[Hnrobert42]

Interestingly, this site fails ungracefully (HTTP error code 500) when I try to visit from NordVPN, even after cycling through a few IP addresses. I’m noticing more and more sites block all VPN track. I get why, but it’s not good.

[PragmaticPulp]

I've been on the other side of this (threat analysis, not Facebook).

Known VPN-associated IP addresses were far more likely to be associated with abuse than average. Not just a little bit, but approaching 2 orders of magnitude worse in our case. It's not even close.

It's too bad for the people who need to use public VPN services for whatever reason, but until we have perfect bot/abuse detection, banning VPN, Tor, and proxy services is far and away the most effective tool for cutting down on abuse.

[thesz]

One of the VPN services I've used had their own IP addresses blacklisted - I was unable to view their list of servers while using their VPN.

When asked, they cited possible abuse as a reason. But whitelisted them again after a while.

[londons_explore]

But it's hard to 'abuse' reading a blog post...

[danuker]

There's denial of service, which wastes server resources, reducing the accessibility to humans interested in the content.

[Dylan16807]

I'd think that your average VPN block could just be rate limited if that's a big worry.

[doix]

Depending on why you're using a VPN, you can just pay for a tiny VPS from ovh/hetzner, setup wireguard and use that as your VPN. Obviously don't do anything illegal, since everything is going through a server that is directly tied your credit card. But for privacy/security, it's good enough (for me anyway). I'm guessing it's luck of the draw if your IP has been blacklisted or not, but I've not had any issues the last 6 months whilst I travelled around.

[wiredfool]

Hetzner commonly triggers cloudflare's bot detection, and there are some things that just refuse to talk to it’s ip space.

[chaorace]

I've noticed this is quite popular among the kings of cargo-cult security: banking websites. I can only hope the proliferation of VPN-gating is more contained compared to the recent (banking-led) upswing in Android root-checks.

This type of security theater can be easily bypassed by any determined attacker and thus only serves to deter honest users.

[someotherperson]

> This type of security theater can be easily bypassed by any determined attacker and thus only serves to deter honest users.

To play devil's advocate, the large amount of attackers aren't really determined. They're just fishing for easy targets. If you check the logs on a VPS you'll see an endless stream of people trying to exploit things like Wordpress 24/7 on your brand new VPS that has nothing but a html landing page.

With banks, I imagine they have a compliance check list they have to tick off to make sure that -- if and when a successful attack happens -- their insurance would pay out. If they haven't taken simple steps like blocking VPNs it could lead to the insurance company claiming negligence.

[ignoramous]

> To play devil's advocate, the large amount of attackers aren't really determined. They're just fishing for easy targets.

The rise of the copy-paste attacker: https://en.wikipedia.org/wiki/Script_kiddie

[criddell]

Do you know how they detect VPN traffic?

When I'm traveling I'll often pipe my traffic through a VPN on my home network. I have had some weird failures but I've usually assumed that it was due to an unreliable hotspot I'm using. Now I'm wondering if using a VPN is the real problem...

[philjohn]

It'll be due to the exit nodes for the VPN having been put on a blocklist.

If you're tunneling through your home network it's unlikely to cause problems, unless you've been doing nefarious things from your home IP and that has also ended up on a blocklist.