 |
 |
My IP occasionally being blocked by MacNN
|
|
|
|
|
Dedicated MacNNer
Join Date: Oct 2002
Status:
Offline
|
|
Over the last year, my IP has been occasionally blocked by MacNN. I've sent emails to request unblocking, but they don't always seem to get through.
My IP is Russian firm Stream (stream.ru), which is a large and very well run company. They block port 25 among others, so I very much doubt you are blocking them for sending spam, although I could be wrong if they allow the port to be opened by subscribing firms.
I'd be very grateful if you could have a look into this. Visiting MacNN by proxy is not the greatest experience and prevents me from logging in.
My current dynamic IP address is 91.76.61.31, if that is of any use.
Thanks for your help,
Sincerely,
PER3
(Posted this under "Recommendations" instead of "Bugs" as I don't know if this complaint concerns a bug or a feature.)
|
|
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status:
Offline
|
|
My guess is that there are spammers who also use the same ISP.
Things would be much easier for the admins here if you wouldn't have constantly changing IPs.
-t
|
|
|
| |
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status:
Offline
|
|
My guess would be that ISP has some subrange that falls in the middle of a bunch of spammers. Do you happen to know any of the IP addresses that were blocked?
|
|
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
|
| |
|
|
|
|
|
|
|
Administrator  Join Date: Jun 2000
Location: California
Status:
Offline
|
|
PER3, you've used 171 addresses. Of those, four (4) are covered by our block list.
Starting from the address given (91.76.61.31):
Nearby blocked ranges ------------------- - 91.76.57.* - 4 bot registrations. unknown spam type. No legit presence.
- 91.76.59.* - 4 bot registrations. unknown spam type. No legit presence.
- 91.76.84.* - 4 bot registrations. seo spamer(s). No legit presence.
- 91.77.*.* - 21 spammers, no legit presence. Meds sales, bot registrations. Spammers scattered across the IP range.
- 91.78.*.* - 27 spammers, no legit registrations. One IP used by PER3 for posting. Med sales, bot registrations. Spammers scattered across the IP range. I can probably finagle the block to omit the one IP you've used in this range.
Other blocked ranges you have posted from --------------- - 85.141.*.* - 18 spammers, no legit registrations. 3 IPs used by PER3 for posting, 1 IP used by red rocket. We assumed the range contained a TOR exit, which we don't specifically block. On next use, a different TOR exit would be used, so incidentally blocking a single exit should not be a hardship. The spammers offer meds & viagra, one has an email in the rapemaster (net) domain, another in the porntube4us (info) domain. It may be possible to finagle blocks around your past IPs (and rr's) while still covering the spam IPs.
It would be most helpful if you could note your public IP when you get blocked. If we knew what block you were hitting today, I can map that out vs actual spam hits within the range.
Edit: PER3, which email box did you send complaints to?
(
Last edited by reader50; Oct 15, 2009 at 03:54 AM.
)
|
|
|
| |
|
|
|
|
|
|
|
Professional Poster
Join Date: Jan 2000
Location: Detroit
Status:
Offline
|
|
Originally Posted by reader50 
PER3, you've used 171 addresses...
for those that ask, like me, can you tell us how many IP addresses our account has come in on? that's cool info! don't need the IPs, just the unique count.
|
|
|
| |
|
|
|
|
|
|
|
Administrator Join Date: Jun 2000
Location: California
Status:
Offline
|
|
IP Totals
Atheist: 267
PER3: 171
residentEvil: 118
Rumor: 171
Simon: 420
User IP info is only valid since the switch to vB in 2005.
For simplicity, all who ask will be listed in this post.
(
Last edited by reader50; Oct 17, 2009 at 01:31 PM.
Reason: added another IP total)
|
|
|
| |
|
|
|
|
|
|
|
Professional Poster
Join Date: Jan 2000
Location: Detroit
Status:
Offline
|
|
Originally Posted by reader50
residentEvil: 118 IPs
User IP info is only valid since the switch to vB in 2005.
very cool; thanks! i wouldn't have guessed that high; but I guess from home, my cable supplied service changes IP more often then i would have guessed. at work, i know the number of address it could be/what they are...i run it; so i know the public NAT address range 
|
|
|
| |
|
|
|
|
|
|
|
Posting Junkie
Join Date: Nov 2000
Location: in front of my Mac
Status:
Offline
|
|
How many have I got?
Edit: Thanks, reader50.
(
Last edited by Simon; Oct 16, 2009 at 12:50 AM.
