#1 2014-03-11 12:05 pm

irongloves

Member

Registered: 2012-06-22

Posts: 3

Check IP against SFS database and redirect spammers, how?

Hello,

Do you know a script (php) I could add to my pages header/footer and if it happens the user is banned it get redirected to another website of my choice?

Is it possible to do that?

Thanks

John Darkhorse

Member

Registered: 2012-02-19

Posts: 319

Re: Check IP against SFS database and redirect spammers, how?

Have you seen ZB Block?

http://www.spambotsecurity.com/zbblock.php

It works a treat, and is licensed under the GPL, so you can change how it treats those on the list . .

Papa Parrot

Member

From: Mexico

Registered: 2011-08-19

Posts: 1,826

Website

Re: Check IP against SFS database and redirect spammers, how?

if it happens the user is banned it get redirected to another website of my choice?

I thought about suggesting ZBBLOCK, but it does not redirect the blocked person to another website, how ever, it probabley would be pretty easy to modify  so that it did that,   There are some scripts people use, but I do not know one, I have read that they do that,  "redirect" the spammer,  or spambot to a honey pot. (that would be the same as another site)
  I agree with John Darkhorse, zbblock  would be a good way to go,  also Zap is real helpful on any special needs a user may have.

---

Everything is for the Birds

And now, Papa Parrot and his kids

irongloves

Member

Registered: 2012-06-22

Posts: 3

Re: Check IP against SFS database and redirect spammers, how?

Thanks John Darkhorse and GarryRicketson,

I will have a look at ZBBlock.

Even if I have no wordpress or forum or any other csm installed on my website (just a few php based pages) I have seen in the visit log that some well known spamming IPs are literally crashing my website with several visits per second.

Tomminger

Member

Registered: 2014-01-05

Posts: 51

Re: Check IP against SFS database and redirect spammers, how?

Hi Irongloves,

Redirect to:

http://7619.live.streamtheworld.com:80/977_COMEDYAAC_SC

<?php

header('Location: http://7619.live.streamtheworld.com:80/977_COMEDYAAC_SC');

?>

Its a never ending live Stream over broadcast.

They will love to download it.

LOL ;-)

Tom

Last edited by Tomminger (2014-03-12 5:16 pm)

TETYYS

Member

Registered: 2012-12-27

Posts: 200

Re: Check IP against SFS database and redirect spammers, how?

Hi Irongloves,

Redirect to:

http://7619.live.streamtheworld.com:80/977_COMEDYAAC_SC

<?php

header('Location: http://7619.live.streamtheworld.com:80/977_COMEDYAAC_SC');

?>

Its a never ending live Stream over broadcast.

They will love to download it.

LOL ;-)

Tom

Holy [Censored because I cant articulate my thoughts], that's the best idea.

---

i love reporting spam

John Darkhorse

Member

Registered: 2012-02-19

Posts: 319

Re: Check IP against SFS database and redirect spammers, how?

It sounds good, but many spambots aren't set up to receive streams.

For those that are, that does sound like a good idea <EG>, however, I prefer to refer them to a tar pit (or three)

Papa Parrot

Member

From: Mexico

Registered: 2011-08-19

Posts: 1,826

Website

Re: Check IP against SFS database and redirect spammers, how?

I have a similar script to redirect, but the problem is , and it looks to me like ;

Redirect to:
http://7619.live.streamtheworld.com:80/977_COMEDYAAC_SC
<?php
header('Location: http://7619.live.streamtheworld.com:80/977_COMEDYAAC_SC');
?>

Would redirect everyone, the script I have does redirect, but everyone. And he is wanting to only redirect "banned" visitors, perhaps even a specific individual ?

and if it happens the user is banned it get redirected to another website of my choice?

or am I misunderstanding ?

---

Everything is for the Birds

And now, Papa Parrot and his kids

John Darkhorse

Member

Registered: 2012-02-19

Posts: 319

Re: Check IP against SFS database and redirect spammers, how?

You guys really shouldn't redirect to a streaming source.

It's unfair to the streaming provider.

If you must send them somewhere, send them to a honeypot and/or tar pit.

Here is a tar pit I maintain that you can use:

zaphod

Jägermonster

From: USA

Registered: 2008-11-22

Posts: 2,985

Website

Re: Check IP against SFS database and redirect spammers, how?

And if you would rather give them a tarbaby, which is something a bot thread gets stuck in, with minimal CPU load (micro seconds per minute), minimal memory load, and very low bandwidth cost...

Try this:

<?php
// Dribbler tarbaby.
// Copyright 2014 GNU/GPL V. 2 zaphod of spambotsecurity.com

if (ob_get_level() == 0) ob_start();

echo(str_pad('',1024));

for ($i = 0; $i<500; $i++){
	for ($j = 0; $j<rand(1,10); $j++){
        echo chr(rand(0,255));  
	}
        ob_flush();
        flush();
		$x=rand(0,5);
        sleep($x);
}

echo "<br><br>Done.";

ob_end_flush();

?>

Just warning, if a browser gets stuck in it, it may, or may not show the dribble. Could just be a blank screen for many many minutes. This however is pure tar for a single thread bot.

