[Foundation-l] and what if...

Tomasz Ganicz polimerek at gmail.com
Fri Dec 12 14:39:28 UTC 2008 

2008/12/12 Thomas Dalton <thomas.dalton at gmail.com>:
> 2008/12/12 Dan Collins <en.wp.st47 at gmail.com>:
>> On Fri, Dec 12, 2008 at 6:33 AM, Tomasz Ganicz <polimerek at gmail.com> wrote:
>>> Well, the story with IWF have shown that the current system of
>>> blocking vandals by their IP has to be changed ASAP. In fact it is
>>> causing a lot of problems even without action of IWF and other similar
>>> wachdogs. There are more and more ISPs which uses single IP for all
>>> their customers. Do you rember the story of blocking Quatar? Actually,
>>> vast majority of ISPs use dynamic IP numbers, which also causes
>>> serious problems with effective blocking vandals.My current ISP is
>>> using dynamic IP. In my office there are around 200 people using
>>> single IP. I guess all OTRS volunteers and checkusers knows the issue
>>> very well. The IP blocking is terribly old fashioned - it has been
>>> implemented at the time where most of the IP's represented single
>>> PC's. Actually very few IP numbers are "personal".
>>
>> Do you have a suggestion? Not everyone uses XFF, certainly not ISPs
>> with dynamic IPs, how would you suggest we block anonymous users?
>
> Indeed, I don't see any alternative way to block anonymous users. Even
> forcing people to register wouldn't help since, without IP addresses,
> we can't block account creation by people creating new accounts every
> time one gets block. What we need to do is put pressure on ISPs to use
> XFF whenever they are using proxies. The fact that people couldn't
> edit during the block has nothing to do with censorship, it's just a
> technical issue that can and must be fixed by ISPs.

This is probably off-topic for this list, but IP blocking is actually
inefective in exactly the same way as it would be just blocking
accounts. When you block a dynamic IP a vandal can reboot and he/she
usually get new dynamic IP from his/her ISP. So you have to block
another IP number. If the vandal is very  determined, you have to
finally block entire IP range, cutting off at least several hundreds
other people, and even if you do this vandal can still go to internet
caffe nearby which uses IP's from another ISP, so if you spot him/her
you have to block IP of the caffe. In some extreme cases you finally
end-up blocking IP ranges of all major ISP's from the area where
vandal operates...

Honestly saying I have no ready to use receipe how to replace IP
blocking. But IWF case have just shown that in the future it has to be
replaced by something smarter or we end up in blocking all major ISP's
customers all over the world.

-- 
Tomek "Polimerek" Ganicz
http://pl.wikimedia.org/wiki/User:Polimerek
http://www.ganicz.pl/poli/
http://www.ptchem.lodz.pl/en/TomaszGanicz.html

More information about the foundation-l mailing list