That’s not necessarily a proxy. It’s more likely to be NAT. At the school I work at we use no proxies, but every machine on the network (except a handful of public servers) appears to have the same IP.
True in some cases. I use Roadrunner for example. I have had that as my ISP for 13 years. In that time, I possibly have had 200+ different IP addresses. Do the math. My four number IP might be the same for weeks at a time. Maybe months.
Actually, there are posters in the Ukraine that are legitimate(not many, I know).
Currently, our biggest headache is India. There are two carriers in India that are the equivalent of AOL in the US. We can’t ban those IPs without disenfranchising tens of legitimate posters/readers in India. I’d say 80+ % of our current spammers are from India. So it goes.
This is for the website I run, which doesn’t have any legitimate posters from the Ukraine.
And if you did, the Indian spammers would simply start using proxies in other countries. They deliberately choose proxies from the same pool used by legitimate posters who are trying to avoid local censorship or monitoring.
Huh? I live in Jakarta. Proxies are not the “normal” or “only way” to access the internet in Indonesia. In fact the Indonesian message board I moderate bans the use of proxies.
As a data point, I was just running Tunnelbear into the UK. When I tried to get into this board with it on, I got a “banned IP” message. So the software will stop at least some proxies.
I checked my data, and yes, you’re right. Proxies are more common than the US, but not that much more. I suspect they were more common a few years back, when several large web sites were blocked by some Indonesian ISPs.
I presume much of your trouble is with Airtel. I’ve temporarily moved to my parent’s place. They use it, and I have to use Google’s cache to be able to even view the site, because pretty much any IP address I get is blocked by the SDMB. This is the first time I’ve been able to post in a month.
What confuses me is why the IPs that are banned can’t even view the site. I mean, sure spammers may be a problem, but why not just prevent them from posting?
Also, the SDMB has a large enough membership where Dopers might unintentionally share an IP address – public hotspots, hotels, rest areas, etc – at some time in their travels. Even on my small-ish message board, it happens.
It’s a lot easier to detect a sock on a smaller board. Still, I’m surprised some socks haven’t been detected earlier, especially when they have a writing style that is unusual, but very similar to another user. Consider vanilla; her socks should have been obvious early on. If I see someone who’s posting in the same style of a banned user, I’d check the IP addresses. If they’re in the same general location, it’s almost certainly a match.
Airtel and Reliance are major headaches on my site, too. Say “Airtel Broadband” to any message board operator in the US, and the response will often be a shrug and a sigh, followed by a long rant.
Most spammers from India are human “link builders”, and they have obvious tells. For example, many will enter the (often misspelled) name of an iconic city in the US, or just “usa” alone, as their location; or use the name of a Bollywood actor or actress for their username. Many are often not yet in the Stop Forum Spam database, so they’re not blocked when they try to register. I have a plugin that bumps new members from certain spam-prone countries into a mod queue. (China, Vietnam, Poland, Russia, Ukraine, and Belarus are outright blocked, since the ratio of spammer/hacker traffic to legitimate users is outrageously high.) When I check the queue, I’ll Google “[username] vbulletin” or [email prefix] vbulletin", and if there’s a bunch of hits, I delete the account.
It’s not just India. The ratio of human spammers to legitimate users is quite high from all subcontinental countries , Pakistan, Bangladesh, Nepal and Sri Lanka included.
Speaking as just one message board operator, I have two different levels of country blocking:
-
Those countries where almost all of the traffic is malicious - Russia, Ukraine, China, etc. It’s not just spammers, but also hackers, scrapers, and so on. The vast majority of spammers are bots, and they’ll often hammer away for hours at a time. This has a measurable impact on bandwidth and server performance. There might be some legitimate users there, but it’s just not worth it.
-
Those countries where there’s a large number of spammers, but a somewhat higher ratio of legitimate users among them. Among those countries are India, Bangladesh, Israel, and Turkey. Those countries tend not to be the source of bots or scrapers. Users from those countries are allowed to register, but they’re placed in a queue (if they’re not blacklisted by Stop Forum Spam) for moderator investigation and manual approval.
