Can't load this forum with a VPN

[Christoph Bergmann]

Hello everybody,

out of network security I sometimes connect with a VPN. Today I learned it's not possible to load this forum with the vpn. (it immediately loads when I disconnected).

Isn't it possible to use a captcha instead of no-loading?

 

[sickpig]

\cc @Bloomie

edit: for what is worth I'm not able to reach the forum using tor.

 

[Erdogan]

Yes, I would like a solution to this problem too.

 

[Bloomie]

No, because spam networks use them to get around IP bans. All abusive proxies are banned too. Captcha doesn't work against human spammers. If we open those floodgates, this forum will turn to shit.

 

[Christoph Bergmann]

@Bloomie I understand.
I'm a moderator at coinforum.de, a german bitcoin forum, and we allow access through tor/proxy. We sometimes have spammers, but it's just one click for me to kick them and their posts out.
But german is a much smaller audience, so it's no indicator. Maybe you really would have a lot of work to remove all the spam.

But you know that Bitcoiners are mostly sensible with privacy, so many people using / prefering bitcoin would be ideologically not satisfied ...

 

[Georg Engelmann]

@Bloomie perhaps you could charge a registration fee for people who prefer to use a VPN

 

[Zangelbert Bingledack]

@chmod755

And it could be a tiny amount of BTC, since probably no spammer is going to bother. If someone does it can be raised.

Though I guess just making the captcha require some Bitcoin knowledge ("enter the number of coins per block reward in 2017") would have a similar effect.

 

[Justus Ranvier]

I'd pay for the ability to browse the forum through a tor hidden service.

Does the underlying forum software support restricting user actions based on their IP? If so, it should be possible to set something up where only users on a whitelist are allowed to log in to the forum from the IP from which hidden service connections appear.

 

[sickpig]

a few middle ground ideas:

- permit Tor/VPN in read only mode. not ideal, but forum won't suffer from spam writing through aforementioned services, users could at leas read.

- grant write permission only to those who set up 2FA. A bit demanding on users side but the bar for spammers will be raised quite a lot.

regardless charging to access forum through tor hidden service or via VPN seems a fair solution.

 

[Bloomie]

Administering different tiers of paying and non-paying users and their payments would be a challenge.

@Zangelbert Bingledack Captcha answers only need to be figured out by one person. The password is then shared on black-hat forums for everyone to enjoy. Same goes for master spammers who hire cheap labor in India or Philippines. They provide the instructions, and the hired folks do the job.

@Justus Ranvier You can only ban a user based on his IP, not assign specific privileges.

@sickpig I believe read-only mode is already possible, unless you are using a VPN or proxy that has specifically been placed on the naughty list. Then the user is out of luck.

 

[Justus Ranvier]

You can only ban a user based on his IP, not assign specific privileges.

I wonder why forum software doesn't include this yet. Seems like it would be part of the toolbox by now.

 

[Christoph Bergmann]

Hmm ... how about an captcha without an answer resp. with an answer you only know after asking Bloomie? If you fear it is traded in Darknet, you can change it every two weeks or something like this (as experience will show how much need there is for it)

Edit: This would be frustrating for spammers, which is funny, but also for regular users who don't know. So the captcha field should have a "wtf? Why is it not working"-Link

 

[67 speedqueen]

Yes, I would like a solution to this problem too.

If you need to use TOR, simply bounce it through a public web proxy, like this:

I signed up with TOR without doing this, worked fine at the time :-\

 

[Cconvert2G36]

I'm seeing 9 members logged in right now. Seems premature if not just generally dumb to make it harder for the forum to grow. It isn't just scammers and spammers using tor/vpns. I'm using a (apparently non-evol) vpn right now, and I suspect many Bitcoiners are somewhat careful about broadcasting their actual ip in BTC related venues.

 

[67 speedqueen]

>Bitcoiners are somewhat careful about broadcasting their actual ip

Siege mentality. The same thinking that won't raise the blocksize cap because [imaginary] spam attacks blacklists IP ranges because [imagined] Vandal hordes.
P.S. What I mean is (and I know this is flimsy), why not ask "why do most attacks happen? Could it be it's because we're pissing people off? Could putting some thought into not pissing people off require less energy than epoxying all the ports?" Not saying drop security altogether, but some sort of a balance.

 

[Cconvert2G36]

Pissing Theymos off, and having some strangely coincidental network difficulties afterwords was the impetus for taking some protective measures. Once you see how cheap and easy it is, the cost/benefit analysis is pretty one sided, even outside His realm.

The ven diagram overlap of Bitcoiners and wild paranoiacs is fairly large tho, I'll give you that, I might be straddling the line.

 

[67 speedqueen]

My guess is anyone serious could trash either one of these forums without much effort. Adding more and more locks to the front door doesn't add much towards securing a straw shack, just invites aspiring h4xt0rs to trash, point fingers, and laugh. Because now they're not bullies trashing some humble shack, they're winners! They broke into Fort Knox. e.g.

 

[Bloomie]

@67 speedqueen Not sure what you're talking about. We were discussing spam, not attacks. They're not malicious, just a bunch of low paid workers in India etc posting crap about Viagra and get rich schemes.

You can use this forum via most VPNs, unless it's a notoriously shitty VPN that spammers love to use. Then it's banned.

 

[67 speedqueen]

Ah, sorry, my mistake. These spammers tend to use TOR, not VPNs? Because it's TOR that seems to be blocked.

'Far as drive-by spammers "posting crap about Viagra," how do all the other forums, including bitcointalk.org, deal with that?
And what incentive do Viagra retailers have for targeting an obscure Bitcoin forum?

 

[Bloomie]

They target sites with the most traffic going by Alexa rankings etc, not really favoring any specific content. The goal is to drop a link which will be crawled by search engine bots for a temporary traffic spike just enough for them to scam enough suckers and move on to promoting the next domain.

Not sure how Bitcointalk deals with it, but they are actually in the business of selling spam, so maybe they even like it!