: Should I remove my draconian IP bans (3000 rules, entire countries)? A while ago one of my site administrators was quite draconian in his anti-spam measures, at times banning entire countries
A while ago one of my site administrators was quite draconian in his anti-spam measures, at times banning entire countries from accessing our forum/website.
He has left now but there are well over 3000 lines of IP Sub nets that are banned from accessing not only that site but all the other domains I am hosting.
I do know for a fact that many (most) of these are legitimately bad IP addresses but we have recently fixed the sign-up form so that no new spam can access our site (a better Captcha system).
Is it same to comment out these IP bans so that I am sure no-one is excluded from accessing our content? It was a lot of work to curate these banned IP addresses so I feel kind of bad.
Is it wise/recommended to remove some or all of the banned IPs or IP address blocks?
More posts by @Cofer257
1 Comments
Sorted by latest first Latest Oldest Best
I understand your concern. Large ban lists are hard to manage and take quite a bit of time. As well, you may be banning users that can benefit from your content even if you believe that the user will not convert into sales, or other call to action. It is rarely recommended that whole countries be blocked.
It is likely that your previous administrator felt more comfortable banning by IP address or IP address blocks manually. However, generally, this is not required.
With significant advances in tools of late, most web site abuses can be easily controlled using tools. Without specific experience with the following tools, these are the most popular tools for protecting a website from abuse.
www.fail2ban.org/wiki/index.php/Main_Page www.modsecurity.org/
It is recommended that a tool be used if possible. Writing your own code can be fraught with errors and unintended consequences. While the methods are not rocket-science, there are enough factors that have to be taken into account that rolling-your-own can take a lot of trial and error.
Still, automation is preferred. It allows real-time protection from spam, hackers, scrapers, and other abuses as opposed to after-the-fact protection which may be too late.
As well, 3000 entries, regardless of how they are done, may require more resources than you prefer to give per request. Keep in mind that in Apache, for example, once a match is made in .htaccess, the whole litany of rules are retested making the process recursive. This opens up the potential for errors that result in a infinite loop which can happen easily even for the experienced coder.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.