How can you block VPN's from accessing your website?
cloudfare i guess
>>53731574
cloudflare doesn't block vpns
why would you do that?
>>53731568
>find ips of vpns
>put in blacklist
not hard, somebody probably has a list available
>>53731568
You can't. learn what dynamic and static IP is.
>>53731660
>tfw script kiddies trying to give me advice
Get accounts from all providers and enumerate all of their IP addresses. That's what Netflix, Hulu etc do IIRC. Alternatively accept massive collateral damage and block all non residential IP addresses (datacenters, business oriented ISPs etc), there are block lists for doing that.
>>53731568
With javascript
>>53731766
>Alternatively accept massive collateral damage and block all non residential IP addresses (datacenters, business oriented ISPs etc), there are block lists for doing that.
Where can I find these lists? The ones I found cost like $12k a year to use.
You can't. There's no way to tell if a connection to your site is being made from a computer that provides VPN services or not. Hope that helps!
>>53731568
fail2ban
have fun to find kinda log or IP list
>>53731807
why block VPN ? you can block IP from blacklists
http://www.webopedia.com/TERM/R/RBL.html
- http://www.spamcop.net/
- http://www.sorbs.net/
- http://www.dsbl.org/
- http://www.spamhaus.org/
>>53731699
>tfw you're a script kiddie for even having to ask this question
>>53731807
Some of them
https://github.com/Zalvie/nginx_block_files
https://www.iblocklist.com/lists.php
https://www.qwdsa.com/converse/threads/nginx-ban-list-stopforumspam.63/
Those are static lists and can be outdated. Maintained dynamic lists costs a lot like you say.
>>53731888
http://www.dnsbl.info/dnsbl-list.php
this blacklisting reference site should be better
You don't seem to understand what a VPN is.
Can someone answer why people want to block vpn's? Wouldn't that just drive more people away from your business?
Just like with ad-block when I see a website telling me to disable it.. too bad.. never going to visit that website again.
>>53731911
>>53731699
>skid
>xd im a real hacker i program im vb
go back to fucking cod anyone who uses that work
>>53731592
No but it makes it super fucking goddamn annoying to enter the site or post on it. (You're most likely banned on big VPN providers.)
Seriously, fuck browsing the web on VPNs if you intend to post on a site. It's almost on TOR status of annoying.
>>53731568
But anon, why would you want to limit your users privacy?
Hey OP, there is a way to find any IP if it is behind VPN or not, without using any blacklist or even cloudflare
I won't tell though, go search it, if you didn't find it then tell me
Require all your users to confirm their identity by going on Skype with you before registration. And then, randomly select one periodically for re-confirmation.
>>53735427
and always check the blacks
>>53735385
Oh, and it detect tor users too
>>53731568
get lists of vpn ip's, and block them
>>53732116
Most of VPNs are hosted on datacenters, so blocking non home ip-ranges would do job.
>>53735679
>>53735696
>>53731611
>>53731660
>>53731766
>>53731855
>>53731888
>>53731919
>>53731968
>neo /g/ level on tech like average home user who block the list in the router
Fucking /v/
>>53731853
Nope, you can, do you even network
>>53735760
well, you only can block an ip that's known to be a VPN.
If I make a private VPN for myself any maybe some of my /g/ friends, it wouldn't fucking matter.
>>53735825
Nope it'll, even if you make your own VPN still can be detected and blocked (if it is necessary )
>>53735865
it can be detected if multiple people have different accounts from the same ip, yes.
Otherwise, no, you fucking retard.
>>53735878
I'm retard now ? Lol
Ok, the scenario
(YOU) ---- (VPN SERVER-private one) ----- (Dest.)
And only you using the VPN server. I still able to detect whether you're on VPN or not, hell I can even check you machine uptime and your agent whether it is fake or not.
How: basic networking
>>53735943
Not really. You can check if the computer I'm accessing your site from behaves like a server, yes.
But you can't - especially not automatically - prove that that is a VPN.
>>53731596
To restrict freedom of speech and freedom to access information.
>>53735965
>>>>>You sound scared thinking using VPN or TOR doesn't feel secure anymore?
>>>>>But yes I can check the behavior , and I'll prove to you by -again basic networking
>>>>>BTW, I'm cyber security audit and these are basics for any forensics
>How to check your uptime remotely ?
TCP Timestamps
>http://forensicswiki.org/wiki/TCP_timestamps
>How to check if you're behind VPN ?
When you open a page while connecting PPTP, L2TP(±IPsec) or IPsec IKE, your packet is encapsulated into another packet, results: overhead , now to lower the latency for sending big packets, the MTU is lowered from your network interface MTU to prevent excessive fragmentation.
