This may be a strange request about handling IPs

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • CoyoteRed
    New Member
    • Nov 2001
    • 4

    This may be a strange request about handling IPs

    As I stated in a different post, I'm thinking about a board for a local school. One of the things I worried about is abuse from outside sources.

    I had an idea. You can tell the pros and cons, if it can even be implemented.

    Instead of 'banning' IPs, is there a way to allow only certain IPs in a range. I was thinking about finding out all of the IP ranges for my area and only allowing them. This way, someone in a different state or country couldn't access the board and cause trouble.

    Is this even feasible? Your thoughts.

    Or conversely, only allow sign-ups with email addresses that point to locally available ISP's. i.e. only allow signups with email with rr.com, home.net, aol.com, earthlink.net, etc. I understand most of these are national ISP, but this would prevent really odd-ball ISP's that are not available in our area--and most importantly free, throw-away email addresses that abusers use.

    I know this kind of backwards from banning, but I really want to limit who can have access to these kids on my site.

    Thanks!
  • WizyWyg
    Senior Member
    • Jul 2001
    • 1309
    • 2.3.0

    #2
    Re: This may be a strange request about handling IPs

    Originally posted by CoyoteRed
    As I stated in a different post, I'm thinking about a board for a local school. One of the things I worried about is abuse from outside sources.

    I had an idea. You can tell the pros and cons, if it can even be implemented.

    Instead of 'banning' IPs, is there a way to allow only certain IPs in a range. I was thinking about finding out all of the IP ranges for my area and only allowing them. This way, someone in a different state or country couldn't access the board and cause trouble.

    HIGHLY impossible. If you have student(s)/teacher(s)/faculty who access from national dialups/connections, what are you going to do about their Ip blocks? Aol? Compuserve? At&T? @home? ARe you going to block their "whole" domains? Since they dont have specific Ip blocks per state. Are you going to require that they only connect from a specific "local" isp?

    The best way for you to do is to "moderate" new signups and verify their information when they sign up before accepting them to use your board. That's the best control you can have over who you want to "allow" on your boad. Just make the board inaccessible to guests visistors through access masks (or allow them to view certain forums ,etc)

    You can read the online manual on how to moderate new signups, and setup access masks for both your forums and registered users.

    As for forums, I ONLY use "free" email addresses becuase of the potential for "spam" and harrassment from other users. And you want to be sure that you are protecting the "privacy" of your users (if a majority of your users will be students, then you have to be sure you use COPPA wisely).

    And what are you going to do about these "unknown" weird hosts? I have connections to an ISP in Canada and Japan? But I do things locally. On another domain I own, I connect ot their server and use their connections to get my email and to respond to requests and questions, and I get tagged with their servers SMTP server. So checking where "email" comes from would be more work on you, and make users "not see" your forum as a place to discuss. You want to make it inviting, but again, still have control.
    Last edited by WizyWyg; Thu 22 Nov '01, 12:36pm.
    There are only 10 types of people in the world: Those who understand binary, and those who don't

    Comment

    • CoyoteRed
      New Member
      • Nov 2001
      • 4

      #3
      Thanks for the reply.

      A little more detail about what I was after. If it's possible with the software what I thinking about was in two parts.

      1 - Allow sign-ups only for e-mail addresses attached to the major ISPs and those available only here in the local area. This would disallow sign-ups of people who use ISP's only available in other areas--this is for local people only. AND disallow people from using free email services to sign up. Whatever e-mail address they want to give out on the board is up to them.

      Oh, and the email addresses would be hidden by default. The vBulletin software does protect member's email addresses from spiders, right? So, as long as I know they are signing up with valid email addresses that aren't easy to change, I don't care that they give out throw away addresses to their friends.

      I was hoping this would help prevent the cycle of abusers coming in, flooding the boards, getting banned, getting a new email address and sign up under a new name.

      2 - IP ranges from major ISPs would be allowed as would be IP ranges from local ISPs. What I was hoping to exclude would be IPs from websites that may running anonymous web surfing and IPs from machines running proxies. This should eliminate most anonymous web surfing as it seems most proxy servers seem to be overseas. I could catch the rest as I go.

      I've already started a list of online anonymous web surfing services and collecting their IPs. Those would be some that I would block right off the bat. The thing is, it's almost impossible to keep up with open proxies. I know of one site that lists over 1,000 open, and mostly anonymous, proxies.

      I do want this board to be open and available. I'd rather not have to moderate new members--I'd like for them to sign up and get started right away.

      A scenario I see is some pervert from Timbuktu cruising the board, never signing up, mining the board for emails, IM screennames, and such; and contacting someone posing as another board member. If some kid got hurt because my board, I don't know what I'd do...

      If what I'm asking can't be done, then it would have to be a closed board with only registered users able to even view the board.

      This is a real dilemma. I need an acceptible balance of open and inviting versus safe and secure.

      If anyone has any suggestions of another tack I could take, feel free.

      Thanks
      Last edited by CoyoteRed; Thu 22 Nov '01, 3:49pm.

      Comment

      • WizyWyg
        Senior Member
        • Jul 2001
        • 1309
        • 2.3.0

        #4
        Originally posted by CoyoteRed
        Thanks for the reply.

