{"id":3776,"date":"2024-07-25T00:00:48","date_gmt":"2024-07-25T00:00:48","guid":{"rendered":"\/kb\/?post_type=ht_kb&#038;p=3776"},"modified":"2024-07-26T14:07:35","modified_gmt":"2024-07-26T14:07:35","slug":"banning-abusive-users-simple","status":"publish","type":"ht_kb","link":"https:\/\/www.use-snip.com\/kb\/knowledge-base\/banning-abusive-users-simple\/","title":{"rendered":"Banning Abusive Users, Simple"},"content":{"rendered":"<p><a href=\"https:\/\/www.use-snip.com\/kb\/wp-content\/uploads\/2017\/09\/Updated-BanDislaog.com_.png\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-4102 alignright\" src=\"https:\/\/www.use-snip.com\/kb\/wp-content\/uploads\/2017\/09\/Updated-BanDislaog.com_-320x236.png\" alt=\"\" width=\"160\" height=\"118\" srcset=\"https:\/\/www.use-snip.com\/kb\/wp-content\/uploads\/2017\/09\/Updated-BanDislaog.com_-320x236.png 320w, https:\/\/www.use-snip.com\/kb\/wp-content\/uploads\/2017\/09\/Updated-BanDislaog.com_-300x221.png 300w, https:\/\/www.use-snip.com\/kb\/wp-content\/uploads\/2017\/09\/Updated-BanDislaog.com_-50x37.png 50w, https:\/\/www.use-snip.com\/kb\/wp-content\/uploads\/2017\/09\/Updated-BanDislaog.com_.png 497w\" sizes=\"auto, (max-width: 160px) 100vw, 160px\" \/><\/a>This article reviews the various controls and settings used by <span style=\"color: #0000ff;\"><strong>SNIP<\/strong><\/span> to ban abusive users.\u00a0 This feature allows you to detect and to ban\/block connecting users (remote IPs) who fail to connect to your <span style=\"color: #0000ff;\"><strong>SNIP<\/strong><\/span> Caster node repetitively for long periods of time without success.\u00a0 We call these &#8220;<em>abusive IP connections<\/em>&#8221; although the root cause is often simply an ill-configured NTRIP Client attempting to connect.<\/p>\n<p style=\"padding-left: 30px;\"><span style=\"color: #008000;\"><em><strong>Note<\/strong><\/em><\/span>:\u00a0 In prior releases of <span style=\"color: #0000ff;\"><strong>SNIP<\/strong><\/span>, the ability to manage and block IPs after exceeding the thresholds which you have set was not available on the <span style=\"color: #800000;\"><em><strong>Lite<\/strong><\/em> <\/span>model of <span style=\"color: #0000ff;\"><strong>SNIP<\/strong><\/span>.\u00a0 Now, all models of <span style=\"color: #0000ff;\"><strong>SNIP<\/strong> <\/span>have the full set of features in this area.\u00a0\u00a0 For more complex editing of the IP list and the individual ban periods see <a href=\"\/kb\/knowledge-base\/banning-abusive-users-editing\/\">this companion article<\/a>.\u00a0 The information shown below, while correct is somewhat outdated. For more information see this article (link tbd) for a fuller discussion about the dialog.<\/p>\n<p>The IP Ban Settings Dialog is accessed in one of two ways:<\/p>\n<ul>\n<li>On the <em><strong>Control<\/strong> <\/em>menu, under the menu item:\u00a0 <em><strong>IP Ban Settings&#8230;<\/strong><\/em><\/li>\n<li>A small button marked &#8220;<em><strong>B<\/strong><\/em>&#8221; on the Caster and Clients tabs\u00a0 between the buttons <em><strong>List Current Users<\/strong><\/em> and <strong><em>List Recent IPs<\/em><\/strong> (the button is active only when there are banned IPs)<\/li>\n<\/ul>\n<p>This dialog is used to set the values of various <em>count thresholds<\/em> that are used whenever a remote device (typically an <a href=\"\/kb\/knowledge-base\/question-what-is-an-ntrip-client\/\">NTRIP Client<\/a>) fails to connect to the caster due so some form of error.\u00a0\u00a0 Whenever a device successfully connects, these counts are all reset to zero (in effect &#8220;all is forgiven&#8221;).