Banning dynamic IP addresses is a nonsense!

Conspirant on 20/9/2006 at 18:00

I have an ADSL connenction with dynamic IP and I often get the following message when I try to open the TTLG site:

"Sorry. The administrator has banned your IP address. To contact the administrator click here" :tsktsk:

I often have to reconnect several times to obtain a proper IP address. I have tried to "contact the administrator" many times, :erg: however, I've never got any reaction so I perform my complaint here. :sly:

In brief:
This is nonsense to ban whole dynamic address ranges because if someone has done some wicked thing (hacking, portscan or I dunno) you will punish innocent people. I hope you will resolve this problem shortly.

In not so brief: :bored: :cheeky:
If you notice that someone tries to erase your site, install a spam server, obtain your credit card numbers or fabricate a bomb with your printers through your network, then before you reflexly ban the bad guy's address, try to get informed first.

In that case a whois command (on Linux) or service (eg. (http://www.dnsstuff.com/) http://www.dnsstuff.com/) may tell you many things. For example my last banned address was "81.182.54.16" and for that whois tells the following (I've highlighted the interesting parts and replaced '@'-s to '(a)'-s):

% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Note: the default output of the RIPE Whois server
% is changed. Your tools may need to be adjusted. See
% (http://www.ripe.net/db/news/abuse-proposal-20050331.html)
% for more details.
%
% Rights restricted by copyright.
% See (http://www.ripe.net/db/copyright.html)

% Information related to '81.182.54.0 - 81.182.55.255'

inetnum: 81.182.54.0 - 81.182.55.255
netname: DSL-POOL-28
descr: T-Online ADSL clients (dynamic address pool)
descr: Hungarian Telecom
country: HU
admin-c: IV32-RIPE
tech-c: IV32-RIPE
status: ASSIGNED PA
mnt-by: AS5483-MNT
mnt-routes: AS5483-MNT
remarks: INFRA-AW
notify: [email]hostmaster(a)t-online.hu[/email]
changed: [email]bat(a)matav.net[/email] 20030414
changed: [email]bat(a)matav.net[/email] 20040430
source: RIPE

person: Irina Varnai
address: T-Online Hungary, Magyar Telecom Group
address: Pf.204
address: H-1364 Budapest
address: Hungary
abuse-mailbox: [email]abuse(a)t-online.hu[/email]
phone: +36 1 3713400
fax-no: +36 1 4110541
notify: [email]irina(a)t-online.hu[/email]
remarks: Contact [email]abuse(a)t-online.hu[/email] concerning
remarks: activities like spam, portscan and other
nic-hdl: IV32-RIPE
changed: [email]irina(a)axelero.hu[/email] 20040406
source: RIPE

% Information related to '81.182.0.0/15AS5483'

route: 81.182.0.0/15
descr: Hungarian Telecom
descr: Public Internet Access Provider
descr: Budapest, Hungary
descr: HU
origin: AS5483
mnt-by: AS5483-MNT
changed: [email]bat(a)matav.net[/email] 20030205
source: RIPE

Conclusion:
I would be happy if you granted access to the 81.182.0.0 subnet again, which belongs to T-Online, one of the biggest ADLS service provider of Hungary and used by thousands of people. And I think you should rethink your security policy because I suppose my case is not unique.

I'm sorry if I seemed too harsh but I have this problem for a long time past.

David on 20/9/2006 at 18:11

We have had massive problems with spamming and the 81.182 range Previously a spammer would come from that range and we would ban it, but they would show up 5 minutes later on another IP from that pool.

In the end it became easier to ban the entire class, since then the amount of spam users has dropped from 5-10 per day to less than 1 per week, which is a massive drop. I was reluctant to ban this range, however the results have, to me, justified my decision.

In the seven years these forums have been running we have not had one single legitimate user from this IP range.

I am sorry for the inconvenience, however I received no help from the ISP itself when contacting them about the spammers from their own IP range, so I was left with little choice but to ban the whole range so we did not become inundated with spammers.

dj_ivocha on 20/9/2006 at 19:32

Quote Posted by David

I received no help from the ISP itself when contacting them about the spammers from their own IP range,

Conspirant, looks like you have your work cut out for you. :sly:

Gingerbread Man on 20/9/2006 at 19:44

We don't like to wildcard ban at ALL, never mind something as broad as a two-segment ban. 81.182 has been a huge enough problem for us to take this step.

metal dawn on 21/9/2006 at 03:44

Quote Posted by Gingerbread Man

We don't like to wildcard ban at ALL

In your own words, I believe...
Dynamic IP
Wildcard ban kills bystanders
How they shake their fists

It's stuck with me for quite some time; mostly because it has a very catchy ring to it, but also because it's true.

Gingerbread Man on 21/9/2006 at 04:15

To be honest, we don't tend to ban by IP anyway. In most cases it's enough to simply ban an account -- if the user wants to re-register under a different name and play nice after that, it's usually not a problem. Most people find that a fresh start on the right foot is all they need, and if the general membership doesn't twig that it's the same person with a new account then everything can be nice and smooth. Dave and I always know who's who, however -- and we try to let the moderators know as well -- but really, if everything's happy then everything's happy.

Spambots and spammers are banned on the spot, and banned by IP. Persistent trolls and asshats are banned by IP after we get fed up banning their new accounts.

Persistent trolls / asshats / spambots / spammers with dynamic IPs can get the gentle goodbye or the hard goodbye... We can either ban the range as harshly as we need to, or we can contact the ISP in question and make little Billy Fuckwad explain to his dad why they suddenly have no Internet. I haven't had to do the ISP thing in years. :(

To date (and I think this has all been imported and stretches back to the beginning of us using vBulletin for the forums) we have banned 56 specific IPs, 9 wildcard IP bans, and we do not accept registration from 8 email-providing domains.

That's 65 IP bans over 502 banned accounts (and God knows how many more which may have been purged in the semi-annual Membership Cleanup), so you can see that it's not our weapon of choice.

Conspirant on 21/9/2006 at 19:17

Quote:

I was left with little choice but to ban the whole range so we did not become inundated with spammers

This is sad. :(
Unfortunately I couldn't log in even from my workplace (too bad that we use the T-Online's ADSL there, too) but now (at home) after a few reconnects I got an address from the 84.0 range :erg:

If you agree and give me some details in private I may attend to this problem. In the whois information there is also a phone number - perhaps I could achieve something if I talked with them in spoken words and in Hungarian.
It's possible that the abuse address is just flooded by spams and no one has read your complaints among the millions of mails per day... :p

~s:a:n:i:t:y~ on 27/9/2006 at 13:52

This is one of those rare times when I feel lucky I live in my place - I can rest assured that my dynamic IP address will unlikely be ever banned. (that is, if I behave :))
Or does Ukrainian spam reaches you as well?

Shug on 27/9/2006 at 20:19

It's been reaching me in the last few days

dj_ivocha on 28/9/2006 at 01:14

Yeah, same here. In fact, I've been getting a lot of spam from your IP range, ~s:a:n:i:t:y~... you didn't think I wouldn't notice you were involved, now did you? :nono: