Bullshit Drama

[Durf]

About the proxy issue, perhaps I can offer some assistance:

A typical WHOIS would offer some information on the host including a given "netrange" or IP range.
Something like 69.69.0.0 - 69.255.255.255 (this is an example of a somewhat large range, this host is a provider to many clients)

The thing about proxy services is that they aren't like internet service providers where some of the IP addresses in their range are for personal use (people), some are for business, and whatever else the ISP serves. They usually only cater to people using their proxies (not real people playing tron, as real players have no need for playing through a proxy because they are there to play the game).

However, this doesn't mean it would be safe to ban the whole range given in the WHOIS (since the host information might come from the ISP of the proxy service). So, that's why we check the relative size of the range itself / assume a smaller range, but still a range.

example: troll ip = 192.168.1.1, I would say, if you know it's a proxy (say for example their ping is abnormally high) then you could probably ban the entire range of 192.168.0.0 - 192.168.255.255. (large range, 192.168.*.*)

If you can't assume that they are behind a proxy, assume a smaller range: 192.168.1.0 - 192.168.1.255 (192.168.1.*)
Although this may seem a bit rash, consider where tronners live relative to each other and that such a small range would most likely only ever effect 1 tronner (there are odd cases where it may effect 2 separate tronners, but you decide how much you need the ban in place)

Keep in mind that a proxy service buys many different locations so they can offer their users greater anonymity (servers around the world, each with its own range). That being said, you can choose to do large ranges (not care about the proxy service, anyone using a proxy shouldn't be on your server anyway) or choose small ranges depending on your preference on how rigorous you want to be about banning a problematic player. Though sometimes because of their services using many locations, it may take a few tries before you successfully get all the ranges that the problematic player has access to.

Using this method, I have kept spam and trolling at bay for way longer than 2 minutes, with no complaints that anyone else was effected. It's been pretty successful in solving the issues, even if it takes a couple times to get it effectively, at least it got the job done.


I used this method to ban from a tron server, but the same concept can be applied for a web server (or specifically phpBB if you still wanted them to have access to other parts of the website) or even a firewall.

Use it if you'd like; don't if you wouldn't.
Hope it helps!


Side note:
I have a PHP script with WHOIS and BAN RANGE commands. Along with some geo-location commands and other stuff. (ban range so you don't have to ban each IP in the range one by one, fairly straightforward if you want to make your own)
Keep in mind I only ever used with as a last resort. When all appeals to reason have failed. Warnings given, slaps, kicks, bans, permanent bans...and they still come back to assault the server/site with spam/trolling.

If anyone would like it for your server, it's only a few files. Although I would probably need to update it.
Lemme know via PM if you do.

[Z-Man]

I hear other communities categorically block posts from VPN services such has hotspot shield and hidemyip. Makes me wonder whether there is a plugin for that. Somebody somewhere is clearly keeping track of the IP addresses these services use, maybe they share?

[Tank Program]

I'd like to avoid banning giant IP blocks because that's a really easy to way to accidentally take out most of a state or small country.

Regarging a list of VPN or IP hiding services, I'm sure someone's put together a big list. It's something worth considering.

[Gazelle]

<-- Was not the spammer, however I don't know exactly what I got banned for, voicing my opinions against Lucifer? I mean I was a little more creative, however, I can reassure you it was not durf, or soul, or myself, we were all on TS with each other.

[Z-Man]

Not the topic for that, Gaz.

There are databases of various malicious IP addresses that can be queried via DNS lookups. I used two meta-lookup engines:
http://whatismyipaddress.com/blacklist-check
http://www.checkingtools.com/ip_check
Fed them various legitimate user IPs and spam IPs. Looks like this list is highly specific:
http://cbl.abuseat.org/
It lists most of the IPs Tank banned and I have found no false positive. The database is based on email spam received by real and honeypot mail servers, but guess what? Mail spammers use TOR (how? beats me) and IP hiding services as well, and each exit IP is shared by many, many users. It also offers an easy path to get your IP delisted.
This one is distant second:
http://www.projecthoneypot.org/services_overview.php
One false positive and more false negatives.
The rest of the lists was completely useless. A couple (the other spamhaus lists, SORBS) also include dynamic IP ranges just because they are dynamic IP ranges and should not host mail senders; useful for mail spam, but not for forums. The rest of the rest had not a single true positive.

As for how to integrate it: google "dnsbl phpbb". I think some support may already be integrated, according to this in includes/session.php.

Dowside: I think it's IPV4 only.

There is also StopForumSpam, but that is mostly aiming at the commercial spam problem. We don't have that too much, about one stealth edit-later copy-pasta post per day, and I can't say how effective it is against the kind of manual spam for spam's sake.

Edit: If you post from a blacklisted IP, your post should be put into the "pending mod approval" queue, not blocked, I'd say.

[Lucifer]

http://wiki.mikrotik.com/wiki/How_to_De ... ication%29

The basic idea is to ban based on destination port, because the VPN services use predictable ports.

Now, to see if I can find a list somewhere

<-- Was not the spammer, however I don't know exactly what I got banned for, voicing my opinions against Lucifer? I mean I was a little more creative, however, I can reassure you it was not durf, or soul, or myself, we were all on TS with each other.

Well, this thread is about the spammer, so you're offtopic.

[Lucifer]

Maybe try this?

http://perishablepress.com/how-to-block ... -htaccess/

[Z-Man]

http://wiki.mikrotik.com/wiki/How_to_De ... ication%29

That's only for blocking employees in a company from escaping resctrictive web surfing policies via VPN applications within the company network. It blocks the connection from the employe's PC to the VPN host. We're on the other side of the VPN system.

The other thing is worth a shot. Though I think it is only for straight HTTP proxies and TOR and won't be of much use against VPN type IP hiding. The VPNs can work purely on the network layer and forward almost all protocols verbatim.

[Durf]

@Tank Program,
Usually banning IP ranges isn't that big of a problem for (let's face it) a smaller internet community.
If this website we're Facebook, that would be a different story.
So all I was saying really is that you CAN safely ban an IP range (even a short one) without effecting other tronners.
Statistically speaking, the numbers are in your favor to ban a range. <shortened reply>
Taking out most of a state or country is surprisingly hard to do, rather you'd need to do something like this: 192.*.*.* which is far larger of a range than described in my method.
(like I said though, you would decide how big of a problem it is, and how rash a solution you would need.)
I agree, it is best to avoid it. But when banning a single IP doesn't work...

@Lucifer,
Gazelle is quite on topic with what you perceive this topic to be, "the spammer".
The main subject of both his sentences is "the spammer". So to you, Gazelle shouldn't be off topic.
Really, re-reading the topic title is important. The topic is about the "bullshit drama" and everything that subsequently resulted from that. (including, but not limited to, "the spammer")

@Z-Man, yes, my methods may begin to get outdated when it comes to IPV4 vs IPV6. Only because we're "running out" of IPV4. Though this doesn't change how ISPs and proxy services handle their ranges. Incidentally it means they can only offer smaller ranges per person.

Also, was gonna post about spamhaus and other public blocking lists...you guys seem to have it covered.

[Gazelle]

Why remove my post? All I did was say that I recall reading the topic and posts and seeing the thread was about the spammer.. I even said "my bad" if I was wrong.. What is up with the mods just deleting posts they don't agree with, wasn't even starting drama lol!

[Z-Man]

Why remove my post?

Err. It wasn't? There's a post of yours right up there and the moderator logs show no action regarding you in the past 24 hours or so.
And if it was, reposting with "I was just saying" would have been a stooooopid move. Just saying

[Tank Program]

<-- Was not the spammer, however I don't know exactly what I got banned for, voicing my opinions against Lucifer?

You weren't banned for being the spammer. You weren't banned for voicing your opinion.

wasn't even starting drama lol!

Maybe you weren't starting, but you sure were contributing, and not in a constructive fashion. There won't be more discussion about this here, but feel free to PM me.

[Tank Program]

I'm not sure it's worth blocking proxy servers, not to mention I'd be blocking myself. I will consider some of z-man's other suggestions though.

[Lucifer]

Why remove my post?

Err. It wasn't? There's a post of yours right up there and the moderator logs show no action regarding you in the past 24 hours or so.
And if it was, reposting with "I was just saying" would have been a stooooopid move. Just saying

The forums are acting kind of funny. I saw what Gazelle's talking about. Your long post about banlists was also not showing up for me until just a few minutes ago. My post telling him this thread is about the spammer was also missing.

Is it a mysql mirror problem, maybe?

[Gazelle]

My bad then, I had another post I had written up on my phone, I hit submit, I guess it never went through!