Can't load this forum with a VPN

sickpig

Active Member
Aug 28, 2015
926
2,541
\cc @Bloomie

edit: for what is worth I'm not able to reach the forum using tor.
 
Last edited:

Bloomie

Administrator
Staff member
Aug 19, 2015
511
803
No, because spam networks use them to get around IP bans. All abusive proxies are banned too. Captcha doesn't work against human spammers. If we open those floodgates, this forum will turn to shit.
 
@Bloomie I understand.
I'm a moderator at coinforum.de, a german bitcoin forum, and we allow access through tor/proxy. We sometimes have spammers, but it's just one click for me to kick them and their posts out.
But german is a much smaller audience, so it's no indicator. Maybe you really would have a lot of work to remove all the spam.

But you know that Bitcoiners are mostly sensible with privacy, so many people using / prefering bitcoin would be ideologically not satisfied ...
 

Zangelbert Bingledack

Well-Known Member
Aug 29, 2015
1,485
5,585
@chmod755

And it could be a tiny amount of BTC, since probably no spammer is going to bother. If someone does it can be raised.

Though I guess just making the captcha require some Bitcoin knowledge ("enter the number of coins per block reward in 2017") would have a similar effect.
 

Justus Ranvier

Active Member
Aug 28, 2015
875
3,746
I'd pay for the ability to browse the forum through a tor hidden service.

Does the underlying forum software support restricting user actions based on their IP? If so, it should be possible to set something up where only users on a whitelist are allowed to log in to the forum from the IP from which hidden service connections appear.
 

sickpig

Active Member
Aug 28, 2015
926
2,541
a few middle ground ideas:

- permit Tor/VPN in read only mode. not ideal, but forum won't suffer from spam writing through aforementioned services, users could at leas read.

- grant write permission only to those who set up 2FA. A bit demanding on users side but the bar for spammers will be raised quite a lot.

regardless charging to access forum through tor hidden service or via VPN seems a fair solution.
 

Bloomie

Administrator
Staff member
Aug 19, 2015
511
803
Administering different tiers of paying and non-paying users and their payments would be a challenge.

@Zangelbert Bingledack Captcha answers only need to be figured out by one person. The password is then shared on black-hat forums for everyone to enjoy. Same goes for master spammers who hire cheap labor in India or Philippines. They provide the instructions, and the hired folks do the job.

@Justus Ranvier You can only ban a user based on his IP, not assign specific privileges.

@sickpig I believe read-only mode is already possible, unless you are using a VPN or proxy that has specifically been placed on the naughty list. Then the user is out of luck.
 
Hmm ... how about an captcha without an answer resp. with an answer you only know after asking Bloomie? If you fear it is traded in Darknet, you can change it every two weeks or something like this (as experience will show how much need there is for it)

Edit: This would be frustrating for spammers, which is funny, but also for regular users who don't know. So the captcha field should have a "wtf? Why is it not working"-Link
 

Cconvert2G36

Member
Aug 31, 2015
42
73
I'm seeing 9 members logged in right now. Seems premature if not just generally dumb to make it harder for the forum to grow. It isn't just scammers and spammers using tor/vpns. I'm using a (apparently non-evol) vpn right now, and I suspect many Bitcoiners are somewhat careful about broadcasting their actual ip in BTC related venues.
 

67 speedqueen

Member
Mar 13, 2016
40
19
>Bitcoiners are somewhat careful about broadcasting their actual ip
:D
Siege mentality. The same thinking that won't raise the blocksize cap because [imaginary] spam attacks blacklists IP ranges because [imagined] Vandal hordes.
P.S. What I mean is (and I know this is flimsy), why not ask "why do most attacks happen? Could it be it's because we're pissing people off? Could putting some thought into not pissing people off require less energy than epoxying all the ports?" Not saying drop security altogether, but some sort of a balance.
 
Last edited:

Cconvert2G36

Member
Aug 31, 2015
42
73
Pissing Theymos off, and having some strangely coincidental network difficulties afterwords was the impetus for taking some protective measures. Once you see how cheap and easy it is, the cost/benefit analysis is pretty one sided, even outside His realm.

The ven diagram overlap of Bitcoiners and wild paranoiacs is fairly large tho, I'll give you that, I might be straddling the line.
 

67 speedqueen

Member
Mar 13, 2016
40
19
My guess is anyone serious could trash either one of these forums without much effort. Adding more and more locks to the front door doesn't add much towards securing a straw shack, just invites aspiring h4xt0rs to trash, point fingers, and laugh. Because now they're not bullies trashing some humble shack, they're winners! They broke into Fort Knox. e.g.

 

Bloomie

Administrator
Staff member
Aug 19, 2015
511
803
@67 speedqueen Not sure what you're talking about. We were discussing spam, not attacks. They're not malicious, just a bunch of low paid workers in India etc posting crap about Viagra and get rich schemes.

You can use this forum via most VPNs, unless it's a notoriously shitty VPN that spammers love to use. Then it's banned.
 

67 speedqueen

Member
Mar 13, 2016
40
19
Ah, sorry, my mistake. These spammers tend to use TOR, not VPNs? Because it's TOR that seems to be blocked.

'Far as drive-by spammers "posting crap about Viagra," how do all the other forums, including bitcointalk.org, deal with that?
And what incentive do Viagra retailers have for targeting an obscure Bitcoin forum?
 

Bloomie

Administrator
Staff member
Aug 19, 2015
511
803
They target sites with the most traffic going by Alexa rankings etc, not really favoring any specific content. The goal is to drop a link which will be crawled by search engine bots for a temporary traffic spike just enough for them to scam enough suckers and move on to promoting the next domain.

Not sure how Bitcointalk deals with it, but they are actually in the business of selling spam, so maybe they even like it!