On Thu, Oct 05, 2017 at 10:35:43AM +0100, Mick wrote > There are a few problems with this approach: > > As it has already been mentioned, the Chinese, Ukrainian, et al. IP > address blocks change on an hourly basis.
Huh?!? The subdomain names, maybe; but not the country IP address range. The whole point of this thread is about blocking by IP address, not by ineffective hosts files. > With spammers using DNS forwarding you will need to start blocking > US, Netherlands, etc. based ISPs, CDNs and cloud hosters. I'll start off with /32's. Contiguous addresses will get aggregated into /31 and larger blocks over time. > However, you may still want to receive some of these hosters content - > non-malicious and non-advert related web pages. > > Some web page scripts rely on acknowledgment/interaction with servers > proxied on some of the addresses you could have blocked. As a result > web pages hang and never complete loading, forms are broken, clicking > on buttons do not yield a result. In other words, you could break > the interwebs and your browsing experience along with it. This battle has already been fought on the spam email front. Some greedy ISPs decided to make extra money by taking on egregious spammers and using legitimate customers as "human shields". That didn't work. -- Walter Dnes <waltd...@waltdnes.org> I don't run "desktop environments"; I run useful applications
