New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
VPN IP Blacklist?
Hi,
Recently some twat has been spamming my forums with new random accounts using various VPN IP's (HMA / PureVPN). The forum is somewhat big and I don't have the time or resources to manually check all accounts.
I'm wondering if there's a IP list with most/all VPN companies ranges available that I could just ban?
I know I'm going to end up banning some innocent people, and that's not the discussion I want to have. I've made up my mind on this matter.
I'm just wondering if there is a list or not. I really don't mind paying if It costs a bit.
Cheers!
Comments
@black
http://check.getipaddr.net/
That looks pretty neat, but does it work with VPNs? It seems to work with headers?
If they show you their real IP,what you do?
What do you mean? I'm only trying to block VPNs.
What you can do is use that to detect proxy/VPN then depending on our come show a diff page IE; 404
Mean exactly what said. What wrong they do with you, crime, ddos, fraud etc? How about free speech?
populair vpn services usually have their domain in the ip traceroutes, maybe you could find/create a plugin to detect those domains and ban based on that.
Did you spend any amount of time reading my original post before making your post? It's all in there.
I'm not censoring free speech in any way, I've decided to ban VPN's and proxies.
Now please, stop posting. You're making yourself and your company look like idiots.
I was hoping for a list, since I'm also running an IRC network related to the forums so I could ban it all with one list.
Static lists only takes you so far. They could just buy services with another vpn provider. That's why a proxy check system needs to be able to infer on an IP address it hasn't seen before. If for some reason you want to stick with static lists, Cakey published a portion of his on github https://github.com/Zalvie/nginx_block_files
I think you should be able to check with PHP if the IP address has VPN ports opened.
https://www.qwdsa.com/converse/threads/nginx-ban-list-stopforumspam.63/
This is the service you are looking for: https://www.blocked.com/
It's funny because I can't even view their website with my VPN.
Interesting, are your sources for these IP address accurate? Ever considered dropping /24 of an IP address to reduce the file size?
It is coming from stopforumspam and I would like to say they are accurate.
Dropping a /24 is possible and I could do it if a threshold was met, but that isn't what I did. I built it more for really slowing down big known spammers, and it works really well.
It will detect VPN IPs, yes. You simply make a query from your webserver to http://check.getipaddr.net/check.php?ip=IPYouWantToCheck Make sure you read http://check.getipaddr.net to know exactly what it's returning and how it works.I'm not sure what you mean by headers but most "anonymous" VPNs don't follow RFC specification to forward their real IP address in the header.
Thanks for the info, I'll definitely check it out. Project Honey Pot has something similar, perhaps you'll add it as another data point later.
If you could point me in the direction of a project honey pot API I would be very happy.
https://www.projecthoneypot.org/httpbl_api.php
I represented only myself not related to any company. You are paranoid guy
Edited by me. Who's me?
On forums the amount of crap and spam that comes from vpn makes it a matter of fourm survival to drop them. I had a forum that was getting over a thousand spam signups a day. 99% of them were from vps or data centers.
There are plenty of ways to control forum spam without closing them to legit users using VPNs and I never needed to ban them on any of mine nor my VPN is banned on any forum I know of.
LET is a good example, I suspect that banning non-residential IPs would block access for many people here.
I actually redid the whole system with automated checkings but have yet to push it in.
Basically the new system pushes the IPs to a stack of four stages, where it first does a simple port scan and does a risk valuation and if it finds nothing it pushes it to the other stage where it checks the surrounding and some more checks, basically trying to find everything like vip72 which is extremely hard as it's costumer ips with only one port open between 5000-9000.
Might open source the whole thing or make an dns api out of it.
Nyr on a tech forum yes. On that forum which was very specialized I had zero legit VPN sign ups versus over a thousand spam tries a day.
I just blocked VPN sign ups once you were in VPN was fine. It dropped the crap to almost nothing. The target audience had problems with basic computer tasks let alone VPN.
Reading the thread again gives me impression that certain people mix VPN and proxy all the way (those are not synonyms).
Personally, I somewhat restrict access from anonymous proxies (when forums/other user-generating content are involved, I prefer to ban anonymous proxies).
is amazing how little spam there is jere