Page 1 of 1

[REQUEST] Module to enhance DNSBL against known VPN providers

Posted: Fri Jan 25, 2019 11:18 pm
by PeGaSuS
ProtonVPN has started not long ago providing free VPN to those that have Protonmail e-mail accounts.
This is good for those concerned with privacy, but also a pain to protect our networks against possible abuses, since they own about 400 IPs and I'm not sure if they're prone to be constantly changed.
The good part is that ProtonVPN provides a JSON formatted page with all their servers EntryIP and ExitIP here.
I was wodering if it would be possible to make a module to check if a user is using their services and therefore force them to identify via SASL using a soft-action as described here.

I was thinking in a config block along this lines:

Code: Select all

protonvpn {
action soft-action;
ban-reason "This service is only allowed to registered users";
ban-time 4h;
}
Obviously this module should not act agains people using SASL.

Also wondering if this can be handled by a module or if I should open a feature request in the bug tracker.

Best regards,
PeGaSuS

Re: [REQUEST] Module to enhance DNSBL against known VPN providers

Posted: Sun Jan 27, 2019 10:34 am
by Syzop
I think it would be better if this information would be converted to a DNSBL by someone offering this service.

Perhaps ask DroneBL or some other service if they are interested in doing this? Then it could be used by a large part (if not all) of the IRC community, and even beyond IRC..

Re: [REQUEST] Module to enhance DNSBL against known VPN providers

Posted: Sun Jan 27, 2019 12:34 pm
by PeGaSuS
I've talked to DroneBL folks and unless there's some kind of high abuse, they won't be adding ProtonVPN IP addresses to the blacklist.
I've created a file with require authentication blocks for all the ips here.
Hope this can be useful.

Cheers

Re: [REQUEST] Module to enhance DNSBL against known VPN providers

Posted: Sun Jan 27, 2019 11:51 pm
by HeXiLeD
...anything to get hands on users real ip huh...

happens that I not only support proton as I pay for some services which I (and most like me and on proton), use lawfully.
but also a pain to protect our networks against possible abuses
I've talked to DroneBL folks and unless there's some kind of high abuse, they won't be adding ProtonVPN IP addresses to the blacklist.
So there is not even abuse and punishment is already due.

There are many ways to prevent abuse from users way before radical and punishment actions such as bans and blacklists.
And how about not creating "enemies" in the first place? Banning people left and right just because they use a certain service is creating enemies right there.

You need to get away from that group of people that we both.
Do what I did. Start from scratch and don't bring any of them with you and 98% of the problems are resolved by default.

Filter the people behind the screen. Not connections.

Re: [REQUEST] Module to enhance DNSBL against known VPN providers

Posted: Wed Feb 06, 2019 2:20 pm
by Capitaine
HeXiLeD wrote: Sun Jan 27, 2019 11:51 pm There are many ways to prevent abuse from users way before radical and punishment actions such as bans and blacklists.
Filter the people behind the screen. Not connections.
How to block someone but not his connection ?
You never use /gline and such ?