<\/p>\n<p>In this context, a device requesting a Caster Table is not considered an error.\u00a0 Requesting a Caster Table entry in the table which does not exist is an error and contributes to the count.\u00a0 Bad user names and passwords used for otherwise valid mountPt names are also examples of errors.\u00a0 Ill-formed requests (with the exception of various browsers) are also considered errors.\u00a0 If a device does not attempt to connect for at least a selected period of time, the count is reset.<\/p>\n<p>The operational logic is simple and direct.\u00a0 When a device has failed to connect more times then allowed, it is banned from further connections for the period of time selected.\u00a0 The device is sent either a 403 message or an html web page that explains why it was banned.\u00a0 Which of these is sent is controlled by the current <a href=\"\/kb\/knowledge-base\/the-preferences-dialog\/\">preferences<\/a> settings. Ban periods can range from tens of seconds seconds to several days, as the user selects.\u00a0 All these counts are reset when <span style=\"color: #0000ff;\"><strong>SNIP<\/strong><\/span> is started; only the list of permanently banned IPs and the control values persist between <span style=\"color: #0000ff;\"><strong>SNIP<\/strong><\/span> restarts.<\/p>\n<p>Two different count thresholds are supported, an &#8220;initial&#8221; value and a &#8220;what, is it you again&#8221; value for repeat offenders, as described below.\u00a0\u00a0 These values are all set in the dialog show below.\u00a0\u00a0\u00a0 Any currently banned IP values are listed below the controls and these can be reset or removed with the <strong>Reset<\/strong> button.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-3779\" src=\"\/kb\/wp-content\/uploads\/2017\/07\/Ban_DefaultView.png\" alt=\"Ban_DefaultView\" width=\"492\" height=\"360\" srcset=\"https:\/\/www.use-snip.com\/kb\/wp-content\/uploads\/2017\/07\/Ban_DefaultView.png 492w, https:\/\/www.use-snip.com\/kb\/wp-content\/uploads\/2017\/07\/Ban_DefaultView-300x220.png 300w, https:\/\/www.use-snip.com\/kb\/wp-content\/uploads\/2017\/07\/Ban_DefaultView-50x37.png 50w, https:\/\/www.use-snip.com\/kb\/wp-content\/uploads\/2017\/07\/Ban_DefaultView-320x234.png 320w\" sizes=\"auto, (max-width: 492px) 100vw, 492px\" \/><\/p>\n<h3>The Control Settings<\/h3>\n<h4>Enable IP Ban Processing<\/h4>\n<p>This acts as a master <strong>on\/off switch<\/strong> and can be used to disable further ban processing.<\/p>\n<h4>Failed Connections, 1st Time<\/h4>\n<p>This is the number of times any unique combination of IP, user agent (the NTRIP Client software used) and user name (if present) are allowed to try and connect without success before being banned for the very <span style=\"text-decoration: underline;\">first<\/span> time.\u00a0 The value can be set between 10 and 50,000.<\/p>\n<p style=\"padding-left: 30px;\">The default value of 2500 allows an NTRIP Client that tries to connect every ~10 seconds to try for just under 7 hours before being banned.\u00a0\u00a0 A very aggressive client (connecting at a 1Hz rate) would reach the same threshold in 42 minutes.\u00a0 RTCM SC-104 recommends that unsuccessful NTRIP Client devices implement a back off strategy in such cases, which would result in several days before reaching the threshold point.<\/p>\n<h4>Ban Length Time<\/h4>\n<p>The amount of time that the ban will last for new users.\u00a0 If, for example, the setting was 120 seconds, a newly banned IP will not be allowed to try and connect again for 2 minutes.\u00a0 After the two minute period the ban is lifted and connections from the NTRIP Client software will again be processed.