Home Forums FineTunedMac Community Lounge Blocking an IP range

New info:
I tried with a couple of browsers I had never used before and the issue remained.
Hence, clearly, the site -- craigslist -- is blocking a group of ips and not just my individtual ip.

I did a search, and some group discussed this. They referred to CL as blocking the "whole subnet" or the "whole verizon air" card in that area...

Seems crazy to me. That means that the ip would be blocked for hundreds of innocent bystanders per se. no?

Yep, that's exactly what it would mean. Everyone with an IP address in that range would be blocked.

Have you heard of this? Sounds crazy no?
Block a whole city?

Have you heard of this? Sounds crazy no?

Collateral Damage

You would think collateral damage in unitentional no? But Craigs list, if doing this, is intentional no?

from article:
For example, Killing ZBlack mamba unit in south africa used to combat generally block ranges of addresses rather than individual IPs associated with spam, and can deny legitimate users within those ranges the ability to send email to some domains.

Funny, pair up black mamba and internet blocking?

Has anyone heard of companies doing this? seem almost illegal if not unethical

Sometimes intentional actions to prevent damaging abuse of a system can and does result in unavoidable collateral damage. The choice is whether to intentionally damage say 1% of their customers or to take an action that prevents potential harm to 100% of their customers.

THANKS Joe, Come on -- Craig list: They are doing this because they have many no life flaggers, who flag anything and everything, and if you get identified as being flagged too much, they block your ip. So petty. And it's a pity they rely on this flawed system.
That said, have you heard of this being done, is this common knowledge it's going on -- blocking groups of people?

I don't know about "common knowledge", that is a broad term subject to lots of possible interpretations. While I have not personally encountered a site that has banned traffic from a specific domain or block of IPs, I am well aware of domains that are blocked by ISPs in an effort to "protect their members" which is what Craig's List is apparently doing.

I am a member of a site that was jointly founded by most of the "mainline" Christian denominations (Presbyterian, Episcopal, ELCA (Lutheran), American Baptist, and others) that provides email accounts as one of its services. FWIW this site was founded before AOL and before anyone had heard of the internet. These days email from that site is frequently blocked by AOL, and several other ISPs. The rationale given for the blockage is being they have received some magic number of spam messages from the site domain in a span of so many hours or days. At one point 5 spams in an 8 hour period was cited as the cutoff point. (One infected computer can generate that many spam messages in only a few seconds.) Apparently once a domain makes it onto the blacklist, if it is subsequently the trigger level is lowered. FWIW I believe all these ISPs involved in this case are using the same security service.

The cost of providing sufficient security on the site's SMTP server and arguing with the banning ISPs and their security service is forcing the abandonment of providing email accounts. (They are entirely self hosted which doesn't help.) Whether the service will survive is an open question. I have been a member of three other organizations, one a Mac User Group, that have been hit with this.

So the banning practice is common knowledge to me, yes it is going on all across the internet, and it is common knowledge to me and others who have bee effected by the practice. On the other hand I would venture that 80 or 90 percent of the members on the site I mentioned who are unaware of why they have had so many problems with the email and abandoned their email account and/or left the site altogether.

JOE,
But this is not a domain!
This is them blocking IP's in a geographic area.

A domain is nothing more than an IP address or block of IP addresses. It is the IP addresses that get blocked, not the domain per se. Effectively there is no significant difference.

This branch discussion was broken off of the Original Thread and moved here from the Networking Forum for continued discussion....

Joe, I thought an IP is a unique address that is tied to a computer,which identifies that computer.

While an IP address is unique, its link with a particular computer usually is not. Most IP numbers are subject to change more or less frequently because ISPs assign them dynamically. Even if one uses a static IP address, that’s not likely to remain with a particular computer (or network) forever either, although it might do so long enough to support your view.
In contrast, the MAC address of a computer’s network adapter is unique and can be used to ID that computer, but only as long as the adapter is physically part of it.

The problem of collateral damage arises when an ISP (or web site) uses blacklist (or similar) information to block the IP range associated with one or more servers (usually run by another ISP), regardless of the fact that not all IP addresses of accounts on those servers are ‘guilty’. This approach cuts back on spam etc. the blocking ISP receives in a dramatic and (most importantly) simple and efficient manner. The damage sustained by ‘innocent’ IP addresses among the blocked range does not affect the blocking ISP, but might be a problem to (some of) its customers.

This description is a simplified version of actual conditions, but it gives you an idea of the complexity of this issue.

Oh, yeah. That can and does happen. Wikipedia has been known to do it, for example--they blocked an entire range of 1,000 houses in order to keep one person from posting. (It turns out that that one person was right, as an amusing side note, and the admin who was arguing with him was actually a business rival using a phony identity. Wikipedia is fun, in a train-wreck kind of way. But I digress.)



Using an ISP or a Web site or an online service isn't a basic legal right; Web owners have the right, if they want to, to refuse access to their servers to anyone they want for any reason they want (or for no reason at all). There's nothing illegal about Wikipedia or Craigslist saying "we don't want anyone in Boise, Idaho, to use our service" or "we don't want anyone with an even IP address to use our service" or whatever else they like.