)
|
|
•
|
| |
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Oct 2002
Status:
Offline
|
|
Originally Posted by reader50
PER3, you've used 171 addresses. Of those, four (4) are covered by our block list.
Starting from the address given (91.76.61.31):
Nearby blocked ranges ------------------- - 91.76.57.* - 4 bot registrations. unknown spam type. No legit presence.
- 91.76.59.* - 4 bot registrations. unknown spam type. No legit presence.
- 91.76.84.* - 4 bot registrations. seo spamer(s). No legit presence.
- 91.77.*.* - 21 spammers, no legit presence. Meds sales, bot registrations. Spammers scattered across the IP range.
- 91.78.*.* - 27 spammers, no legit registrations. One IP used by PER3 for posting. Med sales, bot registrations. Spammers scattered across the IP range. I can probably finagle the block to omit the one IP you've used in this range.
Other blocked ranges you have posted from --------------- - 85.141.*.* - 18 spammers, no legit registrations. 3 IPs used by PER3 for posting, 1 IP used by red rocket. We assumed the range contained a TOR exit, which we don't specifically block. On next use, a different TOR exit would be used, so incidentally blocking a single exit should not be a hardship. The spammers offer meds & viagra, one has an email in the rapemaster (net) domain, another in the porntube4us (info) domain. It may be possible to finagle blocks around your past IPs (and rr's) while still covering the spam IPs.
It would be most helpful if you could note your public IP when you get blocked. If we knew what block you were hitting today, I can map that out vs actual spam hits within the range.
Edit: PER3, which email box did you send complaints to?
Dear reader50,
Thanks a lot for your detailed response. I couldn't answer right away as I was blocked.
Recently, my blocked addresses have been in the ranges you mentioned:
85.141.141.90 15 Oct 2009 (forum blocked, not main site)
91.77.41.254 15 Oct 2009 (forum blocked, not main site)
Not blocked 85.140.235.138 16 Oct 2009
I'll keep you filled in when I have a more sizeable range recorded.
...
If I could ask a couple of questions:
My provider blocks port 25. From what I understand, this is the SMTP port, so it should prevent spammers and bots from getting outside lines. Does your information mean that my provider is opening that port for some subscribers? If so, and assuming that they are as responsible as I have imagined, should I send a complaint to their abuse address?
If not, how is this traffic getting to you? Please forgive my technical lack of knowledge.
Secondly – and I ask this with no provocative intent – why is it that out of the many sites I connect to, only MacNN has ever blocked my addresses? ArsTechnica, The Economist, SlashDot, The Register, and countless newspapers have never done so, and I am sure that they are targeted no less than MacNN. No doubt you have your reasons, but it would be interesting to hear why you have chosen the blocking policy that you have.
Thanks,
PER3
PS I sent my complaints to {admin at macnn dut com}. Twice, if I remember correctly.
(
Last edited by reader50; Oct 16, 2009 at 05:25 PM.
Reason: obscured email address)
|
|
|
| |
|
|
|
|
|
|
|
Dedicated MacNNer
Join Date: Oct 2002
Status:
Offline
|
|
Originally Posted by turtle777
My guess is that there are spammers who also use the same ISP.
Things would be much easier for the admins here if you wouldn't have constantly changing IPs.
-t
turtle777,
I agree that things would be easier if my address didn't change so often, but as far as I know, that is unfortunately one of the "features" of most ADSL facilities.
|
|
|
| |
|
|
|
|
|
|
|
Administrator Join Date: Jun 2000
Location: California
Status:
Offline
|
|
Originally Posted by PER3
PS I sent my complaints to {admin at macnn dut com}. Twice, if I remember correctly.
The admin mailbox is a problem. It's usually gone to just Demonhood, gets overstuffed with spam, and lately hasn't been accessible at all. We're working on the problem - it should be accessible to all active Admins soonish. I've obscured the contact display a bit too, which doesn't affect browsers but confuses bots. It will eventually (1-2 years) cut the spam to a trickle.
Originally Posted by PER3
Secondly – and I ask this with no provocative intent – why is it that out of the many sites I connect to, only MacNN has ever blocked my addresses? ArsTechnica, The Economist, SlashDot, The Register, and countless newspapers have never done so, and I am sure that they are targeted no less than MacNN. No doubt you have your reasons, but it would be interesting to hear why you have chosen the blocking policy that you have.