Zap

---

Get Protected, Stay Protected...
With ZB Block, GNU/GPL Freeware Anti-Spam/Anti-Hack protection for your php based website.

Little boxes in the server farm, little boxes running php...

Karloe

Member

Registered: 2008-09-08

Posts: 48

Re: Check IP against SFS database and redirect spammers, how?

Hmm, I have a Tar pit for "my nasty visitors".
But I like the Tarbaby, going to try that. "Evil Grin"
To bad that my Gray Matter is getting Old, can't  really think up things like this.

Thanks Zaphod

zaphod

Jägermonster

From: USA

Registered: 2008-11-22

Posts: 2,985

Website

Re: Check IP against SFS database and redirect spammers, how?

Kind of an interesting back story as to why I call it that: http://en.wikipedia.org/wiki/Tar_baby

(And any racial connotations are pure bunk, as witnessed by the effect of the script.)

Zap

---

Get Protected, Stay Protected...
With ZB Block, GNU/GPL Freeware Anti-Spam/Anti-Hack protection for your php based website.

Little boxes in the server farm, little boxes running php...

John Darkhorse

Member

Registered: 2012-02-19

Posts: 319

Re: Check IP against SFS database and redirect spammers, how?

I have added a function that allows you to name the file anyting you like ( so long as it ends in .php ) and will provide links to itself.

Any good spambot will follow the links, and find itself revisiting the tar pit again, and again, and again . . .

<?php
function curPageURL() {
 $pageURL = 'http';
 if ($_SERVER["HTTPS"] == "on") {$pageURL .= "s";}
 $pageURL .= "://";
 if ($_SERVER["SERVER_PORT"] != "80") {
  $pageURL .= $_SERVER["SERVER_NAME"].":".$_SERVER["SERVER_PORT"].$_SERVER["REQUEST_URI"];
 } else {
  $pageURL .= $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
 }
 return $pageURL;
}
?>
<br>
<br>
<a href="<?php echo curPageURL(); ?>" title="<?php echo curPageURL(); ?>">Previous</a>&nbsp;<a href="<?php echo curPageURL(); ?>" title="<?php echo curPageURL(); ?>">Home</a>&nbsp;<a href="<?php echo curPageURL(); ?>" title="<?php echo curPageURL(); ?>">Next</a>
<br>
<br>
<?php
// Dribbler tarbaby.
// Copyright 2013 GNU/GPL Mike (zaphod@spambotsecurity.com)
//
// "Suggested usage" added 29 January 2013 by John Darkhorse
// 
// * File can be named anything, so long as it ends in .php
// * Place this on your website, and make sure to add it to your robots.txt so good crawlers don't get caught in it.
// * Place hidden links to this file from your index or common pages.  "Good" users won't see the hidden links, but bots will.
// * Adding the "nofollow noindex" attibute to the link would also warn "good" crawlers to stay away.
//
// * Example: <a href="URL_to_filename.php" rel="nofollow noindex" style="display:none;">whatever you want to put here</a>
//
// * If accessed, this file doesn't do anything harmful to humans.
//
// End suggested usage by John Darkhorse
//
//
// Begin active code:
if (ob_get_level() == 0) ob_start();

echo(str_pad('',1024));

for ($i = 0; $i<100; $i++){
	for ($j = 0; $j<rand(1,10); $j++){
        echo chr(rand(0,255));  
	}
        ob_flush();
        flush();
		$x=rand(0,5);
        sleep($x);
}

echo "<br><br>Done.";


ob_end_flush();

?>

I really appreciate the code Zaphod provided here ( as well as ZB Block ), because even though it doesn't really do anything, it makes me feel good to trap malicious automata in such loops . . .

My personal version spews fake email addresses into the output, too . . .

Remember, folks - to be a good netizen, you should list this page in your robots.txt so that "good" automata don't get stuck in it ( but the bad ones will use your robots.txt as a "guide to places to go" ).  If you don't use a listing in your robots.txt ( not sure why you wouldn't ), at least use the "nofollow" & "noindex" tag in any links to your tar pit(s).

Example

<a style="display:none;" href="URL to tarpit.php" rel="nofollow noindex">link name</a>

This will keep google from advertising or getting stuck in your tar pit.

. . . and lastly, any links meant for bots should be hidden from humans ( don't worry, malicious spambots will find the hidden links )

Last edited by John Darkhorse (2014-03-15 1:24 am)

Tomminger

Member

Registered: 2014-01-05

Posts: 51

Re: Check IP against SFS database and redirect spammers, how?