It sounds to me like that site isn't abiding by best security practices. While you can argue that if one member gets a virus and starts becoming a spam sewer, that shouldn't affect other members, in practice it is possible to configure the SMTP server in such a way as to mitigate the effects of the one infected person. If this isn't being done, other networks have a right--and I would say even an obligation--to protect themselves. The entire Internet should not suffer because one small service provider isn't up on basic security.

Having said that, I understand that it's frustrating to keep on top of this kind of problem. A lot of folks who run small services like this do so part time and don't make a point to keep on top of security issues, and because of that, they have more than their fair share of problems. In this day and age, having an online presence, particularly if you want to be your own email provider or you want to run a Web site that uses any sort of complex server-side software, means making an investment in learning at least the basics of server security, learning best practices, and doing what you can to be a good Net citizen. In the eyes of the rest of the Internet, you are responsible for what happens on your servers.

On servers I am responsible for; If I've logged multiple spammers coming from addresses within a single subnet or multiple attempts to brute force password crack coming from a subnet I have no qualms whatsoever about IP blocking a range of addresses.

If it's a full subnet I'll try to find the responsible ISP and notify them, but those notices often are ignored. Most of them are not in the western hemisphere.

Collateral damage of large numbers of users because of the actions of a few is not uncommon. The following example may not have been IP range blocking per se (although the effect could be the same), but BurstNet’s blocking of its server used by client Blogetry.com (a free blog hosting service) caused approx. 70,000 innocent Blogetery users to be barred from their blogs because one of them posted material objected to by the FBI.

It appears that simply requesting Blogetry to block the errant blogger's account wasn't an option with the availability of the carpet-bomb approach.

Actually, despite a great deal of media coverage of the Blogetry thing, the idea that 70,000 users were affected does not appear to be true, and the idea that the FBI was involved also does not appear to be true.

I smelled something fishy when I first started reading reports about Burst.net taking down Blogetry a few days back. Only one server was affected, so the claims that 70,000 users were being hosted on a single server immediately rang alarm bells in my head. Unless we're talking about a massive supercomputer, it's hard to imagine that a single server actually hosted blogs belonging to 70,000 users. Blogging platforms like LiveJournal, which runs highly optimized code spread across a distributed network with sophisticated load balancing and separate servers for database and user interface functions, still doesn't host even a third that many users on one server.

Blogetery runs WordPress software. To give you an idea about how impossible it would be for a single server running WordPress to host 70,000 users: Automattic, which hosts Wordpress.com (another WordPress-based site which hosts 278,000 users) is running on hundreds of distributed database and front-end serves connected to massive 180-terabyte file servers, each of which is controlled by four separate computers, all controlled by yet another bank of servers running load balancing software sitting on top of Nginex.

WordPress.com hosts three timesmore users than were supposedly hosted on Blogetery, and in order to do that they need a server farm comprised of a huge network of computers occupying hundreds of square feet of space in a data center. The idea that Blogetery.com was hosting 70,000 WordPress users on just one server is absurd, and any tech writer working in the IT news industry should know it.

So I started looking at the blogs hosted on the site, some of which you can still see in Google's caches and some of which you can see in the Wayback Machine at archive.org.

It appears Blogetery hosted 70,000 blogs but NOT 70,000 users Big difference! Of the 70,000 blogs that were being hosted, only a few hundred were actually real blogs with real content. The other 69,700 "blogs" were not blogs at all--they were redirectors to spam and advertising sites, all created automatically by bot software and all owned and operated by the site's owner.

In other words, it wasn't a real blogging site and it most certainly did not have 70,000 users.

I also looked at the history of the site. It had been hosted on Burst.net for seven months. Prior to that, it had been kicked off of several ISPs over the past few years, mostly for Terms of Service violations and for spam and link-trapping--creating thousands of phony sites with popular Google keywords, all of which simply redirect users to spam sites when they click on the Google link.

Blogetery had been shut down repeatedly by an entire string of ISPs prior to Burst.net; this is nothing new. Burst.net has issued two very terse comments since the takedown. The first said that they received a law enforcement request related to the server, and due to a history of abuse and ToS complaints related to the server, opted to shut the server down rather than take down only the content that related to the law enforcement issue. The second was even more terse, and simply said that they don't comment on ongoing legal matters.

In all honesty, it is my belief that the media coverage of the takedown is flawed, poorly researched, and misleading. Specifically, I believe that the people who have written the news articles I have seen have not done any research about the site; that the initial news reports of a takedown of a server hosting 70,000 blogs later were changed by secondary news reports into articles stating that the takedown affected 70,000 users; that there were not, have never been, and likely never will be 70,000 users on this site (and that should have been obvious to anyone who stopped to think about it); that the reason for the takedown was not that law enforcement ordered the ISP to pull the plug on the whole site, but rather that the site had a history of abuse problems in its 7-month stay on Burst.net and that a subpoena involving some part of the site's content was the last straw that finally caused Burst.net to decide that they no longer wanted anything to do with it; and that the site has an ongoing history of similar problems across a number of different ISPs, all of which have evicted the site from their servers.

Thanks for putting things in perspective. I had started to wonder why the OP of the thread in my 3rd link above (presumably the blogetery operator) didn't exactly sound professional, to say the least. But it sure is remarkable how this story propagates through the media with nary a critical note.

so much of what passes for "news" these days is little more than business. and lousy business at that.