Browsing as a VPN user

[Hazy-Haze]

So i use VPN's (but am verified so you know who I am).

Occasionally the site will keep triggering the bot detection logic which makes me authenticate over and over. Is it possible to link that bot detection logic to whether a person is logged in. So if a person has logged in to the site with a verified status, the logic no longer triggers (most likely not a bot if they have an account and plugged in their details along with a scrip to get verified)?

The thing that gets me today is yesterday i was using the same VPN location and the bot detection triggered once and today it's like every 5 mins it triggers. Irksome when writing a long reply.

 

[TheGreenAvenger]

I have passed this on to @Muiredach who will be able to give you a concise answer

 

[Hazy-Haze]

Thanks.

 

[NuggetofGreen]

So i use VPN's (but am verified so you know who I am).

Occasionally the site will keep triggering the bot detection logic which makes me authenticate over and over. Is it possible to link that bot detection logic to whether a person is logged in. So if a person has logged in to the site with a verified status, the logic no longer triggers (most likely not a bot if they have an account and plugged in their details along with a scrip to get verified)?

The thing that gets me today is yesterday i was using the same VPN location and the bot detection triggered once and today it's like every 5 mins it triggers. Irksome when writing a long reply.

I have had the same issue in addition to the website occasionally blocking me when using a vpn

 

[TheGreenAvenger]

Thanks.

I have had the same issue in addition to the website occasionally blocking me when using a vpn

Spoke to @Muiredach earlier and whilst he has signed off for the night he did give me this reply.

"Has to be up for now, spam traffic earlier bought the server to a halt."

We do apologise for any inconvenience caused, such measures are merely a server precaution and temporary as the server comes under some intense traffic at times

 

[NuggetofGreen]

Spoke to @Muiredach earlier and whilst he has signed off for the night he did give me this reply.

"Has to be up for now, spam traffic earlier bought the server to a halt."

We do apologise for any inconvenience caused, such measures are merely a server precaution and temporary as the server comes under some intense traffic at times

No worries. I've similar issues on amazon prime, bbc, YouTube. Ironically all the online safety advises people to use a vpn but web architecture doesn't like it ;p

 

[TheGreenAvenger]

No worries. I've similar issues on amazon prime, bbc, YouTube. Ironically all the online safety advises people to use a vpn but web architecture doesn't like it ;p

I get issues with the TV apps like BBC, ITV, Channel 4 etc using Proton VPN from time to time, pain the arse!

Geo restrictions come in to play a lot of the time though!

 

[Hazy-Haze]

GeoIP is fun. Using the London IP on my VPN it said I was in Portland, then google maps said I was in Moscow, then the next day I was in Brazil, then Virginia. but maybe that indicates a VPN company that are actively fuxing with GeoIP requests and making it seem like you are everywhere and nowhere.

Let @Muiredach know it's fine. If that is the cost of mitigating attacks, then so be it.

I worked out some IP's don't even trigger it. Like I used Manchester tonight and it didn't even ask, it just connected straight away. FTR, the company I use offers a browser plugin, so in reality i'm doing a double VPN (OVPN to first exit, then browser plugin creates a second hop back from there), as my first hop is elsewhere in the world and then comes back, but yeah it's kind of crazy when you think it over. Life was definltely simpler and probably better before the internet and everyone spying on everyone else. When OpSec was whether you put a password on a zip file before putting it on a floppy to sneakernet to some other computer. Nowadays it's just layers and layers of encryption and obfuscation. :/

 

[Muiredach]

The general Cloudflare check that appears for everyone time-to-time, is ordinarily in response to massive bot traffic overloading the server. I manually monitor server resources/load every day, and there's times putting up the traffic checks are the simplest and most effective solution to ensuring only genuine traffic is served, and bot traffic gets excluded by default.

I also recognise it's inconvenient for patients/clinicians, and has various knock-on effects (such as even our email signature images not loading externally).

Otherwise there's been several periods now where we've had to block off entire datacentres/networks, because we're receiving tons of automated traffic. Often this is attempts to bulk scrape pages on the site for data, but it's sometimes also malicious trying to bring the server down (see all our old Twitter commentary). In these cases, we have to block entire datacentres, and often this then affects VPNs traffic where they're using services too.

We've never attempted to block VPNs specifically, just many VPN services run out of the same commercial datacentres that bot nets are run from.

I've spent years now trying to manage various firewall rules, rate limits, and network/IP checks to find the best balance.

 

[Hazy-Haze]

The general Cloudflare check that appears for everyone time-to-time, is ordinarily in response to massive bot traffic overloading the server. I manually monitor server resources/load every day, and there's times putting up the traffic checks are the simplest and most effective solution to ensuring only genuine traffic is served, and bot traffic gets excluded by default.

I also recognise it's inconvenient for patients/clinicians, and has various knock-on effects (such as even our email signature images not loading externally).

Otherwise there's been several periods now where we've had to block off entire datacentres/networks, because we're receiving tons of automated traffic. Often this is attempts to bulk scrape pages on the site for data, but it's sometimes also malicious trying to bring the server down (see all our old Twitter commentary). In these cases, we have to block entire datacentres, and often this then affects VPNs traffic where they're using services too.

We've never attempted to block VPNs specifically, just many VPN services run out of the same commercial datacentres that bot nets are run from.

It's fine, but thanks for the explanation. It's seem to be off today. I'm not looking to add more work for you, so i'm happy to just accept it for what is.

I've spent years now trying to manage various firewall rules, rate limits, and network/IP checks to find the best balance.

Don't even bother, it doesn't exist. You'll spend nights tearing your hair out, trying to mitigate it. In days gone by I had a similar task on a gaming community server. i didn't overthink it, just fail2ban to deal with direct attacks, stopforumspam for the forum logins, I dumped the entire spamhaus blocklist to the firewall rules and I blocked China and India (in there entirety). We hardly saw any attacks or issues. Occasionally someone got through on the forum.

But accept it will never be perfect, because it never will. If you were running the server from somewhere you could control, you could drop an adaptive security device in between the Server and WAN, like a Juniper or Cisco ASA box, but even then it's a ballache to setup and not a 100% fix. Life's already too short.

 

[Hazy-Haze]

I might add one mitigation is to revoke public access to the entire forum, bar maybe the Industry section. I might add this is one thing that surprises me about this place. The forum is the one place that shouldn't be public. Maybe leave the News and research sections as publicly viewable. But Patients Chat and Medications areas, really shouldn't be public as those probably contain enough info for an AI to link user names to real world info. It wouldn't be perfect, but it might help.

If you wanted to go one further, on the Register screen, add a question, like those what is 2+2, but make it on topic like "Name the main active compound found in Cannabis?" or something else related. Even if it means someone has to go and actually research (or read wikipedia). Asking a question, is usually pretty good at stopping most bots.