IP blocking

[mattwidge]

I'm building a feedback system & I'm putting IP blocking into it. The feedback works by the a person entering a name, location & message into a form, it gets added to a MySQL database & I can view it later with options to delete it, flag it, & email it.

The way I can think of blocking an IP is:
1- when the user enters details into the form, the IP address gets added to the MySQL database aswell.
2- I can see the IP address in the viewing section (only admins can access the viewing page)
3- If I press the 'Block IP' button the user's comments can't be seen

I'm working on doing this, but is there an easier way to do it?

[chris22]

Just remember with large corporate networks there might be hundreds or thousands of PCs on the same public IP address, and you will block them all.

[donatello]

http://www.bad-behavior.ioerror.us/c...ressionengine/

[mattwidge]

chris22: Good point. Is there some way to block individual people?

donatello: What is this? A blocker? I don't know.

[Mindzai]

chris22: Good point. Is there some way to block individual people?

Not reliably. Even if you block an individual by IP, they can either reboot their router for a new IP if they have a dynamic IP, or else use a proxy server. IP blocking is pretty hit and miss.

Why are you trying to block IPs? To ban abusers of your system, or just to prevent someone submitting feedback twice?

[mattwidge]

What my system does is people insert their name, location & their messsage into a form (index.php). The data gets put into a MySQL database & I can view all the feedback in an admin-only page (display.php).

What the Blocking is supposed to do is when somebody writes in something you don't like or is offensive, you can block them from posting. Of course, later on you can un-ban them if you want.

That's a brief description of what I'm trying to do.

[Mindzai]

Well there really isn't a reliable way of doing this. While an IP block may work in many cases, you always run the risk of banning people behind the same IP, and such systems are very easily bypassed anyway. Maybe you could have some sort of moderation system where posts are reviewed before being made public?

[mattwidge]

Posts aren't made public. It's kinda like a PM.

Random person only sees the form.
Admin sees the feedback.

[criterion9]

Are the users logging in using screen names first before submitting the form? If so you can just block that user from submitting a form using a flag in your database.

[mattwidge]

The people that I want the ability to block are random people. I think I can do something like:

1- When the person posts, their IP gets added to a MySQL database.
2- If I click 'Ban IP', then their IP gets added to the banned IP's database.
3- Then, when they post, their IP is checked against the database & if it's in there, their post is not sent.