IP Address Blocking and TOR/I2P/Proxy

[sjdude]

hi

This question is really for the ADMIN's

First of let us know if you know how TOR/I2P/Proxy operates...

How do you justify a "IP Address Blocking" as a mechanism to prevent spammers and weird members here, in the days of Proxy Severs, TOR, and I2P ?


I have been a premium lifetime member here using TOR all the time for and once in a while I run into this "IP Address is blocked" because some weirdo using TOR caused a problem for ECCIE...



SJ

[administrator]

Yes, the site's admins do understand how they work.

You're not allowed to mask your IP here. If you try to do so, your access to the site will be hit and miss.

We don't need to justify our security protocols. We'll do what we feel we need to do to protect the site. Sometimes regular members may feel the effects of measures designed to curb malicious activity. Kinda like having your credit card declined for fraud prevention when it was a legit charge. It's a hassle and a pain in the ass. We understand that, and accept that reality.

Thanks for understanding. Have a great day!

[Geeky80]

Why doesn't eccie offer https? It's easy and free with letsencrypt now. It would prevent nosey ISPs (think small town ISPs), and malicious tor exit nodes from reading everything we do (including our PMs). Or even worse - using firesheep to log into our accounts and do ANYTHING.

[sjdude]

Quote:

Originally Posted by TallAndSkinny

Why doesn't eccie offer https? It's easy and free with letsencrypt now. It would prevent nosey ISPs (think small town ISPs), and malicious tor exit nodes from reading everything we do (including our PMs). Or even worse - using firesheep to log into our accounts and do ANYTHING.

+1 for that...

[sjdude]

Quote:

Originally Posted by St.Christopher

Yes, the site's admins do understand how they work.

You're not allowed to mask your IP here. If you try to do so, your access to the site will be hit and miss.

We don't need to justify our security protocols. We'll do what we feel we need to do to protect the site. Sometimes regular members may feel the effects of measures designed to curb malicious activity. Kinda like having your credit card declined for fraud prevention when it was a legit charge. It's a hassle and a pain in the ass. We understand that, and accept that reality.

Thanks for understanding. Have a great day!

I also understand, being a admin myself somewhere else, but there are other options like cloudfare etc which you could use. (seeking arrangement and ashley madison seem to be using them)

[sjdude]

Quote:

Originally Posted by St.Christopher

Yes, the site's admins do understand how they work.

You're not allowed to mask your IP here. If you try to do so, your access to the site will be hit and miss.

We don't need to justify our security protocols. We'll do what we feel we need to do to protect the site. Sometimes regular members may feel the effects of measures designed to curb malicious activity. Kinda like having your credit card declined for fraud prevention when it was a legit charge. It's a hassle and a pain in the ass. We understand that, and accept that reality.

Thanks for understanding. Have a great day!

Also, if you have a 'malicious' IP you could check it against the TOR list obtained from
https://check.torproject.org/cgi-bin/TorBulkExitList.py

If the address matches that list, then more than likely the 'malicious' guy is going to get another IP in about 5-10 mins, so there is no point blocking that IP address.

There may be a similar list for I2P but I am not aware.

SJ

[Congratulations]

I havent read the previous posts but if you are using a mac device, download Tob its just a browser that makes things far easier. Just look into it.

[Guest092816]

...

[Geeky80]

You mean tor? I searched for tob but couldn't find anything. Tor masks your IP and st.chris said above that isn't allowed here. HTTPS wouldn't require IP masking. Tor exit nodes can still hijack your eccie account anyway so I'd trust my ISP more than a random tor exit node. I think implanting HTTPS should be critical priority for eccie admins. I'm even willing to help them do it if that would help get it done faster. Not having HTTPS is putting every hobbiest at risk of exposure.

[sjdude]

some guy has compiled tor and released in the itunes appstore and calls it 'tob'


hard to find, but has leaks as I understand, and of course runs in the closed-source iOS of course...

will not come with the snowden stamp of approval :-)

SJ

[sjdude]

some guy has compiled tor and released in the itunes appstore and calls it 'tob'


hard to find, but has leaks as I understand, and of course runs in the closed-source iOS of course...

will not come with the snowden stamp of approval :-)

SJ

[want2c]

Quote:

Originally Posted by sjdude

some guy has compiled tor and released in the itunes appstore and calls it 'tob'


hard to find, but has leaks as I understand, and of course runs in the closed-source iOS of course...

will not come with the snowden stamp of approval :-)

SJ

You need to read what Carnegie, has been doing with the FBI and NSA. I do not worry about the exit nod, I worry more about the relays. The early relay cells have been patched, look for new misbehaving relays. The first sign switch out and find a new bridge or jump over to outside TOR, routes. TOB and some of the other,new DW tools are most likely C.M. and NSA coop.

[Geeky80]

Google announced that starting Jan 2017, any website that uses passwords and doesn't use HTTPS will be labelled as non-secure by Chrome. This is great because it will force sites like ECCIE to enable HTTPS.

source: https://security.googleblog.com/2016...ecure-web.html