Just a thought... it might be extremely helpful to allow CIDR notation in MyBB's IP bans.
For example, instead of having to add individual bans for:
10.159.0.*, 10.159.1.*, 10.159.2.*, all the way through 10.159.63.*, I could just add one ban for the CIDR range of 10.159.0.0/18.
This would also allow easier banning of ranges smaller than a /24; instead of having to ban 30 individual hosts of a problematic network, I can simply ban the /27 range with one entry.
I would find this sort of thing extremely useful as an anti-spam measure when I want to disallow IP addresses allocated to non-user entities, such as hosting or colocation companies where spam is originating from.
Cheers!
-Kam
I don't know what CIDR is and not many people are going to know what this is either
I believe it involves writing a part IP, then specifying the number of bits that are replaceable at the end after the part IP. I agree it would only be useful for a select few people though.
It's a far easier way to specify a network or other group of related computers. For example, your home network probably uses either 192.168.x.0/24 or 10.x.0.0/16, which can contain 254 or 65534 devices, respectively. If you only wanted to ban the last 3/4ths of your home network you could specify 192.168.x.0/26 or 10.x.0.0/18 which would be much easier than banning
192.168.x.64
192.168.x.128
192.168.x.192
or
10.x.64.*
10.x.128.*
10.x.192.*
And given that I've not yet had my caffeine I'm sure I messed that up, but given that most ISP/country IP lists I've found (as well as Apache's IP banning, IIRC) use the w.x.y.z/m notation it's so very much easier.
(2011-04-12, 04:35 PM)euantor Wrote: [ -> ]I believe it involves writing a part IP, then specifying the number of bits that are replaceable at the end after the part IP. I agree it would only be useful for a select few people though.
It would be useful for every (somewhat) serious traffic board imho. I have htaccess blocklists that i use to block hosts, compromised servers, countries (only garbage coming from china).
I would love it when my moderators would be able to ban CIDR if they notice suspicious activity from non-ISPs
It might be very resource intensive though?? I think PHP would treat a CIDR basically as a large array. I am seeing a very slight performance loss when there are a lot of IPs in the mybb banlist.
Plus, I don't see why we can't have both:
// HTML ignores 'extra' whitespace so pretend they're indented properly even though most of you don't care
if(instring($ip, '/'))
treat_as_CDIR($ip);
else
treat_like_normal($ip);
Sure it can be added but it will benefit a very small group of MyBB admins, hence such a feature would not be at the top of the to-do list or features to be added list of the coders.
Personally, I hardly use IP bans in software, if I must ban someone's ip I would do it on the server's firewall, why give the site extra work to do when it can be done more efficiently at the server level?
I gather most of the admins who understand CIDR have that same level of access and understanding to ban at the server level, further reducing the want for such an addition.
You can still add it to
http://ideas.mybb.com/ and see if it gets voted high enough.