Access denied by CIDRAM

Now she has access.

I have activated reCAPTCHA.

She uses VPN, and maybe m247.com for VPN?

m247.com is in the Sections List in CIDRAM, and now I have clicked at Ignore this.

However, I am not really sure that this is the right solution.

Hi,

Sorry for the delayed response, and thanks for your patience. WordPress doesn’t seem to notify me when there are new issues to respond to here for whatever reason, which means I tend to only notice new issues here when I manually check (which isn’t every day).

> The reader is in Denmark, but CIDRAM says 185.212.169.* in UK and/or Denmark.

Yeah, that particular range seems to originate in Denmark, based on the information available that I could find. The reason that CIDRAM says UK, is because the information about the origin of the various ranges known to CIDRAM is sourced (not exclusively, but primarily) through BGP records, and the BGP records for that range says UK (maybe an error in that information somewhere, or maybe registered in the UK, despite being utilised from Denmark; I’m not sure).

There could be (that is, there probably are) other ranges in the same situation or similar, but I don’t worry about it too much, because taking steps to increase the accuracy in the origin information would also generally increase the amount of time required to update the signature files, and although more accurate information is generally desirable and would be nice, I need to balance that against maintainability and avoid making the process too time-consuming too (thinking ahead here, for the benefit of potential future maintainers; if, at some point in the future, I’m no longer able to update the signature files for whatever reason, the question of whether anyone else would be willing to step up and take over, etc). As long as CIDRAM is able to get it correct most of the time (i.e., correct more often than incorrect), and when it really counts (e.g., when decisions are being made whether to block something on the basis of that origin information, etc), I’ll be satisfied with that. More important is the accuracy of the decisions of whether or not to list any particular range in the signature files in the first place. ??

> She uses VPN, and maybe m247.com for VPN?

Quite likely. I’ve know of a few others that do the same, so it definitely wouldn’t be an unheard of thing.

> m247.com is in the Sections List in CIDRAM, and now I have clicked at Ignore this.
>
> However, I am not really sure that this is the right solution.

m247.com is a kind of awkward network, from CIDRAM’s perspective. It’s multinational, it’s multiplay (i.e., operates as a cloud provider, as well as a proxy service, as well as an infrastructure provider, as well as a hosting provider, as well as a traditional ISP, to an extent), often provides vague information which leads to incorrect origin information (e.g., like how we see UK instead of Denmark here), and is also a huge source of spam (mostly from the cloud parts of the network, but from other parts, too). The amount of spam seen from their network is the primary incentive for listing their network in CIDRAM, and not listing them would directly affect a number of other CIDRAM users which would see quite a lot of abuse at their websites originating from m247 prior to it being listed, but the presence of human endpoints at their network (e.g., the traditional ISP part, the proxies, etc) also creates a notable risk of false positives, too, and unfortunately, the nature of the announce descriptions in their BGP records, and the general lack of information at their website, makes it difficult to distinguish which exact ranges belong to human endpoints versus which don’t.

Ideally, if there was an easier way to distinguish between the human endpoints and non-human endpoints, I could account for that in the signature files and update accordingly, but I’m not sure at this point insofar as their particular network in concerned. Personally, I’d prefer a better solution, too. But, until such a solution can be found, I think that ignoring the section is probably the best interim solution. There is a risk that you’ll see an increase of spam originating from that particular network as a result, but weighing that up against the risk of blocking actual legitimate users, it’s still probably better to have CIDRAM ignore that section.

Anyway, these awkward situations, is one of the main reasons why the ability to ignore signature sections was implemented into CIDRAM in the first place, the other being to provide a mechanism to compromise between those users which say things like “You definitely MUST block network X/Y/Z at any cost!”, and those users which say things like “You definitely must NOT block network X/Y/Z no matter what!”, whereby said networks can then just be implemented and ignored by default, and I can tell the users which want to block it to unignore it, or those which don’t want to block it to ignore it and so on, so, you’re not using it incorrectly there or anything like that anyway. ??

If I remove the signatures from CIDRAM’s default signature files, I know of at least a few users offhandedly that’ll likely want a quick explanation from me about it. But, you’re also not the first person to encounter this kind of problem. I wonder if perhaps it’s about time for me to list m247 as one of the default ignored signature sections (alongside some of the already default ignored signature sections like China Backbone, Bharti Airtel, Pakistan Telecom, Bezeq International and so on)?

• This reply was modified 4 years, 11 months ago by Maikuolan.