<\/p>\n<p>A time of 10~30 minutes is recommended as a balance between getting the user&#8217;s attention and correcting conditions without waiting for too long.\u00a0 If you find that your static IP is being abused by other parties who are not your users (we presume a closed Caster) a longer time ~4 hour with a low count is suitable.\u00a0 The value can be set between 10 and 15,000 seconds\u00a0 (4.2 hrs).<\/p>\n<p><span style=\"color: #008000;\"><em><strong>Important Notes:\u00a0<\/strong> <\/em><\/span><\/p>\n<ol>\n<li>The ban applies to new connections, any existing other connections from this IP (which by the fact that they are connected implies that they have been successful) are not affected.<\/li>\n<li>The entire IP is banned at this point, not the NTRIP Client software nor any specific ports. So conditions can exist (typically on a PC used by a GNSS researcher) when running multiple NTRIP Client software packages that one bad set of settings can affect the ability of other software on the same machine.<\/li>\n<li>In offices which use DHCP and NAT to share a single IP value between different users, please consider point #2.<\/li>\n<li>During the active ban period, <span style=\"color: #0000ff;\"><strong>SNIP<\/strong><\/span> spends as little time as possible on the request, closing the TCP\/IP socket and not keeping any further statistical details of the IP\/agent\/user\/attacker.<\/li>\n<\/ol>\n<h4>Failed Connections, 2nd Time<\/h4>\n<p>This is the number of times that any unique combination of IP, user agent (the NTRIP Client software used) and user name (if present) are allowed to try and connect without success before being banned two or more times (after being banned once before). \u00a0 It is typical to set the threshold for &#8220;repeat offenders&#8221; to a lower number. \u00a0The value can be set between 10 and 50,000.<\/p>\n<h4>Reset Period<\/h4>\n<p>This is the amount of time (in hours) which must pass before the set of counts for a given unique combination of IP, user agent (the NTRIP Client software used) and user name (if present) are all reset to zero.\u00a0\u00a0 Any connection attempts during this time (if not banned) resets the time.\u00a0 The purpose of this is to allow an NTRIP Client device to have a &#8220;fresh start&#8221; after a lapse in trying to connect. \u00a0 The value can be set between 10 and 150 hours (~6.25 days).<\/p>\n<h3>The Buttons<\/h3>\n<h4 style=\"padding-left: 30px;\">The Reset Button<\/h4>\n<p style=\"padding-left: 30px;\">This control allows removing all temporary banned IPs.\u00a0 [Any permanently banned IPs are retained]\u00a0 Pressing the reset button does not affect the running counts of non-banned devices.<\/p>\n<h4 style=\"padding-left: 30px;\">Defaults<\/h4>\n<p style=\"padding-left: 30px;\">Resets the various counts and times to predetermined values useful to many <span style=\"color: #0000ff;\"><strong>SNIP<\/strong><\/span> operators.\u00a0 Any values which you set will be kept and reused the next time <span style=\"color: #0000ff;\"><strong>SNIP<\/strong><\/span> is run if the dialog is dismissed with the Ok button.<\/p>\n<h4 style=\"padding-left: 30px;\">Print<\/h4>\n<p style=\"padding-left: 30px;\">Shows the list of current banned IPs (if any) in the console.<\/p>\n<h4 style=\"padding-left: 30px;\">Edit<\/h4>\n<p style=\"padding-left: 30px;\">Allows the user to view and to edit the ban time value for the selected IP.\u00a0 Allows changing the ban time for an IP from a temporary time period to permanent.