Jump to content
ATX Community

Blocking IP addresses


Eric

Recommended Posts

At any given time there are a number of people from China and Russia on the forum, about a dozen on the low end, and Judy mentioned that she noticed that there were 150+ guests on recently.  Some are trying to register to spread spam, others are probably probing for security vulnerabilities.  The anti-spam service I subscribe to seems to be doing a great job of keeping spammers from registering and while I'm not too worried about security, the constant traffic does put additional load on the server.

This site is very US-centric, so I can't think of any reason why I shouldn't restrict access to the site from problematic countries / IP ranges.

I'm not going to make any changes immediately, but it wouldn't hurt to take note of the URL of the Facebook Group if you haven't already, or my email address ([email protected]) in the case that you suddenly find yourself unable to connect to the website.  I don't expect any such issues, but a huge number of addresses will be blocked and I want to make sure people have some way to contact me outside of the forum just in case.

  • Like 3
  • Thanks 4
Link to comment
Share on other sites

This is something I deal with as well.  I block for certain countries.  It does take some manual handling (not just using an IP list service), since some desired users will have non US IP addresses for various reasons.  For instance, I have a customer who lives abroad for 1/2 of the year.  When blocked, I show a special page, with contact info, so those who are human, and actually customers, can send me an email with their IP address.  Some on the northern border will have a Canadian IP address, some on the southern border will have a Mexican IP address.  Some may have randomly placed IP addresses, such as when a VPN or other masking service is in use (have one customer who uses a non US IP s they can stream videos - such as TV sports feeds - which are blocked for those in the US).

  • Like 2
Link to comment
Share on other sites

In the US ranges, there are also certain ranges - generally hosts friendly to spam - which I block.  Also block many of the Amazon ranges, since they generate a large amount of non human traffic, and since my product is not designed for something like an AWS virtual computer.  I am willing to share my current list if you would like to review it.

  • Like 2
Link to comment
Share on other sites

Using a combination of Kodi and some third party plugins is a popular choice.  You can buy a box pre-configured for plug-and play too.

There are also some websites you can visit to stream tv and live sports, but they're like the online equivalent of visiting a crack den.  Without a good ad blocking plugin and some intuition about what is safe to click, you'll end up getting infected with something.  

  • Like 1
Link to comment
Share on other sites

 

44 minutes ago, Medlin Software said:

This is something I deal with as well.  I block for certain countries.  It does take some manual handling (not just using an IP list service), since some desired users will have non US IP addresses for various reasons.  For instance, I have a customer who lives abroad for 1/2 of the year.  When blocked, I show a special page, with contact info, so those who are human, and actually customers, can send me an email with their IP address.  Some on the northern border will have a Canadian IP address, some on the southern border will have a Mexican IP address.  Some may have randomly placed IP addresses, such as when a VPN or other masking service is in use (have one customer who uses a non US IP s they can stream videos - such as TV sports feeds - which are blocked for those in the US).

Since I only have to worry about the people who want to visit this forum, a lot of those edge cases won't apply here.  Blocking China will take care of 90% of the junk traffic.  Your suggestion to show a special page to those who are blocked is a good one.  I'll do that.

43 minutes ago, cbslee said:

I think you should block those addresses as soon as possible ! 

Although, I am sure there are ways to get around the block.

It's not difficult to get around the block, but I don't need it to be air-tight either.  Like I said, spam registrations haven't been an issue since implementing that service, and I'm confident in the server and site's security.  I just don't need those types of people eating up precious CPU cycles while they poke around.

  • Like 1
Link to comment
Share on other sites

"CPU cycles"

That is exactly what I try to preserve...  I show the IP on the "blocked" page, cover a few reasons why they are being blocked, and that they can send an email message, including their IP address, asking for access.  You will get some spam from that page, but those are easy to catch.  I also have a stock reply for those messages, asking for more information, which bots will not likely reply to.

Many of the blocked items I use are not IP based, they are for bots, such as non us search engines, MJ12, nutch, libwww, etc.  Also a few SEO "companies" who are constantly pounding away to gain data to try to sell as SEO improvement data...

  • Like 1
Link to comment
Share on other sites

1 minute ago, ILLMAS said:

If they were to get an VPN from let's say a cousin that lives in the U.S, would this be a work around?  

Yes.  The issue for me, and probably Eric, are bots not actual people.  With a small amount of effort, bots can be blocked.  Many bots are run on US system, since there are many hosts who care not about anything but sales.  I actually block certain ranges, which are controlled by certain US hosting companies, because they sell/resell to easily identifiable people/companies who are only using the service to scrape/spam,look for exploits.

IP blocking is only one of many steps one needs to take to try to keep safe, and in Eric's case, keep bandwidth wasters to a minimum.

Link to comment
Share on other sites

4 hours ago, Medlin Software said:

Some may have randomly placed IP addresses, such as when a VPN or other masking service is in use

I'm no IT expert, but isn't masking what makes it nearly impossible to keep the bad guys out?  I read that some of the big recent ransomeware attacks were run in ways that the origin couldn't be traced (with only a little bit of luck in discovering where the bitcoins paid as ransom ended up).  The IRS has said that it is almost impossible to trace the origins of fake returns because the IP addresses are masked and often bounce between multiple servers.  I guess it's even easier to mask caller IDs on phones.  I'm constantly getting calls with the same area code and exchange as mine--only the last four numbers vary--both at home and on my cell.  Today I received FIVE calls from "local" numbers, several with the person's name in the caller ID.  No one left a message.  Suspicious....

Can't the experts figure out a way to make IP addresses and phone numbers indelible?  Sure would make your jobs easier, and our phones a lot quieter.

Link to comment
Share on other sites

I don't know much about botnets, bandwidth,  VPN, plugins, and the like.  But I do know Eric is probably spending money and definitely spending his time keeping our forum as safe as possible.  So I decided this is a good time to hit the DONATE button (which I just did), as a way to say "Thank You, Eric". 

  • Like 3
  • Thanks 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...