How can I block an IP address? are there wildcards?


(Rodrigo Farcas) #1

I can’t see an Admin option to block IP or a range of IPs, is there one?

Thanks!


(Jeff Atwood) #2

Yes, go to Admin, Logs, Screened IPs. either star wildcard or the crazy standard subnet nomenclature will work.


(Rodrigo Farcas) #3

Thanks!
so 10.20.30.* will work?


(Mittineague) #4

Yes, that is the same as
10.20.30.0/24

But for
10.20.*.*
you need to do
10.20.0.0/16

Look for CIDR masking if you dare


(Jeff Atwood) #5

10.20.* should also work as expected.


(Scott Trager) #6

Is there any kind of character limit here? We are going to need to block entire countries by company policy.


(Tarak'ha) #7

Have access to root? You can ban entire countries at the kernel level with iptables.


(Chris Beach) #8

I know it’s a little politically sensitive, but could anyone share a good list of IP address ranges to block for a site that runs just for a local community in the UK? A block list that removes countries like Nigeria, China, Russia etc.


(Sam Saffron) #9

Are you running akismet?


(Chris Beach) #10

No, I don’t have akismet set up but I certainly will do if I start getting spammed.


(Sam Saffron) #11

One moment there… You are not getting spammed and still want to block huge portions of the planet?


(Chris Beach) #12

Yes. Perhaps we can discuss political correctness in a different thread? I’m running a forum for people within a small region of South East London. The value to me of protecting against the worst offending spammer nations is far greater than the cost of excluding a tiny number of casual visitors from around the world who might stumble upon my forum.


(Mittineague) #13

IMHO a compromise would be the better approach than an all out preemptive Blacklisting.

Kind of a “extremely harsh manual roll-up”

That is, wait for some SPAM to happen.
Say it’s IP is “123.123.123.123”

What Discourse does automatically is when more SPAM happens from
"123.123.123.124", “123.123.123.125” etc. it Blacklists "123.123.123.0/24"
That is, all IPs beginning with “123.123.123.__”

As long is your forum’s target audience is only very local, you could do the roll-up yourself.

eg. SPAM happens from “123.123.123.123” you check and find that those using that IP should have no legitimate interest in joining your forum.

You could add “123.123.123.0/24” yourself without waiting for Discourse to do a roll-up.

Take care with this approach. bit masking IPs isn’t exactly the easiest thing to understand and doing it wrong might Blacklist innocents


(Sam Saffron) #14

But… You don’t have a problem now? I don’t see why you need to do anything here?


(Jeff Atwood) #15

It is generally a bad idea to build things speculatively based on imagined problems you might have.

That said I strongly recommend using our Akismet plugin for every Discourse site. Human spammers are a huge and growing problem across the entirety of the Internet. (Akismet is built in to all our hosting plans.)