Blocking anonymous proxies

Forum Moderators: rogerd

Message Too Old, No Replies

Blocking anonymous proxies

How to deal with banned users

Bamikanarie

12:03 pm on Aug 9, 2004 (gmt 0)

We're experiencing some difficulties on one of our forums with banned users coming back and posting via anonymous proxies.
I know there are serveral possibilities to detect anonymous proxies, I think the most realistic option is to maintain a blacklist with proxies. Does anyone know of fairly complete and well maintained lists (not necessarily for free) which I should use.
How do you deal with this problem?

grelmar

11:32 pm on Aug 9, 2004 (gmt 0)

[blackholes.us...]

It's been posted in here before, but I can't remember where the post was, so I just copied it from my bookmarks.

Be careful with BlackHole lists, you can end up banning some legit users. And some of the IP's are a little to all-encompassing.

On forums I admin or mod at, I just keep on top of it and delete posts pretty much as fast they come in.

rogerd

12:29 am on Aug 10, 2004 (gmt 0)

That would be a huge list to check every post or session against... One thing that I've found useful is to just ban the proxies as they are abused (along with disabling their account). It forces the spammer to go through another proxy, get a new e-mail, sign up for a new account. Eventually, most tire of the busywork.

Bamikanarie

8:05 am on Aug 10, 2004 (gmt 0)

Thanks for your replies, but I'm not sure in what way I should use the blackhole list. It seems that it just lists a bunch of ISP's. On the site it says "Blackholes.us does not list spammers, spam supporters or vulnerable hosts at the present time."
I even found the IP of an American server I had years ago at EV1.

I think I'll be doing the following, and Rogerd has a good point there: I'll just try to make those people get fed up by letting them sign up again, block e-mailadresses, IP-addresses. We maintain a list with all IP's a member has logged in with in the last couple of weeks. We could just block them all, including the anonymous proxies they used the last couple of days.

Another thing I'm testing right now is the use of a random and never expiring cookie. Just in case someone happened to be so stupid as not to clear his cookies before signing up again. We could just automatically ban them using this 'machine ID'.

Of course, there's always a risk of false positives. But I think we shouldn't exaggerate that issue, what are the chances in these days of (semi-)static IP addresses, that someone re-uses a previously banned IP address?

rogerd

10:43 am on Aug 10, 2004 (gmt 0)

what are the chances in these days of (semi-)static IP addresses, that someone re-uses a previously banned IP address?

Fairly high, depending on your clientele. On one forum I get a lot of posts from students, and they often share an IP in their dorm, etc. Ban the IP of one problem poster and you take out the whole building...

Bamikanarie

11:16 am on Aug 10, 2004 (gmt 0)

Most of them are Dutch webmasters. Besides that, it isn't a very big community. We have about 2000 posts per week and a couple of hundred active posters.