You are not logged in.

#1 2012-09-04 3:40 pm

crow
Member
Registered: 2011-02-09
Posts: 70

Unusual spammer’s registration attack.

I went to the board first thing this morning and thought WTF, it had been unusually inundated with spammer’s registrations and spam posts, in which took me quite awhile to clear them off from the board. I then went to here to add the ones that spammed to my spammers list and found the site was offline, due to maintenance. Oh, I thought, so that is the reason for the unusual inundation of spammers. - When the cats away the mice will play. smile

I don’t know what I would do without SFS. Thanks.

Last edited by crow (2012-09-04 3:41 pm)

Offline

#2 2012-09-04 3:59 pm

AngelinaCat
Member
From: NE Florida, USA
Registered: 2012-08-11
Posts: 47

Re: Unusual spammer’s registration attack.

The forum that I help moderate, also got slammed last night.  I also found that SFS was down.  I certainly am glad it is back up.

Some of our spammers are finding ways around the Spam-O-Matic software that our Admin installed last week, by coming up with usernames, edresses, and IP addresses that are not in SFS's databanks.  I am duly entering them....  cool

Offline

#3 2012-09-04 8:54 pm

WindowsBBS
Member
Registered: 2011-02-24
Posts: 2

Re: Unusual spammer’s registration attack.

Yea SFS was down some 6+ hours.

I have resorted to using an IP block on all of China, Korea, Russia, Ukraine, Belarus, Bulgaria, Czech Republic, Romania, Latvia, Estonia, Kazakstan, Moldavia/Moldova, Poland, Serbia, Siberia, Slovakia, Slovenia, Azerbaijan.

I just block them from accessing the registration page smile

Offline

#4 2012-09-04 10:34 pm

pedigree
uıɐbɐ ʎɐqǝ ɯoɹɟ pɹɐoqʎǝʞ ɐ buıʎnq ɹǝʌǝu ɯ,ı
From: New Zealand
Registered: 2008-04-16
Posts: 6,971

Re: Unusual spammer’s registration attack.

AngelinaCat wrote:

The forum that I help moderate, also got slammed last night.  I also found that SFS was down.  I certainly am glad it is back up.

Some of our spammers are finding ways around the Spam-O-Matic software that our Admin installed last week, by coming up with usernames, edresses, and IP addresses that are not in SFS's databanks.  I am duly entering them....  cool

excellent

Offline

#5 2012-09-04 11:37 pm

Norm
Member
Registered: 2010-08-24
Posts: 17

Re: Unusual spammer’s registration attack.

WindowsBBS wrote:

Yea SFS was down some 6+ hours.

I have resorted to using an IP block on all of China, Korea, Russia, Ukraine, Belarus, Bulgaria, Czech Republic, Romania, Latvia, Estonia, Kazakstan, Moldavia/Moldova, Poland, Serbia, Siberia, Slovakia, Slovenia, Azerbaijan.

I just block them from accessing the registration page smile

Please explain how you did that. It sounds very useful.

Offline

#6 2012-09-05 2:38 pm

jonboat
Member
From: NY
Registered: 2011-01-18
Posts: 177
Website

Re: Unusual spammer’s registration attack.

Norm wrote:
WindowsBBS wrote:

Yea SFS was down some 6+ hours.

I have resorted to using an IP block on all of China, Korea, Russia, Ukraine, Belarus, Bulgaria, Czech Republic, Romania, Latvia, Estonia, Kazakstan, Moldavia/Moldova, Poland, Serbia, Siberia, Slovakia, Slovenia, Azerbaijan.

I just block them from accessing the registration page smile

Please explain how you did that. It sounds very useful.

Here's a little php script for fetching the country code for a given IP:

<?php
$country = '';
$IP = $_SERVER['REMOTE_ADDR'];
$key = 'ip:' . $IP;
$memc = new memcached();
$memc -> addServer('127.0.0.1', 11211);
if (($country = $memc->get($key)) === FALSE) {
   $country = @file_get_contents('http://api.hostip.info/country.php?ip='.$IP);
   $memc->set($key, $country, 86400); // 86400 = 24 hours
?>

You can add to it, any logic you want to include or exclude countries of choice

Offline

#7 2012-09-05 5:53 pm

AEG
Member
Registered: 2010-09-13
Posts: 90

Re: Unusual spammer’s registration attack.

I've had it with Indian, Bangladeshi and Chinese spammers so I think it's time to put a country block on.  Where do you put that script?

Is it sufficient just to put the following in User Banning Options (vBulletin):

115.
116.
117.
118.
119.
120.
121.
122.
123.
124.

etc?...

Last edited by AEG (2012-09-05 5:55 pm)

Offline

#8 2012-09-05 6:40 pm

jonboat
Member
From: NY
Registered: 2011-01-18
Posts: 177
Website

Re: Unusual spammer’s registration attack.

AEG wrote:

I've had it with Indian, Bangladeshi and Chinese spammers so I think it's time to put a country block on.  Where do you put that script?

Is it sufficient just to put the following in User Banning Options (vBulletin):

115.
116.
117.
118.
119.
120.
121.
122.
123.
124.

etc?...

That script merely retrieves the country code, It needs logic added to do something with that country code. Mine simply looks to see if it is US or CA and allows registration, all other countries get a registration denied page that tells them to email me if they have legitimate reason to join. I have never worked with vBulletin, so I'm not sure exactly where it would go, or how banning is set up. I'd imagine that vB has fairly granular banning controls - like disallowed email addresses (can ban with wildcards like *@bademail.com) and a banned ip list. severamethods for banning depending on what you as the admin is looking to accomplish. Both phpBB and MyBB (free software) have these options, so I would imaging a paid-for BB software like vB would have even better controlls.

