Carried over from
A suggestion for improvement in the case of user profile spammers in the review queue: I would appreciate an option to delete the account and block the email but not the IP address, since they often use shared IP ranges that legitimate users could also be using.
If not mistaken you can delete account and block the email. Though many use disposable email account services. I usually search spam account email domain. If a disposable email service I add the domain to the blocked/Black list in settings.
Right, but as far as I can tell, that handling option also blocks the IP address, which I would prefer to avoid.
Spammers do often use free email addresses, but they’re usually from the big providers like Gmail and Microsoft that make it fairly hard to bulk create new addresses, so blocking the email address is a somewhat effective way of preventing the same spammer from returning while completely avoiding false positives, whereas blocking the IP is almost useless for preventing repeat spammers while also having the possibility of blocking other legitimate users with the same IP.
It has been awhile since I have had to delete an account. Though a perm suspension would work to prevent the same spammer from using that email account to create a new account. Suspended users you can set the site to not show non staff suspended. You can also change their profile to hide from public.
Most of the spam e-mails I see are using gmail, I agree would be ideal to have an option to block only e-mail not I.P. address.
Some proxy/disposable e-mail services were created also specifically for the purpose to stop spammers, so people don’t need to give out their main personal e-mail but only a proxy address that can be destroyed if spammers start to attack that.
Protonmail has a feature sort of like this called “simplelogin,” which allows people to create new temporary addresses and sub-domains:
Depending on the kind of I.P. that may not make any sense at all such as if it is from public wi-fi like a library. The I.P. lookup feature with the admin dashboard is helpful to show what kind of a I.P. is being used, including the internet provider.
I’m not sure if there is a way to identify if someone is using a vpn with that? There is the suspicious login alert if login is changing countries, but otherwise are there ways to check if I.P. is a proxy address or the original source?
Yes, exactly. Also IP ranges that cheap home internet ISPs assign to customers on a random and non-static basis.
Right, but if there is a static I.P. that is causing problems it does make sense to ban that at times.
It’s not easy to determine if it’s a static IP or not from the review queue. I agree that the option should remain, but an additional option to only block the email address is needed.
Good to know, well the way would probably be to contact the internet provider if possible to determine source. For me that is my friend George who runs local phone/internet company. Here there are static I.P. addresses for individual fiber routers.
Seems that if someone attempts to login to account from IP that was banned an error appears that states: “You can’t log in from that IP address.”
Don’t know if there is a way to lift a ban like that if requested.
The sole method to remove a prohibition would entail accessing the
Yourwebsite/logs/screened_ip_addresses
It appears that you have inadvertently blocked an IP address associated with a VPN or mobile data, as opposed to a fixed IP address.
Or if a fixed I.P. was banned then no one will be able to use that to login without routing traffic through another network.
I agree, it’s also worse for mobile connections. Because many people can have the same IP simultaneously (hundreds to thousands).
Would be great for the option (delete + block email without ip block) to also be included in the delete user option on the profile admin page.
Also it would be good to have a quick option for permanently suspending those accounts instead of deleting them, also without blocking the IP address for the reasons mentioned in the first post.