I don’t know a single thing about VPN services. The only VPNs I use are the ones I run for myself and my servers.
You’re the only person who has reported it. I have never seen it. I didn’t even know that’s how the abuse protection worked until seeing your screenshot. It is unusual, and seems to be specific to coming from Tor exit node IP addresses that have been used for spam/abuse.
It has nothing to do with whether you’ve purchased a product. I don’t know who implied that or why. Nothing about buying something from us would alter what the abuse protection does. But, I think once you’re logged in, you should be able to stay logged in for some time without having to re-verify. I don’t know, though, as I’ve never seen it and don’t know how it works with confidence.
I use VPNs for a variety of purposes. Securely connecting servers to each other, so they have a “private” network where MySQL can accept local connections, is one reason. But, my other job (the one that actually pays me) involves a lot of VPNs for devices in the field that are behind strict firewalls and can’t be reached otherwise. I do not mean VPS. But, I do not use VPN services like the one you’re talking about or know anything about them, nor do I have any recommendations.
I’ll try to help you if you accept…
I’m not an old member here, but I use a VPN every time when I browse the internet or this forum or etc…
(for many - many years now)
I have never experienced… what you have outlined…!
I use these providers, with the VPN installed directly on NGFW, with OVPN connection or WG.
or if you don’t trust anyone, do this:
The future will be about these things anyway and will make it easier to prevent the creation of spam accounts.
(soon an email address/password pair will not be enough)
@Joe, Yes, I was able to verify that it appears to be a Tor-based issue. Jetpack is blocking all Tor nodes. That’s the bottom line. At the current time, there is no way to get Jetpack to authenticate at all, even it one follows the process in the email instructions. It goes into an endless loop.
As I understand the issue you have, you are having people sign up to your web site who have nefarious designs. The problem is not spam, but legitimacy of registration. Therefore your issue becomes one of how to only allow authorized registrants.
One suggestion would be that you only want people who use your products. Therefore, if they have never downloaded and installed and activate one of your products, they should not have access to the secure parts of the web site. That seems trivial to automate and apply.
I would also suggest that you look into Pico and see if you can implement it.
Controlling signups or registrations and then only allowing secure passwords should do the trick, IMHO.
For those interested in VPN security, please reference Restore Privacy. These experts will help you catch up to the current situation in maintaining your privacy.
I use the ‘Emerging Threats’ list which is updated daily - this blocks known abusive IP addresses, which may include Tor exit nodes, at the firewall. I imagine that JetPack use similar. If your Tor exit node has been blacklisted, it will likely have been because it was used for something nefaious and abusive and rightly should be prevented from connecting to websites.
I’m afraid you don’t understand the problem, and thus your suggested solutions aren’t useful to solve the problem.
We have 150,000, or so, users of the software. Only a small percentage of those are paying customers and only a somewhat larger percentage of them have ever even let us know who they are…we don’t know who downloaded or installed the software, and it may not have been downloaded directly from us at all (many hosting providers preinstall it, some OSes have it in their software repos, some projects bundle it, etc.). But, the forum is for everyone who uses the software.
I’m afraid I actually do understand. It is your final sentence that shows the way out of the problem and is exactly my point.
If only users, regardless of where the software comes from, are to use the forum, then the software should send you a signal that it is in use. This is trivial to implement. That serial number therefore shows genuine interest in the use of the software and those people would and should be allowed with only a regular signup registration.
Further, the access to registration could come from within the software itself, rather than having to go to your web site, where anyone is allowed to register.
Please note that such is just one idea. There are likely many more just waiting for the exercise of little grey cells to discover another option.
The part you don’t get is that this forum is run on Discourse. It’s not his software. Now, if you wish to go over to the good people at Discourse and tell them they need to reengineer their software so that anybody that uses it can implement keychain logins from purchase of third party software to their forum software on a case by case basis, I’m sure you’d be met with, at best, a whole lot of laughter.
Software is engineered for the masses. With the masses comes a lot of spam. It is inevitable, regardless of which sort of approach you use to prevent spam, that someone will be caught up in it accidently from time to time.
In those very rare instances, the vast majority of people understand. You are the first person I’ve ever seen raise such a stink because your VPN IP is on a black list.
That has nothing at all to do with this forum, the Virtualmin product software or anything in between.
The people you should be taking this up with are the people that you get your VPN service from and the people that black listed your IP.
There are instructions on the IP blacklist on how to contest your IP’s status. Use that and you may get results.
This conversation has gotten ridiculous. I’m not implementing user tracking in Virtualmin. After all your talk about privacy concerns, you want us to uniquely track every Virtualmin user and their server(s)? I appreciate the trust you place in us, I guess(?), but don’t understand how this would make privacy-conscious users happy.
Anyway, it also requires time I don’t have to implement data gathering that I don’t have any desire to do. I don’t want to track every user of Virtualmin! It never crossed my mind to want that. I want to prevent spam and other abuses of our systems. Your goals and desires for the forum and our website are, I guess, different from mine, and I guess we’ll just have to agree to disagree on that.
@Joe, once again you are correct; it is getting way too personal. I guess some have problems with self control and just desire to raise a big stink over something they don’t agree to.
If instead they would stop to think how may people use Tor, they would quickly realize that I may be the only one who does here. Therefore the reason we see that Discourse/Jetpack doesn’t work is because the programmers were short-sighted in programming and have blocked Tor nodes for no good reason.
Please also remember that tracking the software does not include tracking users. The mechanism would be a one-time throw-away means for a legitimate user to be able to register. That and only that.
You don’t know me and I don’t know you. The only thing that would be known by you would be that someone has used Jamie’s software and wants to register. One need not even know their real name or location. So my suggested method would not be a privacy concern at all.
I made my suggestion with the understanding that each piece of software had a serial number to begin with. I may be wrong in that, but I still maintain that it would be trivial to set up.
Besides, the whole issue of this topic is that your choice of forum software evidently does not work with the Tor browser and that it has been reported. Done and done.
I totally respect your right to set things up as you wish, and thank you for your service. I appreciate your desire to discuss it.
So far, seemingly at least, you are the only one who reported such issue.
And you want that everyone else needs to do something and change things so just you can have it your way? Especially after all the things you said about privacy and your idea’s how to fix “the issue”. That is a bit ridiculous. @Joe does the right thing with not implementing any sorts of tracking (reporting an installation is also a way of tracking).
This is a good article, I recommend it to you…
(if we’re talking about tracking and privacy)
Anyway I’m very glad that @Joe doesn’t want to tracking us, you see… your suggestion has caused for everyone strange feelings.
(similar proposals today point to dangerous waters)
this would be difficult to accept in this form.