0

Given a web application with authorized users, suppose there are users, like trolls, it's possible to lock one account, but the user can create another account and continue trolling.

Blocking IP not guaranteed defense, because a motivated troll can change their IP and access site again, but it more laborious work.

And banning the IP has also disadvantages, as other innocent users may lock access to login to the application, and this is why I am worried.

So, how reasonable is blocking IP address for web application? should I do it? What do you use for your web applications?

Improve this question
4
  • 1
    You can ban the IP for x number of days. It is reasonable. Commented Sep 10, 2016 at 22:03
  • @IMB Yes, as I see better way is few day banning Commented Sep 10, 2016 at 23:20
  • It's not really laborious to change your IP. It takes me a right-click, and a left-click. That's it. Commented Sep 11, 2016 at 0:07
  • It will save you from brute-force attacks when it comes to login. Commented Oct 2, 2016 at 10:07

1 Answer 1

Reset to default
1

Blocking access by IP address is very common.

The actual process though may be somewhat dependent on what kind of access you are blocking.

In many cases, attacks against web apps will come from automated bots and in this case, generally the source computer has been compromised. So blocking by IP address is perfectly reasonable.

If you are concerned about false positive blocks, you should implement temporary blocks. These block access by IP address for a set period.

Have a look at some of the WordPress security addins for examples. Also check out FAILTOBAN which is an OS level banning tool for Linux.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.