Why are VPS providers giving out blacklisted IPs?

6 points by knuthsat ↗ HN
I've noticed recently that I've been receiving IP addresses that are blacklisted by Cloudflare, Google and the like and the VPS is unusable outside of a local network.

I think I got 3 in a row and have been switching providers but most just give me a bad IP address.

10 comments

[ 1.3 ms ] story [ 36.5 ms ] thread
blacklisted in what way? For web browsing etc? Pretty much all datacenter IPs are at least going to be on a "suspicious" list for that, and its not like the providers can really avoid that. Servers produce little legitimate web visitors, and lots of bot traffic.
I would say it is less likely that VPS providers are intentionally giving out blacklisted IPs and more likely that VPS customers are getting their providers IPs blacklisted.

Perhaps VPS providers should consider putting some of their customers in the "naughty corner" and keeping separate IP ranges for customers that do not have a history of abuse.

> keeping separate IP ranges for customers that do not have a history of abuse.

To avoid the “good” ip ranges getting banned, they need to keep a separate IP range for customers without a future of abuse; history is not reliable for the purpose.

This is somewhat more challenging.

Also the provider needs to develop a history of responding appropriately to reports of abuse. (And the abuse needs to be reportable... When I was in the business of blocking IPs, most of the stuff wasn't really reportable, we'd just add ASNs for hosting to our suspicious list when abusers started using them)
If you are running into this, it's almost certainly because you are doing some sort of crawling or web automation. This is precisely what gets those IPs blacklisted. I think it's a little dishonest to complain about those IPs being categorized correctly before you want them to be.
Or it’s the previous person assigned the IP was spamming with it. Some janky VPS providers don’t even have dedicated IPs (i.e. they do some kind of hostname mapping instead — although that’s quite rare nowadays).
No I mean you'd have to be hitting Google/Cloudflare/... to find out that you've been blocked by Google/Cloudflare/... If he's found out, it's probably because he's crawling those sites.
Can confirm this. Having ran a scraper back then, you'll get captchas on large sites and their cdn providers.
Or he's using the machine as a personal VPN. Point is, all assumptions are useless.

The fundamental problem here is that IP addresses are limited, but spam and bad behavior originates from concentrated sources. Hosts are forced to defend against that behavior, and when the sources overlap minimally with their customers, they beat the perceived offenders with a cudgel of CAPTCHAs (and federated IP reputation databases, which you might call "eventually inconsistent").

Possible solutions:

- Convince the Internet to diffuse its spam across the 0.0.0.0/8. This is pretty much impossible without some kind of decentralized mesh overlay network becoming mainstream and the primary method of consumer Internet access

- Switch to IPv6 (I'm joking, but actually many filters are much less equipped to deal with IPv6 blocking than IPv4)

- Ban IP reputation databases / threat sharing, or regulate it to be transparently verifiable that a new owner of an IP will not inherit its reputation. Considering the no-fly list continues to exist, which is inhibitive to rights more fundamental than web access, I wouldn’t expect this to happen any time soon.

- Ban CAPTCHAs

Its because IP blacklists are run by third parties, not the VPS providers. IP blacklists are the problem, not your providers.