On Thu, Oct 25, 2012 at 4:58 PM, Ron Savage <[email protected]> wrote:
> > On 10/25/2012 10:51 AM, Brian Wightman wrote: > >> Are we able to block this username (I know it won't be very effective) > from > >> doing any type of updates? Perhaps just bit-bucketing them or > blacklisting > >> the IP for a period of time? > > > > I believe we have, or can have, root access on the server where the site > > is hosted. So we have some options to block IPs at the OS or Apache > level. > > On 26/10/12 02:01, Mark Stosberg wrote: > AFAIK, some ISPs, including Amazon, share IPs among many users, so > blocking an IP is contentious. > I agree on the IP sharing concerns. When done, I have seen it happen for a limited time. I would still have a potential impact on legitimate edits. > > The application could be patched to ban this username as well. > > Could be done, but then he'd switch. > > I suggesting disabling edits unless the user name is on a list. Then > there's the chance the abuser would see legit edits and impersonate that > user... > The suggestions I have seen so far (mine included) are easily circumvented. I am not certain how much coding is worth doing to only raise the bar to such a low level. If there is something to implement any of the username suggestions already present in the software, it might be worth turning on. Anything requiring additional coding for minimal return, IMO, is probably not worth the effort. Just my $0.02. --mlx ##### CGI::Application community mailing list ################ ## ## ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp ## ## ## ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ## ## ################################################################
