Should Suspicious IP Addresses Be Blocked Automatically?

A company engaged in online advertising decides to deploy ad fraud protection software. One of the software’s features is automatic IP address blocking. Automatic blocking seems like a good idea on its face. But is it, really? Or should suspicious IP addresses just be flagged instead?

Unfortunately, there is no black-and-white answer. There are pros and cons to automatic IP address blocking. An organization would have to analyze a variety of factors before deciding which way to go. The good news is that settings can always be changed. If automatic blocking causes problems, it can be turned off.

The Basics of Automated Blocking

Automatic IP address blocking is a key feature in the Fraud Blocker click fraud protection solution. Like other packages, Fraud Blocker relies on fraud score and other metrics to determine the likelihood of a particular IP address being the source of fraudulent activity.

When automatic IP address blocking is enabled, the software automatically blocks traffic from suspicious IP addresses. However, blocking is not necessarily permanent. A human security expert can go in and periodically check all blocked addresses. Those deemed safe can be allowed to resume sending traffic with the flip of the software switch.

5 Things to Consider

Automatically blocking IP addresses is simple enough to do with most ad fraud prevention solutions. Usually, you are talking a simple change in the program settings. But before automatic blocking is enabled or disabled, there are five key things to consider:

1. False Flags

Software solutions rely on a variety of metrics to determine whether incoming traffic is suspicious. Some packages do it better than others. However, the possibility of false flags is ever present. It is not uncommon for legitimate IP addresses to be flagged as potentially suspicious.

Too many false flags could inadvertently lead to a lot of legitimate traffic being kept at bay. If an organization believes it is seeing a high number of false flags, disabling automatic blocking should be considered.

2. Dynamic IP Addresses

Internet service providers (ISPs) almost always rely on dynamic IP addresses to serve large numbers of consumers. Dynamic IP addresses are, by their nature, used and reused over again. The problem is that they are not always used by the same devices. Blocking an address could keep bad traffic out today but inadvertently block good traffic tomorrow.

3. VPNs and Proxies

Security minded consumers are utilizing virtual private networks (VPNs) and proxy servers with more frequency. Blocking IP addresses sourced from either VPNs or proxies could be bringing legitimate traffic to a website. But due to their characteristics, these addresses might be flagged as suspicious. Blocking them could mean blocking good traffic that would otherwise be profitable.

4. Hacker Workarounds

Unfortunately, there are ways to get around IP address blocking. The most successful hackers and online fraud perpetrators know how to do it. So while automatic blocking could keep some threat actors at bay, it is not likely to stop all of them. A determined hacker knows how to manipulate IP addresses to get around efforts to block him.

5. There Are Other Ways

Automatic IP address blocking can be an effective way to limit ad fraud losses. But it is not the only way. And truth be told, it’s not always the most effective way, either. It might be better in some cases to manually block IP addresses while also utilizing other, more effective tools to prevent ad fraud.

If your organization runs an ad fraud protection solution with an automatic IP address-blocking feature, use the feature wisely. It could be good or bad depending on how it’s deployed.

Similar Posts