Restricting access by IP & using avatars

[Jabrwock]

I'm having a problem with LiveJournal, so I'm looking for a new blog system. The problem is that while I can restrict access to my LJ blog, I can only do it with a whitelist. So I can't just add one IP or IP range to a blacklist and make it difficult for this one IP range to access my blog or comments.

Is there any way to do this in s9y? Would it work if the blog was embedded in another page, or would that page need restricted access as well?

Can I require users to be registered in order to post comments?

If I want to allow profiles & avatars for commentators, should I go with posting comments in a phpBB forum instead?

[judebert]

Our spam plugin can use the blogg.de blacklist. It also allows filtering on comment content and author name, rejecting API comments, and lots of other features. My personal blog is configured to require moderation for all comments.

I don't see anything forcing login for comments. Perhaps Garvin will correct me after the weekend.

Restricting actual blog access is possible. You can simply set the read access for any category to "Standard Editor" to hide that category from non-logged-in users. This would, naturally, prevent commenting as well.

We do also include a gravatar plugin, not to mention a forum plugin. I've never tried them myself, and therefore cannot comment beyond its existence. I'm usually a Unix-type person: I use simple, single-purpose tools, combined to do complex things. If I wanted a forum, I'd probably use phpBB.

[Jabrwock]

We do also include a gravatar plugin, not to mention a forum plugin.

Good to know. I'll check them out.

I don't see anything forcing login for comments. Perhaps Garvin will correct me after the weekend.

That's one of the biggest issues. If I can't force people to log-in to post comments, then I'll just use a phpBB forum for comments.

Restricting actual blog access is possible. You can simply set the read access for any category to "Standard Editor" to hide that category from non-logged-in users. This would, naturally, prevent commenting as well.

Unfortunately, that's still a whitelist system. I'm looking for a way to allow all to view the blog, except for whoever is on the blacklist.

Basically I want only registered users to be able to post comments, and everyone but the blacklist to be able to read the entries/comments.

[garvinhicking]

You can restrict allowing comments only to registered users. The plugin serendipity_event_adduser + serendipity_plugin_adduser ("User Self-Registration") can be configured distinctively to toggle this sort of thing.

Blacklisting IPs should best be done within a .htaccess file. If you make s9y restrict IPs, the wohle framework would have to be loaded just to deny a hit to your blog. Instead it is much better to make Apache reject the call!

Best regards,
Garvin

[Jabrwock]

Blacklisting IPs should best be done within a .htaccess file. If you make s9y restrict IPs, the wohle framework would have to be loaded just to deny a hit to your blog. Instead it is much better to make Apache reject the call!

Unfortunately I don't have access to my host's .htaccess. Can I do it with the one in s9y's .htaccess?

I also had a thought. A friend suggested "honeypotting", making a "fake" main news site so that the IP I want to block won't think they are being blocked, and will eventually just give up as they see the site never gets updated...

Can I redirect certain IPs as opposed to denying them altogether, or is that much harder?

[Jabrwock]

I dug around a bit, and found out that if I add this to the start of s9y's .htaccess:

Code: Select all

ErrorDocument 403 /s9y/default.php
ErrorDocument 404 /s9y/not-found.php

<Files index.php>
deny from BANNED_IP_ADDR
</Files>

It works, since all unaddressed requests are forwarded to index.php, as are all .html requests. So I just make a fake page at default.php, and he gets sent there by default, which is in fact a "dummy" page to fool him into thinking the page hasn't updated, and so eventually he'll stop coming...

The 404 page is needed, because otherwise it tries to redirect to index.php when it gets a "file not found", and is denied, but not re-re-directed. I guess to prevent it from looping...