Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


VPN IP Blacklist?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

VPN IP Blacklist?

RemuzRemuz Member
edited February 2015 in Help

Hi,

Recently some twat has been spamming my forums with new random accounts using various VPN IP's (HMA / PureVPN). The forum is somewhat big and I don't have the time or resources to manually check all accounts.

I'm wondering if there's a IP list with most/all VPN companies ranges available that I could just ban?

I know I'm going to end up banning some innocent people, and that's not the discussion I want to have. I've made up my mind on this matter.

I'm just wondering if there is a list or not. I really don't mind paying if It costs a bit.

Cheers!

Comments

  • That looks pretty neat, but does it work with VPNs? It seems to work with headers?

  • said: Remuz

    If they show you their real IP,what you do? :)

  • @fitvpn said:

    What do you mean? I'm only trying to block VPNs.

  • What you can do is use that to detect proxy/VPN then depending on our come show a diff page IE; 404

  • Remuz said: I'm only trying to block VPNs

    Mean exactly what said. What wrong they do with you, crime, ddos, fraud etc? How about free speech?

  • populair vpn services usually have their domain in the ip traceroutes, maybe you could find/create a plugin to detect those domains and ban based on that.

  • RemuzRemuz Member
    edited February 2015

    @fitvpn said:

    Did you spend any amount of time reading my original post before making your post? It's all in there.

    I'm not censoring free speech in any way, I've decided to ban VPN's and proxies.
    Now please, stop posting. You're making yourself and your company look like idiots.

    @Mark_R said:
    populair vpn services usually have their domain in the ip traceroutes, maybe you could find/create a plugin to detect those domains and ban based on that.

    I was hoping for a list, since I'm also running an IRC network related to the forums so I could ban it all with one list.

  • blackblack Member
    edited February 2015

    Static lists only takes you so far. They could just buy services with another vpn provider. That's why a proxy check system needs to be able to infer on an IP address it hasn't seen before. If for some reason you want to stick with static lists, Cakey published a portion of his on github https://github.com/Zalvie/nginx_block_files

  • I think you should be able to check with PHP if the IP address has VPN ports opened.

  • NyrNyr Community Contributor, Veteran

    This is the service you are looking for: https://www.blocked.com/

    It's funny because I can't even view their website with my VPN.

    www.blocked.com is protected by Blocked.com.

    Blocked is security software which protects websites and empowers webmasters to stop unwanted traffic.

    Your request was blocked because you appear to be accessing this website from a hosting provider network, proxy server, or VPN server.

  • Interesting, are your sources for these IP address accurate? Ever considered dropping /24 of an IP address to reduce the file size?

  • MunMun Member
    edited February 2015

    @black said:
    Interesting, are your sources for these IP address accurate? Ever considered dropping /24 of an IP address to reduce the file size?

    It is coming from stopforumspam and I would like to say they are accurate.

    Dropping a /24 is possible and I could do it if a threshold was met, but that isn't what I did. I built it more for really slowing down big known spammers, and it works really well.

  • Remuz said: That looks pretty neat, but does it work with VPNs? It seems to work with headers?

    It will detect VPN IPs, yes. You simply make a query from your webserver to http://check.getipaddr.net/check.php?ip=IPYouWantToCheck Make sure you read http://check.getipaddr.net to know exactly what it's returning and how it works.I'm not sure what you mean by headers but most "anonymous" VPNs don't follow RFC specification to forward their real IP address in the header.

    Mun said: It is coming from stopforumspam and I would like to say they are accurate.

    Thanks for the info, I'll definitely check it out. Project Honey Pot has something similar, perhaps you'll add it as another data point later.

  • @black said:
    Thanks for the info, I'll definitely check it out. Project Honey Pot has something similar, perhaps you'll add it as another data point later.

    If you could point me in the direction of a project honey pot API I would be very happy.

  • Mun said: If you could point me in the direction of a project honey pot API I would be very happy.

    https://www.projecthoneypot.org/httpbl_api.php

  • fitvpnfitvpn Member
    edited February 2015

    Remuz said: Remuz

    I represented only myself not related to any company. You are paranoid guy

    Edited by me. Who's me?

  • On forums the amount of crap and spam that comes from vpn makes it a matter of fourm survival to drop them. I had a forum that was getting over a thousand spam signups a day. 99% of them were from vps or data centers.

  • NyrNyr Community Contributor, Veteran

    lazyt said: On forums the amount of crap and spam that comes from vpn makes it a matter of fourm survival to drop them. I had a forum that was getting over a thousand spam signups a day. 99% of them were from vps or data centers.

    There are plenty of ways to control forum spam without closing them to legit users using VPNs and I never needed to ban them on any of mine nor my VPN is banned on any forum I know of.

    LET is a good example, I suspect that banning non-residential IPs would block access for many people here.

  • black said: Cakey published a portion of his on github

    I actually redid the whole system with automated checkings but have yet to push it in.

    Basically the new system pushes the IPs to a stack of four stages, where it first does a simple port scan and does a risk valuation and if it finds nothing it pushes it to the other stage where it checks the surrounding and some more checks, basically trying to find everything like vip72 which is extremely hard as it's costumer ips with only one port open between 5000-9000.

    Might open source the whole thing or make an dns api out of it.

  • Nyr on a tech forum yes. On that forum which was very specialized I had zero legit VPN sign ups versus over a thousand spam tries a day.

    I just blocked VPN sign ups once you were in VPN was fine. It dropped the crap to almost nothing. The target audience had problems with basic computer tasks let alone VPN.

  • Reading the thread again gives me impression that certain people mix VPN and proxy all the way (those are not synonyms).

    Personally, I somewhat restrict access from anonymous proxies (when forums/other user-generating content are involved, I prefer to ban anonymous proxies).

  • bashedbashed Member
    edited February 2015

    is amazing how little spam there is jere

Sign In or Register to comment.