a man complaining on the phone while looking at his laptop

The pitfalls of blocking IP addresses

In August 2022, the Austrian court ordered the block of 11 IP addresses for copyright violations on 14 websites. Sadly, there was an undesirable side-effect—thousands of websites were rendered inaccessible to internet users in Austria for two days.

There are many possible reasons why governments would order Internet Service Providers (ISPs) to block specific IP addresses—from censorship to several different illegal activities like copyright infringements, fraud, and selling banned substances.

For the sake of the article we will focus on blocking for illegal activities in democratic countries, because censorship in more dictatorial states falls under very different considerations.

The problem

Blocking an entire IP address because there are one or a few unwanted sites hosted on that IP address is unfair at one level to those that happen to be on the same IP address but are unaware of the illegal activities. Compare it to issuing a search warrant for an entire block because the owner of one house is suspected of doing something illegal.

But even though courts have an obligation to consider the rights of those not contributing to the illegal activities, blocking by IP address is something that happens too often according to content delivery network Cloudflare that investigated the matter.

“Freedom House recently reported that 40 out of the 70 countries that they examined – which vary from countries like Russia, Iran and Egypt to Western democracies like the United Kingdom and Germany –  did some form of website blocking.”

Sharing your IP

While it is easy to say that you shouldn’t share your IP with illegal, fraudulent, or even compromised sites, this is not how the internet works for the average user. For starters, there is a huge difference between the number of available IP addresses and the number of existing domains, let alone the possible number of domains. Even when you take IPv6 into account, which allows for more unique IP addresses.

A regular website owner registers a domain and hosts the website on the server of a provider which is often the same one that registered the domain for them. They do not have a say over which other sites will be on the same server. The provider will decide this based on availability and load balancing. All a website owner can do is find a provider that is quick to respond in case there is a complaint about a site.


The problem in Austria was magnified because the court ordered the ISPs to block the IP addresses owned by Cloudflare that pointed to the websites they wanted to block. This rendered thousands of websites inaccessible.

“In a network like Cloudflare’s, any single IP address represents thousands of servers, and can have even more websites and services — in some cases numbering into the millions — expressly because the Internet Protocol is designed to enable it.”

Better blocking

Better blocking should be based on blocking closer to the source. If you have a problem with a domain, you should first try to block that particular domain.

The designs of IP and domain name resolution (DNS) are independent of each other, but despite that, a one-on-one relationship is often assumed.

The first clue for the Austrian court that IP addresses and domain names don’t have a one-on-one relationship should have been the fact that they only needed to block 11 IP addresses to tackle 14 offending domains.

Another problem with blocking an IP is the lack of transparency for the internet user. When someone tries to visit a blocked IP, the connection fails without providing them with a reason. And an innocent website owner on the same IP does not realize anything is wrong until they receive complaints that their website is unreachable, or they see their visitor numbers drop for no apparent reason.


But sometimes IP blocking is inevitable. At Malwarebytes, we block IP addresses that are scanning other IP addresses for vulnerabilities, simply because there is no domain that can be blocked in these cases. We do try to limit the block to certain ports where possible. We also know the risks of blocking by IP address, but since we have an obligation to protect our customers, the choices are sometimes hard and mistakes are occasionally made.


Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.