Show HN: IPDetective – An API for IP bot detection

I have to say, I really, <i>really</i> hate IPv4-based bot detection. If you end up on an IP that is labelled erroneously as &quot;bad&quot;, your life becomes a gCaptcha hell for no real reason – my cable ISP does cGNAT and I have no control over it and frequently end up being blacklisted. I tend to use a variety of always-on VPNs to both avoid censorship and try to improve this – I can pick different endpoints.<p>VPN usage is increasingly common by consumers and in my country I&#x27;ve seen ads for it in places ranging from Mozilla in my browser to NordVPN on my TV. There&#x27;s <i>massive</i> overshare of IPv4 addresses and it&#x27;s really, really annoying to find out that you can&#x27;t use a service because you&#x27;re on a naughty list. I feel like yelling &quot;I am a customer and want to buy something!&quot; on occasion – the net result is I go elsewhere.<p>Stopping abuse and bot detection is one thing. Banning people for something they might have literally no control over is quite another.

&gt;Let me know what your thoughts<p>Do you have any data showing your service is better&#x2F;more accurate&#x2F;better false positive rate than competing offerings?<p>&gt;IPDetective collects data from about 60+ different sources such as official cloud provider endpoints and public VPN&#x2F;Proxy&#x2F;Tor&#x2F;Bot net lists.<p>Are you on the up and up with all those public sources? I&#x27;m not sure which ones you&#x27;re sourcing, but many do not allow commercial use, resale, or at the very least have some attribution clause to keep security companies from mooching off crowdsourced data.<p>&gt;No, currently IPDetective does not support ipv6 addresses. However this feature is on the road map.<p>That&#x27;s a major shortcoming in 2022.<p>Finally, as itake pointed out bellow, I&#x27;m not giving you my email just to run a simple test query and see what the results look like.

1&#x2F; needs authenticationless way to search. all other ip look up tools don&#x27;t require an account for me to test this. I&#x27;m not going to register.<p>2&#x2F; I&#x27;ve tried blocking vpn or proxy users (by ip hosting provider), but found too many false positives. Using a VPN is common for IT professionals or consumers trying to &#x27;protect&#x27; their privacy and this impacted the growth of my app.<p>How is your tool better at detecting a bot vs a human using a vpn?

How do you plan to keep the list up to date and especially reliably accurate? (providers change, bot nets get cleaned, ASN especially in 3rd world countries are very unreliable, crawlers might scrap weird things etc.)<p>Disclaimer: I work for a company that operates in a similar space so don&#x27;t go into too much secret sauce if you don&#x27;t want to :)

It would be interesting to see a breakdown of shared &#x2F; unique entries across the different competitors in this space.<p>I have a feeling that there would be overwhelming overlap.<p>That might not be bad, just low hanging fruit everyone can get.<p>The speed at acquiring high probability threats I guess would be a better &#x2F; more valuable comparison.<p>Perhaps running two or more of these offerings side by side for a couple of months.<p>I would prefer a feed of ALL, with frequent updates, instead of querying a 3rd party every time. (well obviously you can cache responses for a period of time locally at least)

I checked the posted privacy policy - and I have no idea what your system logs and for how long.<p>There are a few sites I could use this for, but some of them would also end up sending private customer ips for lookups, and for that reason I just manually check the suspicious ones and manually don&#x27;t look up the ones I know have passed the &#x27;already a member and human not hacker&#x27; gate.<p>I keep look for something I can just add lists to my server and check against that, but not going to spend thousands on it.

I wonder where you get your data from. I checked the dedicated IP I use against other services and they all come back as clean, but yours labelled it as a bot.

I didn&#x27;t see my question in the FAQ, so asking here: do you have a process to contest accidental inclusion of an IP address?

Good work on the pricing and free tier. Much cheaper than your competitors (we&#x27;re busy testing out ipinfo.io). But would recommend you add a bit more data in your API response if you already have it or can built it out easily. For example, any geocoding, ASN name, whether its a proxy or a VPN etc.

Is there a way we can please for the love of god summit exceptions? We need a corporate vpn and we don’t need every friggen website blocking us.<p>Without this you were also probably inadvertently contributing to the de-democratization of email. I used to run my own email off a cloud server, but that time has passed.

I think what you are doing is counterproductive and contrary to the free and open nature of the internet. Actual bad actors can afford clean residential IPs from dubious sources, but if I want the privacy of a VPN I am blacklisted from accessing large swathes of the internet.

Congrats on the launch! I personally hate anti-bot tech but I also make money from bots and scrapers so I’m not exactly unbiased.<p>Do you have any plans to expand the business? Captchas as a service? A cheap version of CF’s proxy maybe?

Please feel free to leave comments if you have any questions or any feedback.

Does this handle residential or LTE proxies? Obviously harder to identify, but it&#x27;s not unfeasible.

I think ip blacklisting is really a graveyard of false positives.

Excelente