I have a problem with a malicious user who appears to be unbannable
I have tried everything, I have blocked his ISP with cloudflare, I use cloudflare bad IP filter, I have blocked hundreds of proxy networks but he still comes back with seemingly “clean” US IP addresses
I have searched the IP addresses reputation on various sites and none of them are listed as a proxy/vpn IP, they are all located in the USA from top level ISP
here is a list of IP he used recently
96.42.33.250
DEC 2021
136.52.50.181
DEC 2021
24.11.5.200
DEC 2021
73.168.42.185
DEC 2021
70.132.253.177
DEC 2021
76.187.131.199
DEC 2021
99.120.224.134
DEC 2021
98.118.104.87
DEC 2021
73.241.128.188
DEC 2021
71.239.253.13
DEC 2021
69.206.102.27
DEC 2021
72.183.144.206
DEC 2021
107.207.106.235
DEC 2021
216.164.137.156
DEC 2021
69.251.235.110
DEC 2021
100.37.162.151
NOV 2021
73.32.74.228
NOV 2021
73.81.101.207
NOV 2021
how can this guy have access to all these US IP addresses which have an excellent reputation and are not listed anywhere as proxy IP. what is his trick?
we should all be worried about this, please tell me how I can block him once and for all
Could you elaborate on this? In what way is the user malicious? If they’re scraping your content, enabling Bot Fight Mode or creating a custom Firewall Rule could help make it more difficult for them.
In this case, assuming you’re sure it’s the same user, it seems blocking IPs will do little good. How do you know it’s the same user? Are there any recurring patterns you could use to block them (e.g. user agent)?
I know because it’s a human content scrapper who reposts the content they scrap, and I have a fingerprint system which allows to trace back the scrapper’s IP.
If he is using VPNs and proxies, I doubt you can block him. That is annoying, so much of this is on the rise I see lately along with similar domain names aka .net, .org, .xyz.
I mean, anyone with some know-how can skip most of this stuff manually, fingerprinting and all it’s not hard and not expensive when doing the manual approach, time-consuming yes but he has a reason too since he must be making money from your content?
Have you tried DMCA? Or that is too hard, given so many don’t care or ignore them.
Today he showed up again for his scrapping routine
67.170.177.42
DEC 2021
47.154.17.101
DEC 2021
70.125.175.97
DEC 2021
67.181.201.97
DEC 2021
174.52.108.123
DEC 2021
73.165.137.39
DEC 2021
67.175.138.51
DEC 2021
Again with reputable IP addresses which are not listed as proxy anywhere. If only I knew how he accesses all these reputable IP, I could blacklist them all before he has a chance to use them.
All these IP are likely compromised computers in residential areas.
No trick, just money. I can rent blocks of IPs from my ISP at a fairly cheap price (~$1 per IP). Nothing stops me from using those spare ips as proxies.
You can’t. All the efforts that you will put into this will go to waste. You can rely on very, VERY vague patches that will be easily bypassed especially with privacy-focused browsers.
Could be. Some botnets use the infected machines as reverse proxies, however, in many cases that’s not the case as ISPs themselves sell ips at a fairly cheap price.
This is the best advice. If DMCA doesn’t do it then you will enter into a serious loop of legal procedures that will take a lot of time and money. It’s up to you to decide whether this is worth it or not.
One way you can stop these guys is if the search result is removed, they are doing it for financial gain… If you get no traffic, no point scraping.
The is due is, Google farts out algorithm updates that hurt sites over the smallest of things but are super slow to move on apparent stolen or cloned content funnily enough, same with Microsoft.
But this is what I would do personally first, most effective and cheap.
108.185.148.205
DEC 2021
68.55.122.126
DEC 2021
107.192.158.236
DEC 2021
172.7.10.153
DEC 2021
131.128.166.215
DEC 2021
50.81.185.22
DEC 2021
67.166.116.174
DEC 2021
75.168.86.31
DEC 2021
99.78.86.66
DEC 2021
23.242.252.208
DEC 2021
72.227.234.47
DEC 2021
69.180.96.2
DEC 2021
as usual all of the above IP have an excellent reputation in proxy tracking sites