        A little more detail about what I was after. If it's possible with the software what I thinking about was in two parts.

        1 - Allow sign-ups only for e-mail addresses attached to the major ISPs and those available only here in the local area. This would disallow sign-ups of people who use ISP's only available in other areas--this is for local people only. AND disallow people from using free email services to sign up. Whatever e-mail address they want to give out on the board is up to them.
        And that's where you can't dertermine it. Unless you know a magical secret of finding out if ONE aol memeber is from New York and the other isn't, the please let us know about it.

        The best you can do is trace their "ip" to their service provder. Anything beyond that, you are helpless.
        So if someone from AOL signsup, you have no idea if its an AOL member in New york or if its an AOL member from Hawaii. IP traces to AOL all give the same information (their headquarters address).

        And again, how do you dertermine if the person is local? Do you know all the local isp's in your town? Even my local isp had 3 "services" to chose from (dial up) and none of them were remotely close to their actual business name (hawaii Online is aloha.net for example).

        And I could be easily excluded since I have connections to a webhost/isp in Japan and also in Canada. That's just me, but what if that's the only isp service that your visitors has access to?
        Its easy to block "free email" addresses from signing up, but you'd have to keep a list updated every week (there are over 1000 different free email addresses available on different domains in different countries. I can easily sign up for a UK free email addy but Im still local).

        Oh, and the email addresses would be hidden by default. The vBulletin software does protect member's email addresses from spiders, right?
        Nope, if you disable email from being seen on your board, it isn't seen at all. not by spiders, and not by bots. The only way an email address can be picked up is if someone posts it in a message on your board.

        So, as long as I know they are signing up with valid email addresses that aren't easy to change, I don't care that they give out throw away addresses to their friends.

        Then you'd have to ban Aol, msn, compuserve and ISP services that allow you to have "6 email addresses" with their acct. My Road runner services gives me 7.

        When I used to run a "free" board (phbb) I'd have a joker who'd change his email address to every single one in the AOL book before I turned his acct in for spamming and harassment. But unless you can prove it, AOL (and CS) won't listen to you (my sister works for them so it was easier for me).


        I was hoping this would help prevent the cycle of abusers coming in, flooding the boards, getting banned, getting a new email address and sign up under a new name.
        That's where moderation comes in. Moderate new signups and moderate your boards. You wont have problems as long as the environment is "inviting" enough. If you moderate new signups, it'll prevent someon to re-register because it ain't worth the trouble. Also, you view their "ips" if its a constant problem and compare them with your list of "baddies" ip's. If they are coming off the same network, you can use caution about approval.


        2 - IP ranges from major ISPs would be allowed as would be IP ranges from local ISPs. What I was hoping to exclude would be IPs from websites that may running anonymous web surfing and IPs from machines running proxies.

        Impossible. Since "anonymous" sources are meant to be that, you'd have to list every single ip block that Anonimizer, coste and others use. Their IP blocks are SCATTERED and huge, and you wont even put a dent in their blocks.

        This should eliminate most anonymous web surfing as it seems most proxy servers seem to be overseas. I could catch the rest as I go.
        The two above dont use "overseas" proxies much.

        I've already started a list of online anonymous web surfing services and collecting their IPs. Those would be some that I would block right off the bat. The thing is, it's almost impossible to keep up with open proxies. I know of one site that lists over 1,000 open, and mostly anonymous, proxies.
        That's also known in the world of Spam Fighting. And even spam fighters can't put a dent in SYS admins who dont set up their servers correctly. And how can you determine if that "system" is a "anonimyzing" entity or just someone who set it up wrong?


        I do want this board to be open and available. I'd rather not have to moderate new members--I'd like for them to sign up and get started right away.
        For what you want, its the only way. It'll give you some piece of mind if you do. And moderating sign ups is NOT a downside (acutally it has its positivie side). On one board that i visit often where they moved to moderating new signups, the environment there quickly went from hostile (because of the spammers, harassers and just plain trolls) to productive (since we now can actually talk about the stuff that hte board was set up for). And your visitors wont' mind the "added" security if they are assured that they wont be harassed .


        Moderate new sign ups - keep a list of your "ip's" and use that list to scan repeating offenses.
        Get a good list of moderators on your side and you will see it isn't that much work after all.




        A scenario I see is some pervert from Timbuktu cruising the board, never signing up, mining the board for emails, IM screennames, and such; and contacting someone posing as another board member. If some kid got hurt because my board, I don't know what I'd do...

        If what I'm asking can't be done, then it would have to be a closed board with only registered users able to even view the board.

        This is a real dilemma. I need an acceptible balance of open and inviting versus safe and secure.

        If anyone has any suggestions of another tack I could take, feel free.

        Thanks [/B][/QUOTE]
        There are only 10 types of people in the world: Those who understand binary, and those who don't

        Comment

        • CoyoteRed
          New Member
          • Nov 2001
          • 4

          #5
          Okay, thanks for the great advise. I appreciate it.

          I guess a good group of moderators will be the key.

          Thanks

          Comment

          widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
          Working...