May be time for an rss feed of banned IPs ∴ 16:57 GMT 10 November 2003 ∴ ed costello: comments and links

May be time for an rss feed of banned IPs

Blog spam is what happens when people post to weblog comments entries designed to hype a pagerank in Google (by including links to a specific page). It's easy to automate since most sites use the default installation for blog software (a pat on my shoulder for changing the movable type URLs on this site). From Ernie The Attorney: Peter with IP address 217.26.240.61 you are a spammer I got the idea that it may be time to set up an RSS feed of blocked IP addresses. Sure, an innocent user may get blocked but you know what? There's absolutely no obligation on my part to make my site freely available to one and all. I can be as arbitrary and capricious as I'd like. Most of my ~400 blocked IPs are from hosts trying various exploits on my sites. A couple are specific IPs (for example IBM's WebFountain crawler is explicitly blocked). At ibm.com we routinely blocked 100s of IP addresses for various reasons (they still might, I don't know).

Posted by: e.p.c. on November 10, 2003 04:57 PM | Permalink

«Ugh. CNNfn changed lineup | Main | Hot Stuff»

Comments

Ernie added:

I thought that the banning only applied to "comments" and, if so, then the only harm an innocent user from that same IP address loses is the ability to comment. And, since the only other option (which is actually easier to implement) is banning comments altogether, it seems like a pretty reasonable solution. I like the idea of an RSS feed of suspect IP addresses. I'd like it even better if I could automate the loading of those addresses into my blog comments ban.

…Monday, 10 November 2003 17:04 GMT 2003-11-10T17:04:51Z

Ivan Tumanov added:

Recently I've been very cautious about using IPs for any sort of blocking or fingerprinting. Its somewhat useless if the person uses AOL since there there's a many to many relationship between users and IPs (they use caching servers so a user can come from many different servers in one session and also multiple users come from each of their cache server IPs). Its could also be a problem if the user you block is behind a NAT proxy - you could be blocking a whole office of people. If the user is on a dialup or another type of temporary connection, then you're banning him/her and whoever else uses that IP address in the future. And what if the spammer uses an innocent bystander's WiFi connection and gets them banned?

Seems to me like using an RSS feed of these would only accellerate the accumulation of this type of problem.

How about - an RSS feed of URLs that are known to be left by spammers? Or even IP addresses that those URLs resolve to? Seems like that would be a lot safer and would bump you into fewer problems.

…Monday, 10 November 2003 17:40 GMT 2003-11-10T17:40:07Z

About
Navigation
epc 2.0
Feeds

Slightly acerbic and eccentric dog walker who masquerades as a web developer and occasional CTO.

Spent five years running the technology side of the circus known as www.ibm.com.

More about me here.

Get updates via email

In the old days, we hid stuff down here, but apparently the Web 2.0 generation has learned how to scroll, so here we are.

About

Slightly acerbic and eccentric dog walker who masquerades as a web developer and some time CTO.

About
’blog
Essays
Contact
Select Photos
A dog named Frisket, another dog named Sailor

Five Front, a restaurant in Fulton Ferry/DUMBO/Brooklyn Heights
Iron Chef House; Brooklyn Heights' sushi and Japanese cuisine
Monstermutt; dog day care for downtown Brooklyn
Glut: Mastering Information Through the Ages by Alex Wright (buy through Amazon)

May be time for an rss feed of banned IPs