When I look at “disenfranchising” countries, I have to consider the Pareto principle. 20% of legitimate users make 80% of the posts. The vast majority of new users will only post a few times. So, let’s consider someplace like Russia.
100,000 new users registering from Russian IPs.
99,990 will be spammers (usually bots) or hackers.
10 will be legitimate.
0nly a few of them will post.
One will post more than twice.
It’s just not worth the hassle.
Now, India.
100 new users registering from Indian IPs.
90 will be spammers (humans, that aren’t caught by Stop Forum Spam).
10 will be legitimate.
Only a few will post.
One will post more than twice.
Even then, Indian users tend not to be as “sticky” in the long term as those from the Anglosphere. The ratio of inactive to active legitimate users from India is much higher than for US/Canada/UKoGBaNI/Ireland/Australia/New Zealand/South Africa.
Thanks for the extensive behind the scenes look into the spam world, but my question was a bit different.
When I happen to be assigned an IP address that has been blacklisted by the SDMB(presumably for spamming), then I can’t even view pages/threads/posts and have to resort to using Google’s cache. My question was why the system is like this. Why can’t it be so that banned IP addresses can’t sign in to make posts/threads of their own, but can still look at the innumerable witty and well reasoned contributions made to human thought by the teeming millions? Not that banning IP addresses when they’re dynamically assigned should make a difference anyway, but that’s a different issue.
On another system, the controls for banning (which means user name, email or IP numbers) let the Admin decide which it will be. Even for suspensions. They have to pick the option that says “this IP can no longer view anything”, rather than just not be able to sign up, post, or otherwise annoy the Gods.
Because the dryer must have its occasional snack. (Where do you think the lint in the filter comes from?)
That was funnier in the other thread
Socks are detected here all the time. Whether or not the mods can find proof and actually do anything about them is another story.
It’s easy to outright block an IP address or range; at the server level (through an .htaccess file or a firewall), or in the case of vBulletin, in the administrator control panel.
Where it gets more difficult is determining the intent of a visitor from a certain IP. From what I understand, the SDMB is running on a mostly stock version of vBulletin, with few or no tweaks or plugins. There are plugins to allow somewhat more granular control. For example, there are a few plugins that query the Stop Forum Spam when someone tries to register. There’s also a plugin that sends new users from certain IP ranges or countries to s moderation queue for manual approval. Without those plugins, IP blocking is generally brute force; all or nothing.
These are viable solutions for traffic from a country like India or Indonesia, where there’s usually some legitimate users among the link builders, and there’s not much bot or scraper traffic. The activities of Indian spammers won’t noticeably impact the server; they’ll just be a nuisance for the administrators and moderators.
It gets more difficult when you’re looking at countries where almost all the traffic is malicious, from the perspective of US-based message boards. Spammers in places like Russia, Ukraine and China tend to use bots to register, and they often hammer away endlessly for hours. There’s also content scrapers, aggressive search engines, and hackers galore. Most have user agent fields that spoof popular Web browsers; the server will think it’s just Firefox, and not xRumer or a scraper. Most aren’t throttled, and they’ll chew up CPU cycles and driving up server loads. (If I want to stress-test my server, all I have to do is remove the China and CIS IP blocks, and the load will begin to climb almost immediately.) It’s much harder to tell whether a visit from an IP address in Russia is just a visiting American tourist, or a registration bot. Also, there’s a much higher ratio of malicious traffic to legitimate users.
Why would some IPs in a country be blocked, and not others? A message board operator may find they get no legitimate traffic from a certain Airtel block, which may be in a city where there’s a lot of link building activity. However, there may be an Airtel block that’s trouble-free, so its left alone.
On stock vBulletin, there’s no different levels of permissions for certain IPs or ranges; it’s just brute force blocking. An IP is blocked or it isn’t. There’s granular permissions at the usergroup level.
Well, in that case blocking entire countries is going to be beast for the board, in terms of stopping the above mentioned malicious traffic. Sure nobody in those countries can read, register or post. But who cares?
You’ve heard of Chupacabra, the Goat Sucker? You have been a victim of the Sock Sucker.