Feature request: block IPs range to login

[sblondon]

Debian MoinMoin wiki is spammed/overloaded from some proxy servers. To protect the wiki, their range of IPs are blocked (providing a 403 forbidden error). However, it blocks legitimate access too when one of their users want to read the wiki. So it works but it's not great.

It would be nice if it would be possible to exclude range of IPs from login to wiki (so the wiki would have read access to every one and limited access to login). For example, Config could have a new list attribute (like Config.hosts_login_deny, empty list by default) for setup for the administrator.

What do you think about it? If you're interested I can try to do a PR (on branch 2).

[ThomasWaldmann]

IP based permissions were already historically proven to not work.

An effective way against spammers is to not let them create accounts and require a logged in user to edit. Of course that is more work for the admin, but it works.

[ThomasWaldmann]

btw, this is the moin 2 issue tracker, if you are referring to moin-1.9, use the other one please.

[sblondon]

Thank you for the quick reply!

My goal was to write it on MoinMoin 2 to have the feature in the long term. It seems that blocking hosts has even been completely removed from MoinMoin 2 (no hosts_deny found in the source code).

Currently, only logged users can modify pages. However, it's easy to create fake accounts.

I guess this issue can be closed?

[ThomasWaldmann]

If we have no way yet to keep spammers from creating accounts, i guess we need a way to deal with that (and a ticket for that if we do not have one already).

[sblondon]

Issue #31 is about protection against spambot. I understand it as a protection against spam without login but it's the topic.