The Firing Line Forums - View Single Post

**Mike Irwin** · September 3, 2013, 10:03 PM

It's simple, really.

Generally, IP addresses (IPA) are assigned in blocks to regions/nations, and IP providers serving those areas (Asia, Western Europe, North America, etc.).

As mentioned, this has broken down somewhat, but it's still largely valid.

Some IP addresses have been overrun by spammers over the years.

A good example is IPA 121, which serves large areas in the Middle East and India, and East Asia. We've had to block literally thousands of individual IP addresses originating from 121, 122, and 123 simply because the likelihood of someone registering with one of those IPAs is about 95%.

Your phone is assigned a completely different set of addresses from your home computer. That's doubly true if your phone is handled by a different carrier than your home internet.

Back to the border lines breaking down...

It looks as if you're on the west coast of the United States. Not really a hotspot for spamming, right?

Unfortunately, there's a new trend in IPA allocation. Providers are selling/leasing/renting whatever unused IPAs to off-shore concerns, which makes it appear as if a spammer is originating domestically.

The Chinese are really big on this right now. They're buying up IPAs assigned to US and Western European regions and using them to spam.

AOL at one time virtually had a lock on IPA 174.XXX (I think that's the one) because they were the largest internet provider in the world at one time. As their fortunes have declined, they've sold off numbers, many to Chinese companies.

Now days, if we see a new member from 174, chances are probably 50/50 that it's a spammer.

Because of all of this, as I said, we've banned literally thousands of individual address combinations. As necessary, we can unblock a limited tunnel that allows legitimate members through, but which generally still keeps most of the spammers at bay.

That used to be pretty difficult and time consuming, but our software admin Tyme crafted a very neat hack to the software that made it fast and nearly foolproof.

Most people don't realize just how hard sites as active as TFL have to fight to keep spammers at bay.

Some months ago we noticed a HUGE surge in spammers trying to access TFL, and they were using new tricks that makes it harder to catch them.

Fortunately, a number of us on staff have worked diligently to keep them out, and by using old standbys (requiring new members to be approved for membership instead of just letting them join and start posting), new tricks for spotting them (which I'm not going to discuss), sharing information with other boards that are also fighting the same fight, and often just using gut instinct, we've been very successful at keeping spammers and other malicious users out of our forums.

It's time consuming, and occasionally we miss something, but since the beginning of the year I feel that I'm safe in saying that we've flushed close to, if not over, 1,000 spammers before they could ever get to the forums.

September 3, 2013, 10:03 PM	#5
Mike Irwin Staff Join Date: April 13, 2000 Location: Northern Virginia Posts: 41,389	It's simple, really. Generally, IP addresses (IPA) are assigned in blocks to regions/nations, and IP providers serving those areas (Asia, Western Europe, North America, etc.). As mentioned, this has broken down somewhat, but it's still largely valid. Some IP addresses have been overrun by spammers over the years. A good example is IPA 121, which serves large areas in the Middle East and India, and East Asia. We've had to block literally thousands of individual IP addresses originating from 121, 122, and 123 simply because the likelihood of someone registering with one of those IPAs is about 95%. Your phone is assigned a completely different set of addresses from your home computer. That's doubly true if your phone is handled by a different carrier than your home internet. Back to the border lines breaking down... It looks as if you're on the west coast of the United States. Not really a hotspot for spamming, right? Unfortunately, there's a new trend in IPA allocation. Providers are selling/leasing/renting whatever unused IPAs to off-shore concerns, which makes it appear as if a spammer is originating domestically. The Chinese are really big on this right now. They're buying up IPAs assigned to US and Western European regions and using them to spam. AOL at one time virtually had a lock on IPA 174.XXX (I think that's the one) because they were the largest internet provider in the world at one time. As their fortunes have declined, they've sold off numbers, many to Chinese companies. Now days, if we see a new member from 174, chances are probably 50/50 that it's a spammer. Because of all of this, as I said, we've banned literally thousands of individual address combinations. As necessary, we can unblock a limited tunnel that allows legitimate members through, but which generally still keeps most of the spammers at bay. That used to be pretty difficult and time consuming, but our software admin Tyme crafted a very neat hack to the software that made it fast and nearly foolproof. Most people don't realize just how hard sites as active as TFL have to fight to keep spammers at bay. Some months ago we noticed a HUGE surge in spammers trying to access TFL, and they were using new tricks that makes it harder to catch them. Fortunately, a number of us on staff have worked diligently to keep them out, and by using old standbys (requiring new members to be approved for membership instead of just letting them join and start posting), new tricks for spotting them (which I'm not going to discuss), sharing information with other boards that are also fighting the same fight, and often just using gut instinct, we've been very successful at keeping spammers and other malicious users out of our forums. It's time consuming, and occasionally we miss something, but since the beginning of the year I feel that I'm safe in saying that we've flushed close to, if not over, 1,000 spammers before they could ever get to the forums. __________________ "The gift which I am sending you is called a dog, and is in fact the most precious and valuable possession of mankind" -Theodorus Gaza Baby Jesus cries when the fat redneck doesn't have military-grade firepower.