John

>>You guys really shouldn't redirect to a streaming source.

>>It's unfair to the streaming provider.

No, it is not unfair because it is a IP Multicast Stream who is shared to all listener.

Look here for additional Informations:

http://en.wikipedia.org/wiki/Multicast

Tom

Tomminger

Member

Registered: 2014-01-05

Posts: 51

Re: Check IP against SFS database and redirect spammers, how?

Hello GarryRicketson,

>>Would redirect everyone, the script I have does redirect, but everyone.

I have a MySQL Database where I add  my Spamers IP's and then I use following script:

<?php

$ipaddress =  $_SERVER['REMOTE_ADDR'];

$db->query("SELECT ip FROM banned_ips WHERE ip = '$ipaddress'");

if ($db->num_rows() > 0)
  {
    header('Location: http://7619.live.streamtheworld.com:80/977_COMEDYAAC_SC');

    exit;
   }

?>

Tom

Last edited by Tomminger (2014-03-18 4:43 pm)

Papa Parrot

Member

From: Mexico

Registered: 2011-08-19

Posts: 1,826

Website

Re: Check IP against SFS database and redirect spammers, how?

That would work better , I think, and it probabley would not be real hard to "modify", according to the path or location anyone has for the "banned IPs"

---

Everything is for the Birds

And now, Papa Parrot and his kids

John Darkhorse

Member

Registered: 2012-02-19

Posts: 319

Re: Check IP against SFS database and redirect spammers, how?

John

>>You guys really shouldn't redirect to a streaming source.

>>It's unfair to the streaming provider.

No, it is not unfair because it is a IP Multicast Stream who is shared to all listener.

Look here for additional Informations:

http://en.wikipedia.org/wiki/Multicast

Tom

Unless the stream is set up with the understanding it may be used to load spambot buffers, it is still wrong to misuse it that way, IMHO.

If you want something to keep a spambot or other malicious automaton  "entertained", start a tar pit on your own site, or use a tar pit that someone has offered you the use of.

Tomminger

Member

Registered: 2014-01-05

Posts: 51

Re: Check IP against SFS database and redirect spammers, how?

John,

a TV or Radio multicast stream is present anyway.

A tar pit on your own website will cost additional resources and money. Especially when the website traffic is charged according to MB/GB.

Tom

John Darkhorse

Member

Registered: 2012-02-19

Posts: 319

Re: Check IP against SFS database and redirect spammers, how?

John,

a TV or Radio multicast stream is present anyway.

A tar pit on your own website will cost additional resources and money. Especially when the website traffic is charged according to MB/GB.

Tom

A TV or multicast stream is provided for moral humans to partake of . .

Oh, bother.

If you don't get it by now . . .

Just because "it's there" doesn't make it morally "OK" for you to use it in unintended fashion ( this makes you no better than the spammer you are trying to interdict )

Zaphod has provided the source code necessary for anyone to set up a free hosting account somewhere and use it as a tar pit and I have provided a URL to an active tar pit that anyone is welcome to use.  With those  two facts in mind, here is no reason in the world for misusing someone else's resources to take care of your problems.

kpatz

Member

Registered: 2008-10-09

Posts: 1,437

Re: Check IP against SFS database and redirect spammers, how?

Well, technically you're not abusing the resources of the stream providers, the spambot is.  Just like they abuse everything else they can get their dirty claws on.  All you did was send them there.  Who's to say they didn't stumble into it themselves?

I wonder how many spambots are written to detect something like that, if the incoming stream exceeds so many megabytes, to abort the connection, or if it just bloats itself on memory like a balloon filling up with air until it explodes (crashes).

Chances are a spambot isn't going to sit on the stream forever if it's getting many megabytes of data.  It'll either crash or move on long before then.  Or they may just drop the connection when they get a header that says something other than text/html with an unspecified length.

A tarpit will slow them down even more, without using much bandwidth, unless they're multi-threaded.

Last edited by kpatz (2014-03-19 3:45 pm)

---

Spam happens when greed meets stupidity.

somdcomputerguy

Member

From: Rupert, WV

Registered: 2011-03-28

Posts: 133

Website

Re: Check IP against SFS database and redirect spammers, how?

Oh, bother.
If you don't get it by now . . .
Just because "it's there" doesn't make it morally "OK" for you to use it in unintended fashion ( this makes you no better than the spammer you are trying to interdict )
Zaphod has provided the source code necessary for anyone to set up a free hosting account somewhere and use it as a tar pit and I have provided a URL to an active tar pit that anyone is welcome to use.  With those  two facts in mind, there is no reason in the world for misusing someone else's resources to take care of your problems.

+1 +1 +1 +1 +1 +1 +1 +1

Well, technically you're not abusing the resources of the stream providers, the spambot is. All you did was send them there.  Who's to say they didn't stumble into it themselves?

