Re: moderated blog

James sent me an email about this:

Hi Barry,

I read your latest post. Banning with IP address won't work, especially in today's world of dynamic IP address. It's very tough to associate an IP address to a username or vice versa - people can always use anonymous proxy etc to get over it.

I'd suggest that people have to "register" first before they can post, and you decide whether to accept the registration or not.
For those people that you don't know (or don't like), just ignore the registration, while you can approve the rest.
For those who have been approved and then behave badly, you can just revoke their registration.

All you have to do is maintain a users database.
First post by unknown person will automatically create a registration request, and notify you (via email or other unobtrusive means - e.g. links to "register request" in admin's view of your blog). If you accept it, an entry will be created in the users' database, and automatically approve & display his/her first post. Subsequently, if you want to "revoke" the user access, you can (depending on the design) flag that person in the database, or delete the entry entirely from the users' database.

So instead of black-listing, you're white-listing. (And of course, expect that people will say that you're practicing favoritism etc ... but hey, you've got to choose your friends :)

The password mechanism can remain as it is today - no change is required (one creates one's password during one's first post).

I'm not a perl-guru but I think the above modification shouldn't be too difficult.

You can use the above idea and reverse it, i.e still use blacklisting instead. The problem is, a very persistent commentator can continue to create new user accounts to post although you have banned them (ie user001, user002, user003, etc). If you use white-listing, this commentator can register as many accounts as he/she wants, and you'll just ignore them, and they still can't post anything.

Something to think about.

cheers!


Yeah, what I might do is just have a file of acceptable usernames/passwords. It should be easy enough to edit the Perl to filter through that file before accepting a comment. That would be very simple, I'll keep the file local, when I accept a registration add it to file and upload it. That is restrictive, starting off with everybody excluded, but it is a simple solution.


Posted on 8 Apr 2010, 7:40


Comments:

Posted on 9 Apr 2010, 2:48 by carolus
Re: moderated blog
Perhaps start with all existing users whitelisted (except those you want to drop)and only verify new users.