View Single Post
Posts: 1,157 | Thanked: 3,851 times | Joined on Oct 2014
#9
Originally Posted by Copernicus View Post
I'm just basically saying that I see no reason to give TOR exit points additional privileges over normal IP addresses. If your main defense against malicious accesses coming from a particular address is to block that address, and you decide that some addresses now cannot be blocked, well... now you've got a giant hole in your defense, right?

If a particular address is being used maliciously, it should be treated as any other address being used for malicious purposes. Treating some addresses as special would seem to defeat the purpose...
This makes no sense, sorry.

Allow me to qoute a reply from another forum, adressing the same issue.

Your forum accepts posts from anybody. That is your core problem. Connecting to your site from various IP throughout the world is trivial, if only by using Tor. Tor provides "high anonymity" in that not only the user's identity is hidden, but each request is anonymous -- you cannot, from the outside, make sure whether two distinct requests are from the same human user or not.

This can be fixed at two levels:

1) Restricted anonymity: enforce user registration and authentication. Users may use a pseudonym, and need not provide an email address or any other identification, but your forum will insist on a login process before posting. That way, you can know whether two comments come from the same person. Note that this does not totally solve the issue; instead, that moves it to the registration process. The poor sob who has nothing better to do with his time than defacing your forum will adapt and engage into mass registration of phony accounts.

2) No anonymity (with regards to you): user registration, this time with an email address, which is verified during registration (you make sure that the registrant can read an email sent at the address he provided). The possibility to be identified, if only by law enforcement agencies, could be a powerful deterrent for wannabe spammers (even if the said spam is not necessarily punished by Law: to my constant dismay, there is no law against writing "LOLOLOLOL").

If you choose to retain anonymous posting, then, well, welcome to the wonderful world of Mankind. While most humans are civilized, honest and polite, there is always one user who thinks exposing his lack of education is a smart thing to do. The best you could do, then, is to patiently clean up (possibly proactively, by enforcing pre-publication control of all posts by trusted moderators) until the perpetrator loses interest or reaches the age of 14, whichever comes first. This may take a few weeks or months.

Historically, most societies have dealt with troublemakers by a mixture of ostracism and actual penalties (up to and including death). The apparent anonymity of Internet prevents efficient penalties (with a lot of resources, this anonymity can usually be unraveled, but police forces will not do that until an actual crime is committed). Ostracism is social pressure, so it does not work on people who do not feel the target forum as being a "society" they are part of.
__________________
You can still support my work by donation - click here

ETH: 0xFcD031609DB739C62730589361940C68ceEbC913
 

The Following 6 Users Say Thank You to nieldk For This Useful Post: