Skip to Content

School systems sharing a single IP / Network address....

« News and Announcements
6 replies [Last post]
Amos Blanton

Greetings everyone.  I manage moderation on the Scratch website. We've run into a few problems having to do with schools using a single IP address, so I thought I'd post about them here. If anyone has thoughts or ideas for solutions, we'd love to hear them!

As with all websites that allows sharing of user generated content, the Scratch website has to have a means of blocking sources of disrespectful or otherwise inappropriate material. We can do this by blocking accounts, but of course it's very easy to make a new one.  In cases where users make multiple accounts to troll or post disrespectful content (usually mean or unconstructive comments), we resort to blocking access from the offending account's network or IP address.

In many cases this works well - the source is blocked, and the user is invited to send us an email to discuss the situation and ask to be unblocked.  However, when the source of the inappropriate comments or content is a student from a school that uses a single external IP address, we are often forced to block many more users than we would like to.

Often schools use a single external IP address through which all requests to and from the internet are funneled. This means that if we are forced to block access from this IP address, the entire school gets blocked.  When entire school districts share a single IP address, the situation is even worse.  We end up having to block an entire school district's access because one student on one computer in one classroom was acting inappropriately.

Unfortunately, it's hard to find a good solution to this problem from our end.  The centralized architecture of a school or schools sharing a single IP address leaves us with no alternative but to block the access of many classrooms to prevent access from a single user.

If you have any ideas about ways to better address this issue, we'd love to hear them!  If this issue has affected your school in the past,  perhaps you can send a link to this post to your IT specialists, so they can consider this scenario.

Jason Rukman
Kat Pettit
Bumping this post as I would like to ask if there has been any development on this?

I am the sysadmin in a school that shares an IP with the rest of our county's schools, so we're a prime example of the situation the OP gave.

We have been advised that there has been some form of non-guidline-compliant content from our IP.  This only happens when I set up a user account (any way to set these up in bulk and manage them in one place, by the way?).

I'm concerned that we're going to get blocked as we have other schools on the same IP address and I have no control what they do.

Any thoughts?
Dave Briccetti

If you note the time of the offence, you might get the school district to look in their logs—if they have them—to see what computer was used and track down the student.


Or perhaps you could enable a mode for troublesome IPs where all “contributions” have to be moderated.

Amos Blanton

Hi Dave - That's a good idea. Perhaps we could include the timestamp of the inappropriate comments in the message that is displayed when acccess is blocked. If the teacher who sees this information can connect with the IT person who has the logs, they might be able to locate the computer that was used to make the comments.

Changing a school to 'highly moderated' mode or some kind of probationary status might help solve the problem as well. Unfortunately, this would be a very energy intensive process.  We've considered the possibility of giving teachers a different status on the website, and ccing reports of inappropriate content by associatied student accounts to them. But teachers are often quite busy! So we're not sure if that would be a good solution.

Amos Blanton

Thanks for the ideas, Greg! Adding a cookie might be a good way of at least temporarily disabling access from a single computer - as long as the user doesn't know how to clear their cache. We may have to consider that for the future.

Greg Leppert

 Hey Amos, sounds like a head scratcher. First of all, assuming you have easy access to your IP logs, you can continue to block IP addresses that are only utilized by a single user. It's not an ideal solution to begin with but it's not out of the question. In the event that a problem user is utilizing an IP address shared among many Scratch members, you might consider waiting to inform the user that their account has been suspended until they attempt to login. At that point you can set a cookie on the machine that, when present, prevents the registration of new accounts and/or the use of existing accounts from that specific machine. This could be a traditional browser cookie or an Adobe Flash based cookie. A Flash cookie is going to be browser agnostic and a little more difficult to delete, if only because a lot of users don't know about them, but obviously requires the Flash plugin to be installed. It's not a bullet proof solution and it might prevent subsequent students on the same machine from being able to use Scratch until the cookie is deleted or expired but it's better than blocking an entire school and it might be enough to deter or stem repeated abuse.