Opened 7 years ago
Closed 8 months ago
#3544 closed defect (bug) (wontfix)
Plugin Admin: IP Tracker
Reported by: | Ipstenu | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Component: | Plugin Directory | Keywords: | |
Cc: |
Description
We used to have a tool to check the IP address of submissions and compare to all others. This was useful to swiftly find people who were making serial plugins accounts to avoid previous restrictions.
/plugins/admin?ip=
It works much like the User Card (see an image here - https://make.wordpress.org/plugins/handbook/performing-reviews/review-walkthrough/ ) and the Author Lookup ( https://wordpress.org/plugins/wp-admin/tools.php?page=authorcards ) but is missing as a look up by IP.
This would be very helpful to hunt down serial abusers.
Change History (8)
#2
@
6 years ago
That doesn't give the same kind of output we used to have. And yes, it matters.
We USED to be able to look up an IP and see
1) A list of all users for the IP (and their plugins)
2) A breakdown by subset
And that second part is missing.
So if I looked up 123.45.67.89 I would also see 123.45.67.* and 123.45.*
We used that to find people who all belonged to the same company or group and were being silly and submitting a lot of plugins under multiple accounts to try and get around the guidelines.
For example, right now I've noticed a LOT of people seem to be submitting the same kind of plugin. I used to be able to check the IP and if I spotted four or five accounts with the same IP ranges, I knew I probably had some spammers and I could dig into it.
#3
@
6 years ago
- Keywords close removed
Ah! I didn't know about the subset support, I can see how that is useful.
#5
@
6 years ago
I don't THINK so (not a lawyer).
We need the IP addresses in order to track abuse, and since the submission is being made by a logged in account (where in we already have the email and username) I think it would be a reasonable exception.
IIRC it falls under the legitimate interest (Article 6).
1) We have prior consent via the account
2) We need it to prevent abuse and protect users
#6
@
6 years ago
Storing IPs isn't ideal at all, and ideally we'd like to be able to move away from it I think. Storing other derived data-points instead (ie. only a anonymised IP 123.123.123.0
or the Network ASN instead perhaps)
However, that being said, for GDPR purposes if it's a required functionality of the directory for the purposes of anti-spam as long as it's disclosed I think that's fine.
#7
@
6 years ago
I don't know that the Network ASN would be beneficial for the reason we use them. Literally I only use them when I'm trying to catch someone circumventing a previous ban. If you break it down like anon, I wouldn't be able to compare "Oh these four people submitted plugins with the SAME IP" (which yes, makes me wonder if they're even trying...) but also "This plugin was submitted via a TOR proxy..." (yes, pretty common).
I agree it's not ideal, but in order to reduce the risk of bad actors, I think we kinda have to :(
You can use the built-in search to pull up plugins based on IP. These searches are also linked to from the list of IPs in the Author Card.