Blog
Ben Barden - Life of a web developer
My Sites
- Web portfolio
- Blog Tips
- Blogging Guide
- CMF Ads - Low cost advertising
- Injader - Open source CMS
- How To Achieve Anything
- Instrumental music
How long will it be before people start to realise that banning by IP address just does not work?
I was checking the default mailbox on my server to look for bounced emails, and I found quite a few. Some of them said that the IP address of the server had been blocked for spamming. In one of the emails I found a link to a site that gives the "evidence" of this abuse.
I checked it out, and noticed that the IP has been blocked since July 2008. However, I didn't start using the server until September 2008.
I have contacted the site that's blocking the IP, and I've also contacted my web host. Hopefully this will be resolved quickly once my web host tells the anti-spam site that I was not using that IP addess when it was being used for spam.
This does raise some issues when it comes to banning by IP.
The shared server problem
Let's say your website is on a server that hosts 100 other websites. One of those people starts sending out spam. What happens? An anti-spam site blocks the IP address of the server. So thanks to the actions of one site, all the other sites go down, and usually those are the people who are expected to sort it out!
The changing IP problem
OK, how about this one. A spammer signs up for a web forum and floods every section of the board with spam. The server admin bans the IP address. But it just so happens that the spammer was on a dynamic IP, which means that the next time they reset their router, they'll have a new IP. Not only that, but it's quite possible for an honest user to end up with the banned IP. Once again, it's the honest user who has to find out what's going on.
The determination problem
Now let's say a spammer has their IP address banned and wants to get back in. They can use a site known as a proxy to get a different IP address. And they're in again. This time it's the admin who just keeps on banning IP addresses but doesn't actually get anywhere because the offender keeps coming back.
What would help?
Firstly, banning by IP doesn't help - the offenders can just get a new IP. The old IP is then blacklisted for no reason, potentially shutting out legitimate users.
Secondly, if an anti-spam site discovers unusual activity, why can't they work with the web host to shut down the site, instead of blocking the IP and potentially shutting out other people? Why isn't the web host detecting and shutting these people down before it gets to the point of blocking the IP?
I often see blogs and websites running old versions of software, with known security issues and so on. Why are these sites allowed to keep running when using insecure software is just making the situation worse?
I don't have a perfect solution - but I do think the current approach is not helping anyone.
That's my view - what do you think?
Want to read more posts like this?
Subscribe!
< Entrepreneurs: how committed are you? | Blog | Why I abandoned Gmail and installed Thunderbird >
Comments on When legitimate Internet use gets blocked
Tags: anti-spam, ip banning
Been there, got this t-shirt.
A couple of months ago I found out that I was blacklisted by Project Honeypot and my IP was considered to be that of a spammer. This also happened long before I started blogging.
I hope for your sake the anti-span site you referred to here is not Project Honeypot. These guys will not even reply to your or your host's queries.
This same thing is happening more and more. The WordPress plugin Bad Behaviour has an option through which the IPs of the visitors to your site are checked through Project Honeypot.
Eventually I was forced to make use of a proxy and I just by-passed all this rubbish that way. I am convinced that real spammers would also know all about proxy addresses and thus I can really not see any need for something like Project Honeypot.
Raju - agreed, IP addresses are often linked to more than just an individual.
Lyndi - thankfully it's not Project Honeypot - and I just managed to get the IP unblocked, so I'm happy about that.
I still think the choice to ban by IP is flawed though. It might be useful if someone from a specific IP is repeatedly spamming, as blocking the IP would be an inconvenience to them - but the ban shouldn't be permanent. There has to be a better way.
Uhh, tell you what, ben... this reminds me, lol, when I was roaming the old irc.msn.com server, they some day decided to ban 212.198.* - i.e. a whoooole provider. My provider at that time. I spent the next two years having to find workarounds so I could get my daily rate of fun. Of course I was young and innocent at that time... but I totally see where the problem is. Here in France, most people have a dynamic ip as well - only cable users hold theirs for a few months at a time, and adsl users may suscribe to an option to get one but it's expensive. So there - uneffective.
On a student board I'm an admin on, we usually have to use temporary IP bans (a couple of hours) as well as username ban. This prevents offenders from re-creating an account, and usually they just get tired of trying - thankfully, most of them are not even aware that they can change their IP by resetting their router or hardly know what a proxy is. And then they leave us in peace for a while before we have to step in and stop them again ^_^
very valid point you have raised. in countries like India, almost everyone have dynamic IP, so it is useless to block offenders by IP. And Shared hosting is a mess in all aspects anyway.