766721 - Ban users by IP

Status: RESOLVED DUPLICATE of bug 1113260

(developer.mozilla.org Graveyard :: User management, task)

Description

[John Karahalis [:openjck]]

This was originally part of bug 681925, but is now being separated out as it does not need to happen before July.

See bug 681925 for lots of good discussion around this feature.

Comment 1

[John Karahalis [:openjck]]

What problems would this solve?
===============================
Although we plan to build a feature to ban users by username (see bug 809495), this would not stop a person from registering a new account to continue vandalizing. Banning by IP address would.

Who would use this?
===================
Site administrators

What would users see?
=====================
Imagining something similar to the "Ban by username" feature...
https://bugzilla.mozilla.org/show_bug.cgi?id=809495#c3

What would users do? What would happen as a result?
===================================================
See my answer to this same question in bug 809495.

Is there anything else we should know?
======================================
Is there any reason not to combine this and the "Ban by username" feature, such that clicking "Ban" both deactivates the account and prevents new accounts from being created by that IP address? Or perhaps "Ban" could ban by username by default, but also give the administrator the option of banning new accounts from that IP address. Just trying to think of ways to simplify this.

Comment 2

[James Bennett [:ubernostrum]]

Beyond preventing people from spamming signups, what's our use case here? If it's just preventing people from signing up over and over, then the implementation probably looks different than if there are additional use cases going on.

Comment 3

[John Karahalis [:openjck]]

That, and preventing someone from creating a new account right after being banned. There was also talk of banning people by subnet, but I don't think we have ever truly needed that feature. That may require too much effort to too little benefit.

If the use case really does boil down to limiting malicious sign-ups, I wonder if we should just bake this into the "Ban by username" feature -- that is, the same interface both locking down that username and preventing further sign-ups from that IP.

Sheppy?

Comment 4

[Eric Shepherd [:sheppy]]

There two real use cases; I'll list them all:

1. To prevent a user from signing right back up after a ban. This is actually the least important use case, believe it or not.

2. To prevent spammers from creating dozens or thousands of accounts to spam from. If you block their IP or IP range, it becomes much harder for them to do this.

The second use case is the most important one. Currently, we have no real weapon against serious spammers.

In both cases (as well as for username bans) we need to be able to have the ban expire after an admin-specified time period. This lets us ban a user to give them a warning to shape up, and lets an IP or IP range become unlocked again once the spammer has moved on, so that legitimate users are allowed in.

Comment 5

[John Karahalis [:openjck]]

I agree that blocking by IP range could be useful, but have we run into this need yet? Have we seen spammers using multiple hosts in the same range to create malicious accounts?

If not, we might be able to save some time and get some other work done by leaving this out (for now) and potentially folding IP banning into user banning altogether.

Comment 6

[Eric Shepherd [:sheppy]]

(In reply to John Karahalis [:openjck] from comment #5)
> I agree that blocking by IP range could be useful, but have we run into this
> need yet? Have we seen spammers using multiple hosts in the same range to
> create malicious accounts?
> 
> If not, we might be able to save some time and get some other work done by
> leaving this out (for now) and potentially folding IP banning into user
> banning altogether.

Well, I'd like to say that I don't actually want IPs automatically banned for username. It's not always a big enough deal to apply that extra ban. What we would ideally want is a checkbox on the user ban interface that lets us additionally ban the IP, but it shouldn't be the default.

I don't think IP ranges is crucial, but we should not automatically ban IPs when banning usernames.

Comment 7

[John Karahalis [:openjck]]

Agree completely. IP banning should not automatically happen with every user ban, but we may be able to save time and reduce complexity by re-using the same interface (+/- a checkbox).

Comment 8

[Eric Shepherd [:sheppy]]

(In reply to John Karahalis [:openjck] from comment #7)
> Agree completely. IP banning should not automatically happen with every user
> ban, but we may be able to save time and reduce complexity by re-using the
> same interface (+/- a checkbox).

Yeah, I hadn't thought of doing it with a checkbox on the same UI but agree that that is a good idea and may wind up being all we need. Eventually we can look at adding an IP/IP-range UX but it may never be needed.

Comment 9

[James Bennett [:ubernostrum]]

(In reply to Eric Shepherd [:sheppy] from comment #8)
> Yeah, I hadn't thought of doing it with a checkbox on the same UI but agree
> that that is a good idea and may wind up being all we need. Eventually we
> can look at adding an IP/IP-range UX but it may never be needed.

We know the user who created a revision, but we don't store the IP address from which they created it. So that isn't something we'd be able to do.

And raises the question of how we're going to know the IP addresses that need to be banned; there is literally nothing in the auth system which stores the IP address even used to sign up, much less the IP address used to make changes on the site.

Comment 10

[Eric Shepherd [:sheppy]]

(In reply to James Bennett [:ubernostrum] from comment #9)

> And raises the question of how we're going to know the IP addresses that
> need to be banned; there is literally nothing in the auth system which
> stores the IP address even used to sign up, much less the IP address used to
> make changes on the site.

Yeah, we'll have to build out code to record those then. As long as the IPs aren't being displayed to the general public (indeed, we probably want to be sure that the ability to see them at all is very tightly restricted), we should be okay. The privacy policy should be revised when the time comes to include a mention of this.

Comment 11

[James Bennett [:ubernostrum]]

Returning to this after looking at other stuff for a while, couple of questions:

1. Do we still need/want ban by IP?

2. Are we prepared to tackle the privacy implications of having to save the IP address of the user on actions like wiki edit, demo upload, etc.?

Comment 13

[Eric Shepherd [:sheppy]]

(In reply to James Bennett [:ubernostrum] from comment #11)
> Returning to this after looking at other stuff for a while, couple of
> questions:
> 
> 1. Do we still need/want ban by IP?

Yes. It continues to be one of those things that are not crucial at this exact moment, but when we do need it, it will be a Big Deal.

> 2. Are we prepared to tackle the privacy implications of having to save the
> IP address of the user on actions like wiki edit, demo upload, etc.?

We used to do it both when we were on MediaWiki and when we were on MindTouch, so I can't imagine it's a particularly big deal to start doing it again now. That said, I know it's a privacy concern for some people. I don't know that there's a way to deal with that.

Maybe we only keep the information for a week or two, then dump it? Nearly all major problems that result in needing to do an IP ban are detected very quickly.

We could also, conceivably, only keep IP information for new users and stop doing so after some period of time (or, better, but harder to implement: number of acceptable edits) that would allow them to become considered "trustworthy."

Comment 14

[Justin Crawford [:hoosteeno] [:jcrawford]]

This feature has been discussed more and advanced significantly in bug 1113260. Closing this one as a dupe.