Jump to content
Not connected, Your IP: 34.229.110.49
kbps

Blocking - Time for a refresh of servers?

Recommended Posts

I am noticing that I am getting more and more websites blocked.  Either partially or fully.   There a a few shopping sites that let me see the front page but as soon as I search i get "Access denied, you do not have permission on this server" or for other websites after clicking on a link i get "403 Forbidden".  Some other websites just time out as if they have fallen off the internet, but without the VPN I can reach them correctly.

Is it time for some new servers as a lot of these have been used for a long time and are clearly now on a lot of block lists, or can Air do something behind the scenes with their routing servers?

Share this post


Link to post

I don't believe refreshing the servers' exit ip addresses would solve it, since the root of the problem is the lazy ban some WAFs like Sucuri and AWS's WAF implements. They need to stop relying on blind ip blocklists and work on other checks like Cloudflare does. We as users can't do much, but VPN providers could pressure them into working on a better solution.

Share this post


Link to post
On 12/1/2022 at 11:40 PM, blacksadcamel said:

I don't believe refreshing the servers' exit ip addresses would solve it, since the root of the problem is the lazy ban some WAFs like Sucuri and AWS's WAF implements. They need to stop relying on blind ip blocklists and work on other checks like Cloudflare does. We as users can't do much, but VPN providers could pressure them into working on a better solution.


I believe that you are right.  I decided to try Mullvad for a month as they have a lot more servers that they own or lease that are use different AS providers to AIR.  I ran into more or less the same blocking using Mullvad servers too.  Looks like this could be an issue for VPN services in the future, if not now. 

Share this post


Link to post
On 12/2/2022 at 8:40 AM, blacksadcamel said:

I don't believe refreshing the servers' exit ip addresses would solve it, since the root of the problem is the lazy ban some WAFs like Sucuri and AWS's WAF implements. They need to stop relying on blind ip blocklists and work on other checks like Cloudflare does. We as users can't do much, but VPN providers could pressure them into working on a better solution.


The issue is no log VPN providers generally attract users who most likely are going to be using VPNs to cover up certain types of copyright-infringing activities and the only web hosting companies that accept their business also are the ones seen as higher risk.  This is why on one hand Air adding more servers here and there is great until one finds out it's yet another M247 and the like.  From a anti-fraud perspective, these are garbage-tier IP addresses that may cause more issues when keeping them unblocked due to the hosting provider not being helpful when addressing copyright issues.  I can tell you anecdotally at least that when dealing with brute force attacks for my own online businesses, the IP's are almost entirely VPN-based and come from many of the same hosting providers Air uses (such as the aforementioned M427).  If, for example, a company's business 99% comes from residential IP addresses and 50% of fraud comes from VPNs, it may be safer just to blanket ban any high risk IP (if not outright banning anything from a datacenter which is very easy to identify via tools like GeoIP).

I've suggested in the past that Air add a stricter tier with things such as lower speed caps, blocks on torrenting, etc., for the users who just want to use a VPN for privacy reasons and other legal activity and want to be on a lower risk IP address. 

Share this post


Link to post
57 minutes ago, airvpnforumuser said:

Blocking certain protocols or removing the functionality of the "internet" is not conducive to Air's explicitly stated mission. Afterall, why stop at torrenting, why not add porn, or other "harmful but legal" activities a certain major government was plotting to do - and thankfully, they saw sense and reversed course (but the rest of it is a dumpster fire too).

 

I'm quite aware of this which makes this one of those issues that may be hard for Air or any other VPN provider like it to offer without majorly reversing course on what they set out to achieve.  The problem as users have noted, is these IP addresses become more and more high risk as they amass an increased history of misuse.  I still think it is a good suggestion to have an alternate tier perhaps on another Air-operated brand ("AirVPN for Professionals" or something) for those who just want lower risk IP addresses with a privacy-focused provider but are OK with more restrictions when using them.

Share this post


Link to post

I would suggest that special servers be setup only permitting outgoing traffic on low ports (0-1023).
This should protect the exit IPs from getting registered as assiciated with torrent traffic etc. because these servers would be very unsuitable for torrenting.
I believe this clean exit-IP will be valuable for people who only browse the web or do other simple things.
It does not restrict freedom because you can always choose to use a server that is open for ALL traffic - if this is your requirement.

Share this post


Link to post

Can you explain why IPv6 would solve this issue? AirVPN already supports IPv6. Wouldnt owners of infra being abused (hacked/overloaded/whatever) just block the IPv6 range as they do for IPv4?

Share this post


Link to post
On 1/3/2023 at 9:22 PM, wunderbar said:

I would suggest that special servers be setup only permitting outgoing traffic on low ports (0-1023).
This should protect the exit IPs from getting registered as assiciated with torrent traffic etc. because these servers would be very unsuitable for torrenting.
I believe this clean exit-IP will be valuable for people who only browse the web or do other simple things.
It does not restrict freedom because you can always choose to use a server that is open for ALL traffic - if this is your requirement.


You're poking the elephant in the room.  :)

Share this post


Link to post

How do you think this can be achieved? It is a shared resource (the exit IP address of a VPN server) there is no possibility to keep it clean unless you interfere with the user's traffic. Even if they would change all the servers now it is just a matter of time until they are listed again, but the effort in both work hours and money would be significant, for no true benefit. Use a socks5 or some other tool on top of the VPN, like everyone who needs this does.

Share this post


Link to post
On 1/3/2023 at 5:22 AM, wunderbar said:

I would suggest that special servers be setup only permitting outgoing traffic on low ports (0-1023).
This should protect the exit IPs from getting registered as assiciated with torrent traffic etc. because these servers would be very unsuitable for torrenting.
I believe this clean exit-IP will be valuable for people who only browse the web or do other simple things.
It does not restrict freedom because you can always choose to use a server that is open for ALL traffic - if this is your requirement.


It's unfortunate we've bad actors on the internet.  But it's important to remember here that the biggest and baddest actors with the money and regulatory capture are ultimately the ones causing you the inconvenience and infringing your freedom in the name of a campaign that usually targets very small actors who don't play by their rules.
Do you see why giving concessions to such people is foolish?  They can't ever be appeased.
Besides, copyright "infringement" is only one of many reasons VPNs get blocked.
You are mistaken if you think your would-be masters won't soon return with more demands, and before long VPNs will have no meaning for privacy at all.
Also, separating the userbase into "clean" and "dirty" servers would best serve to make each honeypots for their respective users based on the purported intentions of their online activity.  If Tor and I2P teach us anything, it's that "clean" and "dirty" users need to enthusiastically mix their traffic on the same network to help ensure everyone's privacy and interests online.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...