Should BolehVPN implement blocklists on their servers?

France is back up!
May 20, 2014
We have a new Hong Kong server!
May 21, 2014
Show all

Should BolehVPN implement blocklists on their servers?

We’ve been considering whether we should implement blocklists on our VPN servers to protect our servers and its users from abuse.

The following are being considered:

  1. Spamhaus (Spammers)
  2. ATMA (attackers, threats, viruses, port scans, explots, DoS, malicious p2p sharers)
  3. Anti-Infringement organizations (only for US/UK servers)

The concern is that some of these IPs may be false positives (but majority aren’t of course). What do you guys think?

This of course is only one line of defence and blocklists alone aren’t good enough but it would hopefully reduce a proportion of it together with our other methods.

5 Comments

  1. Indingo says:

    I have noticed some abuse from a user stand-point “Heavy Fluctuations” on some servers, I guess maybe spam/DoS attacks through the servers. I am for block lists so long as they are “non-logging/monitoring” and you guys make very sure to “vet” the lists before use. I am all for them if they can stop abuse while also allowing you guys not to have to resort to logging and does not effect system performance negatively.

  2. ShadowTek says:

    I think some sort of counter-abuse efforts are unavoidable. Otherwise the VPN would be practically useless if the Shithats succeeded in getting the servers banned from commonly used websites.

    I know some software repositories have blocked some of the Swiss servers. It’s kinda lame when you can’t even connect to check for updates.

    I hope secure, minimallist solutions can be used effectively.

    Maybe you could create something like exclusive servers for trusted users, where unproven newcommers can’t access, but long-time users can. Sort of a way of earning trust over time and getting a benefit from it.

  3. Indingo says:

    I agree with ShadowTek.

    Counter-abuse is unavoidable now that BolehVPN is gaining more notice and to be honest I am surprised there is not more banned IP’s then there are “Very Few” on “Very Few” websites. I would also agree with ShadowTek on his comment.

    “Maybe you could create something like exclusive servers for trusted users, where unproven newcommers can’t access, but long-time users can. Sort of a way of earning trust over time and getting a benefit from it.”

    I do realize that having new servers just for long standing members would be out of the logical financial reach of BolehVPN currently, but having new dedicated IP addresses on pre-existing servers for those long term users may be justified. It would not cost any extra realistically, and the only thing it would take is man-hours to set up and get it working correctly. I would say 2-Year+ members would be a logical time-frame for an allowance on “trusted-member IP’s” I am sure there are enough of us subscribed for 2-Years+ that we would not lose anonymity from this method, even more so if they were dedicated static IP’s.

    More popularity means more website like twitch.tv/software repositories and such will be blocked by people having fun making a mess at other peoples expenses.

    Just a thing to think about, but yes block-lists are a good way to go, so long as you make sure what you are blocking.

  4. duchamp says:

    The thing is you consider a company that seeems to blacklist you over and over again. In the past months I had a few experiences where I got block pages when acessing sites, but not exeptional. I have a small tool in the browser to ckeck my IP from time to time, they have a few categories included, e.g.
    Blocklist lookup
    Adult hosting not listed good
    Dshield droplist not listed good
    Hackers, Spyware, Botnets etc. not listed good
    Open proxy not listed good
    Spamhaus droplist not listed good

    In the category Hackers, Spyware, Botnets you often get “listed error” thats the red category, so you got a hit and subsequently your costumers.

    I looked around at spamhaus and they have an Interesting Lookup Tool at http://www.spamhaus.org/lookup/

    I think I had issues with Lux in the past, so I entered IP 94.242.228.140 . The result was:

    Blocklist Lookup Results

    94.242.228.140 is not listed in the SBL
    94.242.228.140 is not listed in the PBL
    94.242.228.140 is listed in the XBL, because it appears in:

    CBL

    When you go to the CBL then, you learn when the last occurance was logged and you get encuraged to clean that crap. Because otherwise Delisting would only last short time. By mistake I have clliced that button , sorry for that. You can acess the processed result here:

    http://cbl.abuseat.org/lookup.cgi?ip=94.242.228.140

    I would recommend you to disable Smtp on your networks completely. POP3 is allright, but like this you can stop spam and have less blockllist entries.

Leave a Reply

Your email address will not be published. Required fields are marked *