\u00a0 Allows adding new IPs<\/p>\n<h4 style=\"padding-left: 30px;\"><span style=\"color: #008000;\"><strong><em>i<\/em><\/strong><\/span><\/h4>\n<p style=\"padding-left: 30px;\">Brings up the web based knowledge base page for this topic in the user&#8217;s preferred browser.<\/p>\n<h4 style=\"padding-left: 30px;\">Cancel<\/h4>\n<p style=\"padding-left: 30px;\">Dismisses the dialog box without using any changed data.<\/p>\n<h4 style=\"padding-left: 30px;\">Ok<\/h4>\n<p style=\"padding-left: 30px;\">Dismisses the dialog box without saving the current data values.<\/p>\n<h3>Viewing Banned IPs<\/h3>\n<p>The image below shows a temporarily banned IP value. The green &#8220;T&#8221; indicate that the ban is temporary.\u00a0 A permanent ban is indicated with a blue &#8220;P&#8221; symbol.\u00a0 In the <span style=\"color: #800000;\"><em><strong>Pro<\/strong> <\/em><\/span>and <span style=\"color: #800000;\"><em><strong>Enterprise<\/strong> <\/em><\/span>models an IP value can be permanently banned or its temporary ban time can be adjusted as desired.\u00a0 See <a href=\"\/kb\/knowledge-base\/banning-abusive-users-editing\/\">this article<\/a> for details.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-3782\" src=\"\/kb\/wp-content\/uploads\/2017\/07\/Ban_PostAddView.png\" alt=\"Ban_PostAddView\" width=\"491\" height=\"361\" srcset=\"https:\/\/www.use-snip.com\/kb\/wp-content\/uploads\/2017\/07\/Ban_PostAddView.png 491w, https:\/\/www.use-snip.com\/kb\/wp-content\/uploads\/2017\/07\/Ban_PostAddView-300x221.png 300w, https:\/\/www.use-snip.com\/kb\/wp-content\/uploads\/2017\/07\/Ban_PostAddView-50x37.png 50w, https:\/\/www.use-snip.com\/kb\/wp-content\/uploads\/2017\/07\/Ban_PostAddView-320x235.png 320w\" sizes=\"auto, (max-width: 491px) 100vw, 491px\" \/><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This article reviews the various controls and settings used by SNIP to ban abusive users.\u00a0 This feature allows you to detect and to ban\/block connecting users (remote IPs) who fail to connect to your SNIP Caster node repetitively for long periods of time without success.\u00a0 We call these &#8220;abusive IP [&hellip;]<\/p>\n","protected":false},"author":13,"comment_status":"open","ping_status":"closed","template":"","format":"standard","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"footnotes":""},"ht-kb-category":[283],"ht-kb-tag":[347,346,177],"class_list":["post-3776","ht_kb","type-ht_kb","status-publish","format-standard","hentry","ht_kb_category-managing-user-accounts","ht_kb_tag-abuse","ht_kb_tag-ban","ht_kb_tag-users"],"_links":{"self":[{"href":"https:\/\/www.use-snip.com\/kb\/wp-json\/wp\/v2\/ht-kb\/3776","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.use-snip.com\/kb\/wp-json\/wp\/v2\/ht-kb"}],"about":[{"href":"https:\/\/www.use-snip.com\/kb\/wp-json\/wp\/v2\/types\/ht_kb"}],"author":[{"embeddable":true,"href":"https:\/\/www.use-snip.com\/kb\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/www.use-snip.com\/kb\/wp-json\/wp\/v2\/comments?post=3776"}],"version-history":[{"count":23,"href":"https:\/\/www.use-snip.com\/kb\/wp-json\/wp\/v2\/ht-kb\/3776\/revisions"}],"predecessor-version":[{"id":9101,"href":"https:\/\/www.use-snip.com\/kb\/wp-json\/wp\/v2\/ht-kb\/3776\/revisions\/9101"}],"wp:attachment":[{"href":"https:\/\/www.use-snip.com\/kb\/wp-json\/wp\/v2\/media?parent=3776"}],"wp:term":[{"taxonomy":"ht_kb_category","embeddable":true,"href":"https:\/\/www.use-snip.com\/kb\/wp-json\/wp\/v2\/ht-kb-category?post=3776"},{"taxonomy":"ht_kb_tag","embeddable":true,"href":"https:\/\/www.use-snip.com\/kb\/wp-json\/wp\/v2\/ht-kb-tag?post=3776"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}