Blocking IPs from Accessing a Site

Question

This is more of a concept question than a code question, but I think someone will be able to explain it, anyhow.

I know that it is possible to blacklist/block an IP address from accessing a site, but how does this work if the user has a dynamic IP address? Wouldn't this mean that when the IP is renewed that user would be able to access the site under the new public IP?

Maybe I have the concept down wrong, but any information would be helpful.

Thanks!

Answer 1

If you are just wishing to block "nusisance users", as well as blocking their IP you could also place a Cookie on their machine to enforce the ban in their browser (then with each subsequent access attempt, block the new IP).

This, of course, would be fairly easy to circumvent, but ultimately there is no way for you to identify a visitor as they can very easily use a different connection, a different browser, or even a different physical device.

The best you can do is enforce bans against average nusisance visitors, and hope your website doesn't particularly attract that sort of person to begin with.

Answer 2

"Wouldn't this mean that when the IP is renewed that user would be able to access the site under the new public IP?"

Yes. Which is why when dynamically assigned IPs are blocked they're often blocked on a subnet basis rather than on an individual basis.

That also means that innocent parties get blacklisted.

Answer 3

Yes that's what it means. It will be a different IP so you won't know that it's the same user. The only thing you can tell is that it is the same ISP. Which won't help you that much.

This is the exact reason that IP-blocking is easily circumvented. Even with you blocking all of their IPs, they could just use a proxy.