You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2008-02-24 5:39 pm
- Itchy
- Member
- Registered: 2008-02-13
- Posts: 4
Agent lookup
I posted about looking at your web logs (here: http://www.stopforumspam.com/forum/t51- … -humanizer ) for other ip's that a spammer has used to see if the sign up pages are there before trying to sign up and said to look at the agent and you will see the same agent but with a different IP address so to show you what i mean heres one spammer thats trying his/hers hardest to get their spam onto my site's so instead of me banning the IP address they used to post i can ban lots of IP's that they have on their list. now the person below has used up his IP address quota so for the next couple of days or so my logs will show that hes trying to use all the other IP addresses to sign up with but he cant because ive already banned them this now forces them to get some new ones of which there a plenty but each time i ban them their list of IP is getting smaller for all spammers ;0)
Host: allium.gnupg.org
/profile.php?sid=485158cb4371bb3d4175dfca4dbe6a3e
Http Code: 200 Date: Feb 24 10:31:10 Http Version: HTTP/1.0 Size in Bytes: 14385
Referer: http:// www. mysite.co.uk/profile.php?mode=confirm&id=453e504d69239a21a7c87004157
Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.12) Gecko/20051105 Galeon/1.3.21
Host: 210.22.83.146
/profile.php?mode=confirm&id=453e504d69239a21a7c870041577f38f&sid=485158cb4371bb3d4175dfca4dbe6a3e
Http Code: 200 Date: Feb 24 10:31:05 Http Version: HTTP/1.0 Size in Bytes: 0
Referer: http:// www. mysite.co.uk/profile.php?mode=register&agreed=true&sid=edc47ef16
Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.12) Gecko/20051105 Galeon/1.3.21
Host: cs-tor.bu.edu
/profile.html
Http Code: 200 Date: Feb 24 10:30:13 Http Version: HTTP/1.0 Size in Bytes: 14372
Referer: http:// www. mysite.co.uk/profile.php?mode=confirm&id=6aaee9fffa25aa26024e4ed4179
Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.12) Gecko/20051105 Galeon/1.3.21
Host: 210.22.83.146
/profile.php?mode=confirm&id=453e504d69239a21a7c870041577f38f&sid=485158cb4371bb3d4175dfca4dbe6a3e
Http Code: 200 Date: Feb 24 10:31:05 Http Version: HTTP/1.0 Size in Bytes: 0
Referer: http:// www. mysite.co.uk/profile.php?mode=register&agreed=true&sid=edc47ef16
Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.12) Gecko/20051105 Galeon/1.3.21
Host: 77.194.211.234
Http Code: 200 Date: Feb 24 10:28:20 Http Version: HTTP/1.0 Size in Bytes: 29474
Referer: http:// www. cheap-24h. com <--ORIGNAL SPAMMERS SITE
Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.12) Gecko/20051105 Galeon/1.3.21
So as you can see the agent is the same and the times are with in secs of each other but more importantly the spammers original site is the start of it and every other visit from then on was the same person and is only a small range of IP's that hes just been banned from ;0)
Last edited by Itchy (2008-02-24 5:43 pm)
Offline
Pages: 1