The main solutions we have today are IP ban + VPN blocking using a database of known VPN subnets and adding them all to the firewall, and a similar fingerprinting technique which scans their folder structure of certain system folders.
The main solutions we have today are IP ban + VPN blocking using a database of known VPN subnets and adding them all to the firewall, and a similar fingerprinting technique which scans their folder structure of certain system folders.
Regular IPs can post freely
VPN or mobile IPs (blacklisted) must pay for a key ($20/year) that allows posting from blacklisted IPs. Key is good for posting from one blacklisted IP, locked for 30 minutes, so users cannot share keys. That way, you can ban the user by their key, if their IP is public.
It's not a perfect solution but it seems to be the best they've found for such a situation so far.
EDIT: Well, I guess the tribe has spoken. Pretty surprising. I think y'all are just assuming you'll always be the ones with the "good" IPs...
What do they do in such cases?
Assuming they get the report after the fact and assuming their "no logging" promises are true, can they even do anything? They're not even supposed to know which customer did it, after all.
If their promises are false, wouldn't they reveal their hand if they handed logs over willy nilly?
On some Japanese BBSes, spammers tend to use non-Japanese IPs or data center IPs. A good chunk of the spam goes away by blocking non-Japan IPs (easy to do with BGP data) and disallowing data center IPs (these often host VPNs, scrapers, etc.) from posting.
Posting from overseas thus costs money or is not possible. The trade-off is 1-100 extra users or significantly reduced spam for little effort. It's not surprising that most website operators choose the latter.
I also know of a file uploader that recently had to block overseas IPs due to such IPs repeatedly uploading illegal content. This is an example of a few bad actors ruining things for everyone.
Blocking IP ranges by country or ISP is pretty much always going to have to exist as long as certain countries and ISPs turn a blind eye to abuse.
Even with as poor a solution as IP blocks are, it's the best we have and alternatives seem worse.
Anyway, it's a tradeoff between dealing with bad actors effectively and not impacting common users. There's a lot more bad actors than common users running into those sorts of IP bans though.