Plugin Author
AITpro
(@aitpro)
We spent several months researching blacklisting IP addresses and doing this manually during that research with the intention of automating this after manual research was done. Chinese spammers were providing us with a large number of IP addresses to work with in our research. At least a million spammer ip addresses and probably more like several million spammer ip addresses.
The total number of IPv4 addresses that China has is:
Country Country code Addresses Per capita
China CN 331.69 million 0.26
The first huge problem we realized was that unless you block entire CIDR blocks of IP addresses then you would end up with IP blacklists that were so large the website performance would slow to a crawl due to the massive size of these lists/files.
As soon as we blocked 1 CIDR block of ip addresses the Chinese spammers switched to another CIDR block of ip addresses. The CIDR blocks have 1,000’s to 100,000’s of ip addresses in them. Entire CIDR blocks totalling at least 1 million and probably several million ip addresses were being used by Chinese spammers. So obviously blocking or blacklisting by ip addresses was not a smart approach or even anything near a feasible solution of any kind.
Here is another important factor in the equation. hackers hack victim websites and use those websites to hack other websites. blocking victim website ip addresses means that when the legitimate website owner fixes the hacked website then it would still be blocked by the ip address.
Anyway by this point you are probably getting the picture. blocking/blacklisting by ip addresses is a pretty foolish thing to attempt on a large scale, but does have it uses on a small scale. ie you have an actual human pestering your website and you want to block that ip address. 99% of all hacking and spamming is done by automated bots that have millions of ip addresses that they can use.
So what works then?
Blocking by a bad action itself that is being done. ie if bad action X is performed then do Y.
Allowing something that is finite vs trying to block something that is massive/infinite like millions of ip addresses. Example: If I only allow my ip address to be able to view my login page then I would not have to block millions of other ip addresses from viewing my login page.
The smart approach is to look at what automated hacker and spammer bots are doing – the bad action itself – then block that bad action instead of trying to block by ip address.
i thank you much for your comments and i see your point
myself, i block entire countries (mainly China) because i pay for bandwidth on my shared hosting plan – i don’t like doing that, but i’m also unwilling to pay for the massive amount of bandwidth otherwise
BPS seems to not stop the bulk of this traffic; if i remove the blocks, my bandwidth about doubles from non-human traffic and that’s what i’m trying to avoid
what you need is a BPS-BSD module – Bull Sh*t Detector LOL
take care, and thanks again!
(and mark resolved if you wish)
Plugin Author
AITpro
(@aitpro)
hmm I thought the days of paying for bandwidth usage were long gone. Even the Economy packages on the Web Hosts we use for testing sites have unlimited bandwidth.
Yep, your approach for your bandwidth situation would be correct – block those entire countries where you do not want any visitor traffic from those countries.
Yep, BPS does not block anything based on visitor traffic since most folks want more visitor traffic and not less traffic. π
read the fine print for those hosts offering “unlimited” bandwidth and disk space – you’ll find that isn’t true
those ultra-cheap, hosts that are offering too good to be true deals, while being fine for testing or a personal home page, are a spammers wet dream
they almost always oversell, their resource usage is often pegged, their tech support is often crap, and their mail servers are often blacklisted
i just got done with a nightmare session from H E double L with the pile of monkeys at [moderated] – what a mistake that was (as most anyone who hangs around lowendtalk knows)
i’m in sort of a corner because i need more control than a web host offers, but am not ready for a VPS – in the mean time i’m using [moderated] and they are, by FAR, the best web host i’ve ever had, but you do pay a little more. [moderated] does not oversell and i have yet to see a single instance of high resource usage. the mail server is troublesome sometimes, but that is to be expected in a shared environment. very good people overall
Andrew Nevins
(@anevins)
WCLDN 2018 Contributor | Volunteer support
Please remember you can’t discuss hosting providers on these forums.
Plugin Author
AITpro
(@aitpro)
Thread Start Date: 12-4-2014 to 12-5-2014
Thread Resolved/Current Date: 12-6-2014
Comments: A task has been scheduled and attached to “Throttler” to look into this further as a possible incorporated feature.
