External IP blocking for free accounts: how should we get rid of it?


Until now, we’ve been offering free accounts that provide pretty-much-unlimited Internet access. But there has recently been some misuse, and we’re worried that we could easily become swamped by people using us as a launchpad for nefarious activities.

Today we’ve added a restriction we really didn’t want to add: free accounts no longer have unrestricted access to the Internet; instead, they have access via a proxy with a whitelist that allows most popular sites to be accessed (including Google and the Twitter API). We’ll update the whitelist with new sites on request if the sites in question are ones that we can reasonably add.

But we don’t think this is the right way to handle this kind of thing in the long term. Ultimately all we want to do is stop the tiny minority of bad users from doing bad things using PythonAnywhere, and to be able to identify them if they do. The reason we still allow unrestricted access for paying customers is that we have their payment details, so if they do anything so terrible that the authorities need us to tell them who they are, we can fulfil that request.

So, how can we do this better? We’ve asked the gurus over at Hacker News, so if you know good solutions to this kind of problem, head on over there and let us know.

comments powered by Disqus