My board uses phpBB and the call to the "countrycheck.php" script is the first line of my registration page php file.
If they're from outside the USA or Canada, then they never even get to access the registration forms.

Offline

#9 2012-09-06 12:02 am

Farelf
Member
From: Western Australia
Registered: 2012-07-26
Posts: 150

Re: Unusual spammer’s registration attack.

AEG wrote:

I've had it with Indian, Bangladeshi and Chinese spammers so I think it's time to put a country block on.  ...
...
124.

etc?...

Well, not all 124 (124.0.0.0/8) is China.  Some of it is Australia too.  You want to select your sign-on candidates?  The trouble with selection is it is always far easier to reject - with attendant risks (babies and bathwater situation).

In Invision Power Board I could simply add 115.*.*.* (etc) to my "Ban Control" (filter) console but would be checking the scope before doing that.  From what I've seen, country blocks are tricky to keep up to date.  Even the countries.nerd.dk DNSBL is a little bit famous for not catching everything all the time.

Offline

#10 2012-09-06 2:23 am

webmaisterpro
Member
From: Pattaya, Thailand
Registered: 2012-09-06
Posts: 2

Re: Unusual spammer’s registration attack.

I used to get same spam attach few weeks ago, which continue for quite a long time. At the end I decided to blog all proxies that I found in my cPanel and it seems that it worked and I get less fake profiles.

Offline

#11 2012-09-06 4:23 am

Patti L.
Member
From: Pacific Northwest
Registered: 2010-12-16
Posts: 222
Website

Re: Unusual spammer’s registration attack.

You blog, not block?

Last edited by Patti L. (2012-09-06 4:24 am)


Rolled high intelligence and low wisdom.
"Everything in life is unusual until you get accustomed to it." ~~ Frank L. Baum
Well, at least my vortex is fluffy.

Offline

#12 2012-09-09 8:52 am

WindowsBBS
Member
Registered: 2011-02-24
Posts: 2

Re: Unusual spammer’s registration attack.

Norm wrote:
WindowsBBS wrote:

Yea SFS was down some 6+ hours.

I have resorted to using an IP block on all of China, Korea, Russia, Ukraine, Belarus, Bulgaria, Czech Republic, Romania, Latvia, Estonia, Kazakstan, Moldavia/Moldova, Poland, Serbia, Siberia, Slovakia, Slovenia, Azerbaijan.

I just block them from accessing the registration page smile

Please explain how you did that. It sounds very useful.

Get the IP addresses from a list like http://www.wizcrafts.net/chinese-blocklist.html

Then, in your Apache config file for the domain add

<FilesMatch "(register.php)$">
order Allow,Deny
Allow from All
deny from xxx.xxx.xxx.xxx/xx
deny from xxx.xxx.xxx.xxx/xx
</FilesMatch>

You'll need Apache mod_authz_host

Offline

#13 2012-09-09 3:32 pm

Foxhack
Member
Registered: 2012-09-06
Posts: 1

Re: Unusual spammer’s registration attack.

I use SFS at my website and a friend uses it at his forum, and we had a couple of spambots get through during the downtime! Glad to see it was basically a bug caused by the service being down and not just the bots getting around the blocks somehow.

Offline

#14 2012-09-09 5:08 pm

crow
Member
Registered: 2011-02-09
Posts: 70

Re: Unusual spammer’s registration attack.

I had quite a number of spam registrations again today, noticed that SFS was offline. On a Sunday, don’t these spammers ever have a rest day? smile

Offline

#15 2012-09-09 5:47 pm

Snowhog
Member
From: Minnesota
Registered: 2012-09-09
Posts: 60
Website

Re: Unusual spammer’s registration attack.

And on the seventh day God ended his work which he had made; and he rested on the seventh day from all his work which he had made. (The spammers however, did not!)  wink


Administrator - Kubuntu Forums . Net
"It is a capital mistake to theorize before one has data." - Sherlock Holmes
Using Kubuntu Linux since March 23, 2007

Offline

#16 2012-09-11 4:13 am

Piperdane
Member
From: Arizona
Registered: 2009-10-13
Posts: 39
Website

Re: Unusual spammer’s registration attack.

crow wrote:

I went to the board first thing this morning and thought WTF, it had been unusually inundated with spammer’s registrations and spam posts, in which took me quite awhile to clear them off from the board. I then went to here to add the ones that spammed to my spammers list and found the site was offline, due to maintenance. Oh, I thought, so that is the reason for the unusual inundation of spammers. - When the cats away the mice will play. smile

I don’t know what I would do without SFS. Thanks.

On the two forums I help administrate (vBulletin) we use Glow Host which checks all new registrations against the data on SFS.  I have adjusted the Glow Host settings so that the forum blocks any/all new registrations if/when the SFS site goes down. 

Legitimate candidates for new registration will then use the 'contact us' forum to ask why they were blocked at that moment.  I get very few requests for that information, indicating that the spammers are possibly aware when the SFS site goes down and start hammering all the forums.  With it fixed to block registrations, the spammers are blocked too ... everyone is blocked.

Offline

#17 2012-09-11 4:38 am

AngelinaCat
Member
From: NE Florida, USA
Registered: 2012-08-11
Posts: 47

Re: Unusual spammer’s registration attack.

crow wrote:

I had quite a number of spam registrations again today, noticed that SFS was offline. On a Sunday, don’t these spammers ever have a rest day? smile

Snowhog wrote:

And on the seventh day God ended his work which he had made; and he rested on the seventh day from all his work which he had made. (The spammers however, did not!)  wink

LOL!  I love it.  big_smile

Last edited by AngelinaCat (2012-09-11 4:39 am)

Offline

Board footer

Powered by FluxBB

Close
Close