I've been half banned

I got half banned again. This time I got the prohibited ip address.

94.197.120.245

 

I was thinking about how I'd tackle the problem admin face if I was in charge of software development.

I suspect the viability of my proposed solution will depend on the availability of a suitable plugin, but here goes anyway.

Quite simply, I'd set a time limit on ip based bans. I'd have the default settings at something like 12 hours. But instead of loading the site and reporting that the ip has been banned, which then tells a spammer to acquire a different ip and try again, I'd simply not serve a page, so that the site is down as far as that ip is concerned.

Ideally, the ban duration could be set based on geography. UK bans for 12 hours, India, China and Russia (where quite honestly most cyber attacks come from) having a much longer default ban duration.

I'd probably also, if I had total control over the code, implement something that says if the user on the banned ip is known to be legit, let them through but still ban anyone else on that ip. That way anyone with a current session cookie can get in anyway.

There's probably flaws in my logic, but that's the route I'd initially go down if I were developing access control.