54
Are ISPs responsible for bots having residential IPs or is this a user problem? (lemmy.world)
submitted 5 days ago by Maroon@lemmy.world to c/selfhosted@lemmy.world
42 comments fedilink hide all child comments

I'm trying to understand the bot problem in the internet and finding more ways to defend myself. One thing that I can't seem to understand is why most bots, scrapers and crawlers seem to have residential IPs.

  • Is it that ISPs are being paid by tech-bros to assign them these IPs?
  • Is it that residential devices have been hacked /contain malware that does this?
  • Is it trivial for companies to assign themselves residential IPs?
  • Paid volunteers are doing this for AI companies?

Or is there is some other reason for this?

Obviously this is a problem because one can rotate / cycle through residential IPs and if I aggressively block each offender in my logs permanently, then the next person assigned this IP who may be a legitimate user will be unable to access my site.

you are viewing a single comment's thread
view the rest of the comments
[-] Mordikan@kbin.earth 8 points 5 days ago

You mention crappy security practices from the ISP but then mention the user's action (installing "free" VPNs). Why is the ISP on the hook for the user making terrible decisions?

What is the correct security practice in that instance? Fire the customer for being an idiot? Maybe just DENY IP ANY ANY on outbound traffic?

How do you protect somebody who is intent on running themselves off a cliff?

[-] 0x0@lemmy.zip 1 points 5 days ago* (last edited 5 days ago)

I mention two separate issues.

ISPs are absolutely on the hook for forcing crap hardware onto (non technical) users.

Users are to blame for installing crapware.

Can you tell them apart now?

ISPs should be held liable for the crap they sell – they'd start taking security seriously.

As for users, depends on the motives, but educating them to the risks (and not in a you wouldn't download a car way).

this post was submitted on 22 Jun 2026
54 points (92.2% liked)

Selfhosted

60177 readers
540 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
ayyy@sh.itjust.works
curbstickle@anarchist.nexus
curbstickle_lw@lemmy.world