Tim Starling wrote:
Brion Vibber wrote:
So all one has to do is log out _and_ change IP
addresses. (A few
seconds, click a couple buttons for many people with dynamic IPs.)
Create a new account name under the new IP, and go wild.
I don't think most vandals would know how to change their IP address
easily. But even if they did, this modification makes things much
harder for them, and much easier for us.
Well, this whole issue is over A Certain Person who exploits the current
system by creating multiple accounts and frequently changing IPs,
exactly the situation that can most easily get around this.
One might gain
a slight additional protection by setting a "you're
banned" note in the session data or a separate cookie instead of (or
in addition to) banning the IP. The bannee could clear their cookies
or restart their brower to clear it.
That's possible, but I'm happy to wait and see how effective the
current measures are. Banning with cookies could cause problems for
Internet cafes, because it would be difficult to lift the ban after a
complaint.
The cookie or session variable could store a random-generated ID number
which could sit in ipblocks and be displayed in the "you're blocked"
notice, and used to unblock by if someone complains.
(Also, if one is blocked accidentally, it's not very clear how to
contact anybody about it. It tells you the username of the person who
made the block, but you can't leave a note on their talk page. You can't
e-mail them through the "e-mail this user" function because you're not a
logged-in user with an e-mail address set...)
Automatic expiration? Piece of cake, give me 24 hours.
Any suggestions
for the lifetime?
24 hours? :)
-- brion vibber (brion @
pobox.com)