Around a year ago, we finally figured out why registrations were way up, but posting wasn't. New registrations had gone from 20-25 per day to 60-95 per day for a few months. Spam bots were registering accounts, then using them to display advertising without bothering to post in threads. They got in several thousand accounts before we caught on. Over the period of ~10 days, we banned ~5K unposted accounts based on various clues. We don't have a batch search-ban tool, the bots had to be banned one-at-a-time.
In order to close the floodgates, we blocked tainted IPs more aggressively than usual, hence why some ranges were blocked with fewer spammers than our usual thresholds, and less immunity than normal for innocent members. Normally, a single innocent will prevent a range from being blocked. But at the time, if 1-2 members were present but had plenty of other IPs to post from, we blocked anyway.
Around the end of this period, we deployed some automated registration filters. We also blocked assorted email domains, and did further fine-tuning of blocked IP ranges. The other forums you mention either tolerate more spam, have more mods working on it manually, or employed automated blocks earlier.
I'll remove blocks as needed from the ranges you are in. Our other barriers ought to keep the bad guys within reason, so keep posting IPs that give you a problem.
Originally Posted by PER3
If I could ask a couple of questions:
My provider blocks port 25. From what I understand, this is the SMTP port, so it should prevent spammers and bots from getting outside lines. Does your information mean that my provider is opening that port for some subscribers? If so, and assuming that they are as responsible as I have imagined, should I send a complaint to their abuse address?
If not, how is this traffic getting to you? Please forgive my technical lack of knowledge.
There are no stupid technical questions. Most broadband providers block Port 25 by default, except when going to their own mail servers. If you are associated with a site (say macnn) and have a branded email address with them, then you need to reach them on Port 25 in order to send mail through them. note - encrypted mail connections use different ports.
So most ISPs will unblock port 25 upon customer request, allowing the customer to reach any mail server on the 'net. Most spammers today use their own mail servers, so port 25 blocking doesn't do much against them now. In theory, we could report tainted IPs to your ISP, plus the exact time it was used. They could disconnect that account. In practice, we didn't have time while fighting the horde, and ISPs only keep IP-usage logs for a few months. Also, this doesn't work if there are language barriers or the ISP doesn't care. Based on the high volume from China and India in recent years, their ISPs aren't serious about reports.
Spammers will just register under a new name if they are kicked. It's better to block them if we can, and have them stay on the blocked IPs. Let them spam the heck out of other boards, while our blocks hold. It's not an altruistic policy, but there's nothing we can do to eliminate them in general. At least we can keep it away from our members here.
I'll be looking at the IPs today that you were blocked on.
(
Last edited by reader50; Oct 16, 2009 at 05:48 PM.
)
|
|
|
| |
|
|
|
|
|
|
|
Moderator  Join Date: Feb 2006
Location: on the verge of insanity
Status:
Offline
|
|
Ohh; seeing my stats would be nifty.
|
|
I like my water with hops, malt, hops, yeast, and hops.
|
| |
|
|
|
|
|
|
|
Administrator Join Date: Jun 2000
Location: California
Status:
Offline
|
|
PER3, all IPs you have used are unblocked in the 91.77.* range, and the 85.141.* range. The windows I opened are fairly tight, let me know if more of your IPs need unblocking.
Rumor, your stats have been edited in above. You have tied PER3.
|
|
|
| |
|
|
|
|
|
|
|
Moderator Join Date: Feb 2006
Location: on the verge of insanity
Status:
Offline
|
|
I am really surprised that the number is that low.
|
|
I like my water with hops, malt, hops, yeast, and hops.
|
| |
|
|
|
|
|
|
|
Administrator Join Date: Jun 2000
Location: California
Status:
Offline
|
|
It is possible you have been getting recycled IPs. If you paid for new ones, you should complain.
|
|
|
| |
|
|
|
|
|
|
|
Mac Elite
Join Date: Sep 2006
Location: Back in the Good Ole US of A
Status:
Offline
|
|
Interesting thread. Is there an open "master list" of offending IP's that is maintained by the masses?
Edit: May as well request my IP count as well 
|
|
|
| |
|
|
|
|
|
|
|
Administrator Join Date: Apr 2001
Location: San Antonio TX USA
Status:
Offline
|
|
If we released such a "master list," the spammers could use it to either carpet bomb us with male enhancement ads or interfere with legitimate users. It's best to keep this sort of stuff close to the vest.
|
Glenn -----OTR/L, MOT, Tx
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
 
|
|
|
Forum Rules
|
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|
Top