# Moderators: Accidental ban of whole subnet



## DanielG. (Mar 23, 2013)

Hi moderators,

I think you accidentally banned a whole subnet (93.218.* or similar) from your forums.
No login (and even guest access) is possible from my DSL: I'm banned. (With different IPs falling in the mentioned subnet.)
From phone with login and totally different IP: not banned. (As you see by reading my post.)

I didn't even post since January and I'm always polite 
It looks like some punk with a dynamic IP was insulting but sadly now I (and many others) get IPs from the subnet he was in.

Thanks for looking into it!

Edit: Using my provider's proxy (and thus getting a different IP) for access from my DSL line also works. So it is definitely a ban of some IPs.


----------



## Forceflow (Mar 23, 2013)

IP banning, really? Sorry to tell you, but the only thing that does is to open you up to a huge variety of DoS attacks and potentially banning regular users yet it does absolutely nothing against anybody who is determined to get into the page.


----------



## CharlieB (Mar 23, 2013)

I'm not sure what has happened... but I'll tell you what I do.

I monitor the traffic coming into my network. At least once a week, I get flooded for a few hours. Its always from one or two IP's per occurrence. I'll get hit maybe 500-700 times per minute, for hours at a time, methodically trying all ports.

Of course its simple to trace the IP's back to who owns them.

#1 offender - China
#2 offender - Eastern European countries - Serbia, Latvia, Ukraine, etc
#3 offender - United States universities.

In cases #1 and #2, I ban the IP, up to half a dozen from the subnet. After that, I just ban the whole subnet. It sucks to be them doesn't it. 

In the case of universities, I contact their admin, send them my logs, and they handle it. About 1/3 of the time they send me an apology response after the problem is corrected.

So there ya have it. I don't provide bandwidth for buttheads. Anyone on my network is my guest, and I expect them to behave as a guest. Its like holding an open party at your house. What? You're just riding in the same car as the guest, but you got kicked out of my party because the folks you rode with decided to pee in my living room? Guess it sucks to be you doesn't it.


----------



## Admin US West (Mar 23, 2013)

It should be fixed now. It was me. 

The boss has already let me know!!

Send me a private e-mail if its still not working.


----------



## RS2021 (Mar 23, 2013)

CharlieB said:


> Of course its simple to trace the IP's back to who owns them.
> 
> #1 offender - China
> #2 offender - Eastern European countries - Serbia, Latvia, Ukraine, etc
> ...



#3 offenders...I am so pleased our boys are holding up their end!


----------



## DanielG. (Mar 23, 2013)

CR Backup Admin said:


> It should be fixed now. It was me.
> 
> The boss has already let me know!!
> 
> Send me a private e-mail if its still not working.



Looks like it's working again, thanks. (I hate using proxies.)


----------



## Admin US West (Mar 23, 2013)

Freelancer said:


> yep..... you are right.
> 
> thank god for proxys.
> 
> banning is stupid and useless anyway.... as if you could not make a new account in 1 minute.



We have had a few stubborn ones, after two or three new user names, we plugged all their holes.


----------



## CharlieB (Mar 24, 2013)

RS2021 said:


> CharlieB said:
> 
> 
> > Of course its simple to trace the IP's back to who owns them.
> ...



I would have never guessed it... but the logs don't fib.

Years ago, in the Napster days when I had Napster server here, we had Italy as #1, amazing how stuff changes.


----------



## Admin US West (Mar 24, 2013)

We see different countries depending on the type of spam or post. We occasionally see spam from compromised University servers, but not a great deal.

Sometimes they hide behind proxy servers, but those domains can be banned as well if they become a issue. Anonymous IP's can also be blocked.

Members are good about reporting spam, and it usually gets removed quickly. 

SEO Spam is the biggest issue, its almost 100% blocked now, but they will eventually figure it out and we will do something else. 


We strongly discourage people from posting links to questionable sellers, Google and other search engines scan this site frequently, and such links boost the scam sellers.


----------



## Forceflow (Mar 25, 2013)

Have you tried implementing a question -> response registration type? (Not sure, been a while since I last registered here)
I had a similar problem on my page a while back and none of the CAPTCHAS worked. So I created a custom field on the registration page where I asked a question stating where the answer can be found. (Must be on a different page, on the top of the Help page should work) It's very easy for real humans to answer the question (open a new tap and voila) but bots will have a very problem going around that one. You can even easily generate a new Q&A every day making sure that the answer is nor being spread around or guessed easily.

On my page the amount of spam accounts went from daily to pretty much zilch. (Haven't had a bot in months)


----------



## Admin US West (Mar 25, 2013)

Forceflow said:


> Have you tried implementing a question -> response registration type? (Not sure, been a while since I last registered here)
> I had a similar problem on my page a while back and none of the CAPTCHAS worked. So I created a custom field on the registration page where I asked a question stating where the answer can be found. (Must be on a different page, on the top of the Help page should work) It's very easy for real humans to answer the question (open a new tap and voila) but bots will have a very problem going around that one. You can even easily generate a new Q&A every day making sure that the answer is nor being spread around or guessed easily.
> 
> On my page the amount of spam accounts went from daily to pretty much zilch. (Haven't had a bot in months)


 
Yes, there is a response question. However, the nature of SEO spamming is changing as well. Now, there are large rooms full of people who work for a few cents a day manually creating accounts and going thru the login procedure.


There are still lots of robots, but the manual process is more successful. They even post some text that may or may not be relevant, but its always obvious to readers.


We get maybe 3-7 spams thru a day, and these are handled pretty quickly. Thanks to those who report them. Those who pay SEO companies to do this are usually clueless, or they do get results and don't care. Even a big Fortune 500 company got caught hiring a shady SEO Spammer a couple of years back.


----------

