reliably.

More detail: at its most simplistic level (and I’m not sure this still happens in real life, but it certainly used to) say I host with SuperISP, along with Johnny Troll. Every time we dial up/sign in we’d get assigned an IP from a pool at SuperISP; my router is assigned an IP address, and Johnny is assigned a different one.

You start getting a tonne of abusive comments from Johnny Troll so you ban his IP. He thus stops posting. Next time I log in, I might be assigned his old IP from the available pool. If I try to comment on your site, I’m told I’ve been banned, even though I’ve never posted to your site. He gets a different IP when he next logs in and can thus spam you from that address instead.

If you spot this, you might start to ban ranges of IPs from SuperISP to try and thwart Johnny’s efforts, but in reality you are also blocking more and more potentially legitimate users from ever commenting if they happen to get assigned one of the banned IPs. If Johnny’s resourceful he can change his own IP easily enough anyway, so your blocks won’t stop him.

The deal with IPv6 is a different, but related, animal as Ruud highlights in the Git thread. You’ve also got people using proxy services, so if you ban one of those, then anybody else using them gets banned from commenting, and so forth. The whole thing is a complete mess. Spam comment prevention is either manual (moderated) or a heuristic process using clever analysis to weed out the most likely offenders. Banning by IP is outdated, unreliable, and a waste of everyone’s time.

Is that good reason enough? ;-)

hcgtv · 2015-10-18 20:29:25

Bloke wrote #295989:

Is that good reason enough? ;-)

Yes, very well explained.

On a related topic, seeing as the course appears to be attacking old and crufty, what’s the policy with deprecated code?

Textpattern CMS

Textpattern CMS support forum

#1 2015-10-17 18:19:18