[lolidaisuki]

>hello,

>You are receiving this error message because your ip (89.234.157.254) is listed in the StopForumSpam.com database.

>You can check the status of your IP and have it removed by visiting http://www.stopforumspam.com/removal. Thank you.

It's kind of ironical that they are quoting Snowden and their own site blocks Tor.

E: didn't HN used to have markdown quoting?

[maxerickson]

There's only been https://news.ycombinator.com/formatdoc

[hellbanner]

Case in point for the article title..

[krapp]

It's not really ironic - Tor is used for spam all the time.

[jakobdabo]

Just like VPNs, proxies and abuse tolerant networks.

If you can't prevent the spam by other means than IP blocking then maybe you should make your website read-only.

[nickpsecurity]

Or just block the sources of abuse while everyone else enjoys and can act on the content. Or just block comments from anonymous nets so they can at least read. Comment sections that are Wild West hurt branding too much for it to be an option.

[AnthonyMouse]

It seems like we know how to solve this. Put a CAPTCHA on account creation, then allow users to flag posts and auto-ban fresh accounts with high flag rates.

I'm honestly kind of surprised that there isn't more spam from attackers who compromise something close enough to a backbone provider that they can spoof arbitrary IP addresses and still see the return traffic.

[nickpsecurity]

Those are possibilities. As is Disqus-style moderation. Nonetheless, it's a lot of extra work with nothing to show for it and possibly dangerous to site experience. That's the problem Tor poses.

[AnthonyMouse]

The problem isn't unique to Tor. It's anything that allows a spammer to use the same IP address as innocent people, including things that aren't exactly legal, like compromised PCs and routers. Which means blocking Tor blocks the people who follow the law but not the people who break the law.

And the problem is going to get worse as a result of IPv4 address exhaustion because some ISPs are going to have to start using carrier grade NAT (and some already are). The answer to that is IPv6 as ever, but that has the opposite problem. IPv6 addresses are too cheap to meter and using a thing for proof of stake requires the thing to be scarce.

So the thing to show for it is that you can field test your solution prior to the day of Spam Armageddon when a spammer realizes they have a botnet with access to a million billion IPv6 addresses.

[Jordrok]

Ah yes, we can't sacrifice the all-important branding!

[nickpsecurity]

If you're a business, you can't. There's a decision to make:

1. Focus on benefiting anonymous people who either don't contribute shit back to the business or barely do. Freeloaders.

2. Focus on benefiting the founders, customers, and employees (in that order). If you loose some freeloaders, then so be it. If it's their design decision, then so be it time 10. They can always set up an unrestricted forum for people like them to discuss the article and deal with security headaches they bring in.

Wait, No 2 seems to work as most readers and the company are benefiting except for the few that choose not to.

[krapp]

It's not exactly difficult to find another IP if the one you're on is blacklisted.