Support

These are all very good suggestions and, in fact, have already been considered or even discussed in the public tickets at one point or another. Let me explain why none of them has been implemented.

1 & 2: You can do that by exporting the jos_admintools_adminiplist (IP whitelist), jos_admintools_badwords (bad words list), jos_admintools_ipblock (black list), jos_admintools_redirects (URL redirections) and jos_admintools_storage (WAF and .htaccess Maker settings) tables using phpMyAdmin or any other SQL management tool (tip: they can all export to CSV). If you don't like phpMyAdmin and mucking around database tables, FreakedOut.de has a CSV import component which works with Admin Tools' URL and IP lists. Ask them if you're unsure. They're a very helpful bunch :)

The reason why this is not implemented in Admin Tools is that the CSV is a very loosely defined format. It would take months and several failed attempts to create something which can work with CSVs produced by all versions of Excel, OpenOffice, Numbers, Google Documents, Office 360,... You get the idea. Not to mention that a valid CSV file may have fixed fields, fields separated by commas, semicolons, spaces, tabs, other character, enclosed in double quotes or not, and when there are double quotes inside a string contained in double quotes you can either escape them as backslash-double quote or as double double quote. I have already had the misfortune of attempting to write a CSV importer in Visual Basic about a decade ago. I wouldn't do that again - nowadays I value my sanity much more :)

3: Do you mean the the thoroughly documented "Project Honeypot integration" feature? What you described is exactly how that feature works. Maybe you have to configure the thresholds a little and/or enable the repeat offenders IP auto block further down the Configure WAF page.

4: This is very dangerous! One wrong click and you'll be adding your own IP or the IP of your client to the list. That's why there are only links to automatically add/remove a single IP to/from the IP black list. Furthermore, I consider permanent IP blocking an ineffective and wrong measure. Any decent hacker/spammer will cycle his IP address every few hours. Blocking his IP hours after the event will simply block an IP address which may later belong to a legitimate user trying to access your site. I consider the automatic IP block (which automatically blocks IPs during an attack spree and only for a limited time) the best way to keep these attacks under control. After all, that's how server-level firewalls work, blocking IPs automatically for a limited time, triggered by attack patterns.

#4 is not really possible without inflicting a huge performance hit (10x slower!) on the log page, on top of the problems I mentioned. Besides, as I said, manually adding IPs to the blacklist is not just counter-productive, it's downright useless. Just turn on the automatic IP block.

In case you missed the important part about the reason not to add someone to the blacklist for "eternity":

Any decent hacker/spammer will cycle his IP address every few hours. Blocking his IP hours after the event will simply block an IP address which may later belong to a legitimate user trying to access your site.

Ergo: Black list = very bad idea. Time-limited auto-ban list = very good idea ;)

Yes, there is. The exact chance is 2^32 : 1 against it. It's about the same chance as two completely unrelated people having the same fingerprints. If I were a hacker, I would not use my ISPs IP range to attack you. I'd use a proxy, or a botnet. Hence the improbability of seeing the same IP address or an IP from the same range :)