About Duffbert...

Duffbert's Random Musings is a blog where I talk about whatever happens to be running through my head at any given moment... I'm Thomas Duff, and you can find out more about me here...

Email Me!

Search This Site!

Custom Search

I'm published!

Co-author of the book IBM Lotus Sametime 8 Essentials: A User's Guide

Purchase on Amazon

Co-author of the book IBM Sametime 8.5.2 Administration Guide

Purchase on Amazon


Visitor Count...

View My Stats

« Interesting Notes.ini setting... | Main| Quick book review - White Death »

Blogsphere Mod for download - blocking comments by IP address...

Category Blogging

Like many other bloggers (both Blogsphere and non-Blogsphere alike), I got spammed in my comments area by someone pushing links of, um...  "questionable content".  It was easy to see the IP address of the comments, but there wasn't much I could do about it.  I don't host my own blog, so I couldn't set up my firewall to block out content.  What to do, what to do?

Enhance Blogsphere!

Attached is a zipped .NSF file that contains new/changed design elements that will allow you to block comments to your blog based on one or more IP addresses.  There's a new form that will accept an address (or you can use asterisks as wild cards) that should be blocked.  When a new comment is added via the web, there's a lookup to those addresses.  If there's a match, the comment will show as blocked in your blog.  The readers won't see who submitted the entry or any of the content, but they will see that address xxx.xxx.xxx.xxx was blocked.  On the Notes client, you will be able to review the comment and determine if you want to delete the comment or remove the block.

Check out the About document in the file in order to see what elements are new and which ones have changed (yes, I actually documented my work!)

I've forwarded this to Declan for inclusion in the next version of Blogsphere.  I'm pretty happy with the first iteration of this change.  If you have any questions or comments, please let me know...

IP Address Blocking


Gravatar Image1 - Tom, a comment/thought relating to your 'Check for Response block' agent... at the moment, if you don't have a match, you end up doing five view lookups per comment. If you're not expecting too many blocked posts, then why not flip that around, and do the checks based on the first parts of the IP address, progressively doing more detailed checks?

If the first octet (say) doesn't match, you know you won't have a match at all and can exit without having to do the rest of the lookups. That way if your most common case is to accept a post, then you incur less overhead, and you only pay more for actual matches.

(I know that in a low-traffic situation it won't make much difference... but I'm just mulling over the best way to handle IP lookups/matching in other potentially higher-traffic situations...)

Gravatar Image2 - I like that... the "urgh" factor...

When you first suggested it, I was thinking I'd have to have three additional views that showed IP addresses by 1st octet, 1st/2nd octet, and 1st/2nd/3rd octet. I'd then do a search on the 1st octet view to see if I matched the IP of the response to any block records. If no match, you're done. If you do have a match on the first octet, then you'd search on 1st/2nd for a match on either the first two octets of the IP or the first octet followed by an asterisk... Repeat as necessary...

I'm lazy... I like my method better...

Gravatar Image3 - Ben: Thank you very much...

Colin: Welcome to the blog... You make a good point there. Since I was doing a lookup to actual entries in the blocked address view, I didn't break out the address by octet for lookup purposes. I'll have to rethink that idea and see what I come up with. Thanks for the input.

Gravatar Image4 - Thanks Tom. The more I think about it the trickier it seems to be though, since at each potential 'match' you'd need to decide whether you've found a wildcard match, or a partial hit where you need to keep looking. Hrrm, that probably means more I/O overhead... I'm not sure whether that negates any savings in lookups, not to mention the urgh factor in the code.

A pre-built document/data structure that gets updated each time a new IP address/range is added might be more efficient, but the complexity is even higher.

Further to Ben's recent optimisation thread, I wonder if the additional effort would really be worth it. I know it's going to bug me silly, though

Gravatar Image5 - Good work Duffbert! I had to do something similar with referrers and searches some time back on my site, and have been meaning to extend the IP address, host and content checking to the comments process.

Post A Comment


Want to support this blog or just say thanks?

When you shop Amazon, start your shopping experience here.

When you do that, all your purchases during that session earn me an affiliate commission via the Amazon Affiliate program. You don't have to buy the book I linked you to (although I wouldn't complain!). Simply use that as your starting point.


Thomas "Duffbert" Duff

Ads of Relevance...

Monthly Archives