IP Bans?
-
Why isn't this a thing and if it is how do I do it.
-
Do this at a server level, not software, having the software do it uses unnecessary resources from the server before removing them! doing it at a server level will ensure they don't even get proxied into nodebb before being 403'd.
In nginx, add the following to your nginx block
deny <IP address>
In apache
order allow,deny deny from <IP address> allow from all
Replacing `<IP address> with the IP address you wish to block. However do bear in mind that IP addresses are exceptionally easy to change. Usually just by turning the router off for a few minutes or using a free VPN etc. so it's not 100% effective.
-
This seems pretty interesting too, @a_5mith: https://github.com/perusio/nginx-spamhaus-drop
While I'm definitely in favour of having the proxy layer handle this, some of our users run NodeBB naked, so might benefit from having this option in ACP anyhow.
... with plenty of warning to use a proxy layer, of course
-
Perhaps banning ip's should be added to the guides at docs.nodebb.org, since it doesn't appear that there are any guidelines elsewhere except for this thread.
-
Even running NodeBB naked, you could just handle this at the OS firewall layer.
-
@scottalanmiller said:
Even running NodeBB naked, you could just handle this at the OS firewall layer.
From an admin empowerment point of view, I can see the appeal of having it built into core (or via plugin), however.
-
@julian I wouldn't want to give people a false sense of hope that banning the IP will solve the Admins problem. It won't. It would be more beneficial to be able to completely hide a user so their posts can't be read. So only Admins and Mods can see their posts, and delete if necessary. Banning an IP is a poor solution that doesn't work. I can change my IP within about 18 seconds. So that wouldn't stop anyone who was determined to be "a troll" for lack of a better term. If they think they're being ignored. They go away. Win Win.
Perhaps if they're on some form of hellban list, forbid them from making new accounts with some false error of "you already have an account here". But if the IP changed, none of that would work either way. The worst thing you can do is tell someone they're banned, for some reason it makes them want to join more.
-
Someone said my name? The sloth abides.
Edit: oh, don't ban me please :3
-
@julian said:
@scottalanmiller said:
Even running NodeBB naked, you could just handle this at the OS firewall layer.
From an admin empowerment point of view, I can see the appeal of having it built into core (or via plugin), however.
Yes, would be handy. Just thinking that there is a solution today as well. Overall I agree, a plugin would be best.