The story is different when you use OpenVPN though, as it doesn't alter the MTU at all, so how you detect it? simply by decreasing the MSS inside encapsulated packet by using MSSfix, resulting a uniuque MSS value for each setting , exposing you connection type, connection protocol (IPv4, IPv6), transport protocol (UDP, TCP), cipher, MAC and compression.
For example :
>MSS: 1368
> ------- it'll expose the following----
>Protocol
UDP
>Block size
64 note: 64 mean blowfish , 128 mean AES
>MAC
SHA1
and so on
>How I'll know your agent?
Well, it is very easy to check this one, as the always transmitting in browser’s User-Agent header and don’t change it
you check the deference and know it is fake.
There is a tool to automate all that, but I can't recall it.
>>53736251
>as the always transmitting
as the OS always*
>>53736251
>>53736251
Oh yeah, I found the tool
>https://github.com/ValdikSS/p0f-mtu
>>53736291
Why? because I prove you wrong and you have nothing to counter back !
>>53731777
Kek
>>53736251
>>53736418
And here is a PoC for that detection
>http://witch.valdikss.org.ru
try it with/without VPN
>>53731568
Take your website offline
>>53736251
Most of that can be spoofed desu
>>53737127
I get
>No OpenVPN detected.
When connecting through OpenVPN
>>53731853
4chan blocks vpns....
>>53736251
today i learned that /g/ posters will only teach you stuff if you insult them and try to prove your dumb opinion wrong
>>53737225
Then you're altered the mssfix value
It can be done, but as I said, it'll increase the latency due to overhead
>>53737248
That's because the IP has already been abused and banned, not because they're detected as a VPN.
>>53737720
No commercial VPN would have the default signature to bypass basic DPI fingerprinting.
How would you even know that the IP accessing your web is VPN?
>>53737779
Wrong faggot.
>>53737800
This have nothing to do with DPI, DPI can bypassed by SSL/SSH your connection. so unless you alter the default values, you'll be detected.
and tor users can be detected by find the deference between agent of the tor (linux/BSD) and the user agent which is usually windows.
>>53732527
>TOR
It's Tor, not TOR.
>>53737720
No I'm using a default config
what is even the point of blocking vpn users from a site?
>>53738083
4chan blocks VPN's from posting here
i've tried afew and can't post to 4chan and respect my freedoms :(
>>53738138
4chan goes by IP range.
Also it allows you to post if you have a pass
>>53737980
Kys. No one gives a fuck. Thats as retarded as saying, "It's SQL not sql". Does anyone give a fuck unless it's your resume? And if tor is on your resume kys
>>53738138
Be like me and stop posting. Stop using nextflix, stop using hulu. Say fuck you to any website that blocks vpn.
>>53737260
the lesson here is to insult everyone on /g/
faggot
>>53738228
As a twenty year old single male I think it's very hard to find a girl who's actually interested in free software. I've had girls jokingly ask to "Netflix and chill" but when I tell her that I don't use Netflix since Netflix requires proprietary software to stream content, they stop talking to me. And worse if they do stay they think I'm weird since I blocked google IP's in my host file and we can't even watch youtube. I can't ever seem to get girls to come over to my place and I can't text them either. Once I get their numbers since I've added customs roms to my phone and refuse to use sms since it's a security concern I require all of my friends to download a free and open source messaging app and I share with them my public gpg key so that we can verify that our conversations are secure. None of my friends are willing to do this. And I can't use sites like tinder since it's not only proprietary software but a major privacy vulnerability. How come it is so hard to find a girl concerned about software freedom. I feel like I'm going to be a virgin forever.
>>53737260
Lol. I remembered when i learned this. If you simply ask how something works no one will tell yoyullu. Is you want someone to tell you, make a statment about how you already know and explaine how it works based on whatever you think might be how it works. Some neckbeard will give you a long winded explanation about why you are retarded and tell you how it actually works.
>>53738220
k.y.s.
not kys
>>53731568
Wait until every vpn has been used to post cp all over your site
>>53731568
First of all, you don't want to. Second, it's probably harder than you're willing to do. Finally, you're an idiot.
>>53731568
You can't. VPNs are just IPs. You literally cannot differentiate between regular user and a vpn user. You need to find vpn servers and add their ip to your block list manually.
Block IP ranges that belong to server providers. It's not rocket surgery.
While we're at it, any recommendation on VPN's?
Hola doesn't work with neetflux anymore.
>>53746023
>Hola
Zenmate if free
>>53738573
I'm not even a neckbeard you millennial
>>53736251
Those methods, even when combined, are still limited in their reliability..
>>53736016
OP is a huge faggit tiday
Found this:
https://translate.google.com/translate?sl=auto&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=https%3A%2F%2Fhabrahabr.ru%2Fpost%2F216295%2F&edit-text=&act=url
Looks like you can detect most OpenVPN users by looking at the MSS TCP header value.
