GBUdb

How do I remove an IP from GBUdb?

Well, that's not really how GBUdb works --

GBUdb data is shared between nodes through our servers but we don't ever officially ban or otherwise mark IPs. The servers act as a conduit and a short-term collective consciousness, but the individual nodes act (collectively) as the real "brain" or "memory". The experiences of the cloud will inform individual SNF nodes about the reputation of that IP when it is first encountered. Shortly after the initial experience local data takes precedence. The overall reputation is constantly changing as each node encounters the IP and shares what it has learned from time to time.

Your local reputation for that IP is what will matter to your system. If you have added it to your ignore list then it will be ignored on your side immediately even if you did not zero the statistics. Other systems will likewise have their own opinions about the reputation of that IP if they have encountered it.

Reset IP Status

If the IP in question pounded you with spam for a few days then your GBUdb node(s) may have them black-listed. GBUdb will recover on its own - but if you want to hurry it along you can reset the IPs status using SNFClient.

You could simply drop their current data and start re-learning it:

SNFClient.exe -drop <IP4Address>

Or if you are concerned about the cloud having a negative impact you could give them a slightly positive rating to start with -- GBUdb will recover a normal average over the course of a few days:

SNFClient -set <IP4Address> ugly - 16

That will give the IP a positive reputation for a while - not positive enough to white-list it, but positive enough that if the cloud has a negative view your system will trust it's own information instead. After about 5 days the reputation will begin to represent real traffic.

Cloud Effect

As for the cloud-- as soon as anyone receives non-spam messages from that IP the local reputation will become positive for them and they will share that experience with the others. Presuming there are other folks in the SNF network receiving messages from that IP they will already have a positive reputation as will the cloud in general---

The negative reputation you created locally will have taken precedence on your local systems but if the majority of other folks interactions with that IP were positive then those positive interactions would swamp the negative ones generated by your system. If there aren't many interactions out there from others then the cloud will forget all about the reports from your system within a few days.

Consider: Condensation means GBUdb divides the event counts by 2 at least once per day until they reach zero. In most cases, even an IP with heavy traffic will disappear entirely within a week or two in the absence of additional reports. If additional reports do arrive and they are even modestly positive, then the IP reputation will quickly migrate to a normal range after a small number of events -- the default black and truncate ranges are extremely conservative so it takes very little positive activity to move an IP out of those ranges.

The GBUdb learning system was designed to function well in the face of errors or even deliberate poisoning attempts. You should not need to make any extra effort to overcome these circumstances. Once you have corrected your local statistics and/or added the IP to your ignore list things should be fine -- any lingering effects are most likely already resolved (you didn't send spam to other systems so their experiences are already positive) or will be resolved shortly (GBUdb has a short memory when there is no further activity for an IP).

If you do see ongoing negative effects (very unlikely) then let us know and we will develop an appropriate solution.