Yesterday a guy came knocking on my door. I didn't know him, but I hadn't heard anything bad about him, so I let him in. So he came in, didn't say hi or anything, didn't read the sign on my wall that says, "Please don't puke on my floor.", and proceeded to puke on my floor. I kicked him out and said, "Don't bother coming back here!". Then I spent time that I could've spent on something else cleaning up the mess he made. Well the next day he came back and wanted to come in and puke some more, so I yelled thru my door, "Go over to my neighbor's house!". So he went across the street and knocked on his door. Since my neighbor hadn't checked the SPS (Stop Puke Spam) database and come across the entry I made in it, he let the puker in. Needless to say, the puker puked. I was chatting with my neighbor and he told me of this story about letting some guy into his house, then the guy puked all over his floor. So I said, "Oh him, he puked on my floor yesterday and I didn't want him to puke on my floor again so I sent him over to your house, but he probably would've been there eventually."

I'm tired of typing and I think I've made the point I was trying to make. Let me say this though, and this is my opinion mind you, the only good redirections are sending a valid user to another page or site for a good reason, or sending a spammer to a site made just for them (a tarpit) or into a spin back to themselves (localhost or 127.0.0.1).

Last edited by somdcomputerguy (2014-03-19 5:02 pm)

---

-bruce /* somdcomputerguy */
'If you change the way you look at things, the things you look at change.'

TETYYS

Member

Registered: 2012-12-27

Posts: 200

Re: Check IP against SFS database and redirect spammers, how?

Yesterday a guy came knocking on my door. I didn't know him, but I hadn't heard anything bad about him, so I let him in. So he came in, didn't say hi or anything, didn't read the sign on my wall that says, "Please don't puke on my floor.", and proceeded to puke on my floor. I kicked him out and said, "Don't bother coming back here!". Then I spent time that I could've spent on something else cleaning up the mess he made. Well the next day he came back and wanted to come in and puke some more, so I yelled thru my door, "Go over to my neighbor's house!". So he went across the street and knocked on his door. Since my neighbor hadn't checked the SPS (Stop Puke Spam) database and come across the entry I made in it, he let the puker in. Needless to say, the puker puked. I was chatting with my neighbor and he told me of this story about letting some guy into his house, then the guy puked all over his floor. So I said, "Oh him, he puked on my floor yesterday and I didn't want him to puke on my floor again so I sent him over to your house, but he probably would've been there eventually."

Finally a good name for "spammer"

---

i love reporting spam

kpatz

Member

Registered: 2008-10-09

Posts: 1,437

Re: Check IP against SFS database and redirect spammers, how?

Finally a good name for "spammer"

Not just a name, but a very fitting description of what spammers do.  I may borrow the idea for a Facebook post.

---

Spam happens when greed meets stupidity.

Tomminger

Member

Registered: 2014-01-05

Posts: 51

Re: Check IP against SFS database and redirect spammers, how?

You guys really shouldn't redirect to a streaming source.

It's unfair to the streaming provider.

If you must send them somewhere, send them to a honeypot and/or tar pit.

Here is a tar pit I maintain that you can use:
http://thepeebee.dreamhosters.com/pm-tar-pit.png

Hello John,

I currently redirect some of my Spamers to your tar pit "http://philo ... /guestbook/" from the Link above.

But I dont understand what the effect of your tar pit is.

Your tar pit site opens very fast and the Spamers come back to my Site very shortly.

Tom

Last edited by Tomminger (2014-07-04 2:54 pm)

John Darkhorse

Member

Registered: 2012-02-19

Posts: 319

Re: Check IP against SFS database and redirect spammers, how?

You guys really shouldn't redirect to a streaming source.

It's unfair to the streaming provider.

If you must send them somewhere, send them to a honeypot and/or tar pit.

Here is a tar pit I maintain that you can use:
http://thepeebee.dreamhosters.com/pm-tar-pit.png

Hello John,

I currently redirect some of my Spamers to your tar pit "http://philo ... /guestbook/" from the Link above.

But I dont understand what the effect of your tar pit is.

Your tar pit site opens very fast and the Spamers come back to my Site very shortly.

Tom

See post #10 of this thread for what it does.

It's not designed to Destroy The Spammer's Secret Headquarters And End All Spam Forever And Ever.

It's designed to capture spambots and keep them busy until their owner figures out they're caught.

As there are machines capable of running multiple spambots simultaneously these days, you may be visited by several of the "same spambot", as the owner may be restarting them when he notices they're stuck, or is just running hundreds of instances of them . .

As noted in post #13, I've added to Zaphod's code, and the linked tar pit spews a load of fake email addresses each iteration, and provides links to itself, so the spambot just keeps churning ( and filling its database with crap [ this is called "poisoning the well" ]).

Last edited by John Darkhorse (2014-07-04 8:59 pm)