You are not logged in.
- Topics: Active | Unanswered
#1 2016-01-29 4:53 pm
- NeoFox
- Member
- From: WI, USA, Earth
- Registered: 2013-09-26
- Posts: 830
- Website
I have decided to fully block Micfo, Romania, ColoCrossing and others.
(Just added SKS-Lugan)
I'm adding some permanent lines to my htaccess to permanently block these repeat offender providers as well with a page on my Wiki describing their business practices.
It's about time we crusade back against these spammers rather then just block and destroy them. I'm also still working on a graphic about "Crusaders Against Spam", a 3 line info graphic.
Last edited by NeoFox (2016-01-29 8:00 pm)
Offline
#2 2016-01-29 8:32 pm
- TETYYS
- Member
- Registered: 2012-12-27
- Posts: 200
Re: I have decided to fully block Micfo, Romania, ColoCrossing and others.
@MalwareMustDie -> @SpamMustDie ???
i love reporting spam
Offline
#3 2016-01-29 9:43 pm
- zero-tolerance
- Member
- Registered: 2013-02-25
- Posts: 339
Re: I have decided to fully block Micfo, Romania, ColoCrossing and others.
I have decided to fully block Micfo, Romania, ColoCrossing and others.
Two words: collateral, damage.
More words available upon request...
Offline
#4 2016-01-30 3:04 am
- Maikuolan
- Member
- From: Perth, Western Australia
- Registered: 2011-08-09
- Posts: 799
- Website
Re: I have decided to fully block Micfo, Romania, ColoCrossing and others.
Remember, too, that all .htaccess rules must be processed for every request made to every file contained within the directory containing the .htaccess file, as well as that of every contained subdirectory, and so, the more rules you have, the slower your site processing time can become.
I would agree with blocking ColoCrossing and SKS-Lugan, due to the amount of spam, hacking attempts and the rest that I've personally seen coming from these ASNs, but, I would suggest caution in trying to block an entire country using .htaccess, due to the number of additional rules this would likely require in order to do efficiently and effectively, without false positives and without errors.
If you're absolutely certain that you don't require traffic from some particular country and thus would be willing to consider blocking it entirely, based on the potential undesirable traffic from the given country, if at all possible, I would suggest trying to do so via firewall or via some solution that won't slow down your site processing time due to the sheer number of rules. Ideally (not absolutely required, and sometimes hard to do, but worth it, if you can), finding a solution that can auto-update or that can adjust itself when problems arise, would be good (because, also, the more rules you have, the more rules you have to update, and the more work you'll inevitably end up needing to do to keep it all maintained).
Offline
#5 2016-01-30 4:01 pm
- pedigree
- uıɐbɐ ʎɐqǝ ɯoɹɟ pɹɐoqʎǝʞ ɐ buıʎnq ɹǝʌǝu ɯ,ı
- From: New Zealand
- Registered: 2008-04-16
- Posts: 7,056
Re: I have decided to fully block Micfo, Romania, ColoCrossing and others.
There really shouldn't be any reason why someone is posting on a forum from a data centre in Romania...
Offline
#6 2016-01-30 5:05 pm
- Maikuolan
- Member
- From: Perth, Western Australia
- Registered: 2011-08-09
- Posts: 799
- Website
Re: I have decided to fully block Micfo, Romania, ColoCrossing and others.
There really shouldn't be any reason why someone is posting on a forum from a data centre in Romania...
I would say there really shouldn't be any reason why someone should be posting to a forum from a data centre -anywhere- in the world, but it may nonetheless be more efficient to just block those data centres in question or to block those IPs belonging to whichever ASNs are proving to be the greatest offenders, rather than the entire country, due to the extra load this would create for every request made to their forums (and of course, it's quite possible, too, that BlueSage's spammers may actually be posting from residential DSL connections; BlueSafe simply said "Romania", and didn't clarify which parts of the country or whether it was actually data centres or not). :-)
That said, though, if you (by "you", here, I refer to anyone reading this, and to nobody in particular) want to block the entire country, you can still do this in ways that should be relatively efficient (such as via firewall), but, it may end up requiring a lot of upkeep (in the case of Romania, especially so if you happen to have any members from the EU, where many ASNs in one country frequently sell off chunks of their IPs to ASNs in other countries, and where there are many multinational providers that offer services across multiple countries, in some cases, where you're given the option to either block, and by virtue, block connections from the given country plus some more from neighbouring countries, or not block, and by virtue, not be blocking the entirety of the country you're wanting to block). Your call though, of course, and, I'm not trying to push you to do or not do any particular thing or to go one way or another; Just offering up some extra considerations and alternative options.
Last edited by Maikuolan (2016-01-30 5:06 pm)
Offline
#7 2016-01-30 6:47 pm
- zero-tolerance
- Member
- Registered: 2013-02-25
- Posts: 339
Re: I have decided to fully block Micfo, Romania, ColoCrossing and others.
There really shouldn't be any reason why someone is posting on a forum from a data centre in Romania...
Well, I do in fact get members of my forum posting from data centres specifically in Romania, and also from data centres all over the world because of people using a variety of redirecting web services, including:
* web privacy services,
* web accelerators (aka Data Savers, like google chrome mobile compression, opera turbo and mini, UC browser, which redirects your traffic through servers in China or under Chinese ownership, Amazon KindleFire (which goes via the AWS Cloud), to name a few),
* web security services (which filter out viruses, malware, phishing scams, etc), and also
* web censorship services, such as sites providing parental controls for people's kids - sometimes bundled by the ISP.
* there are probably others I have forgotten
There is a lot more of this happening these days, not least because of the rise of mobile phones.
Some of these services are on cloud computing platforms, and may not even have fixed address ranges you could allow through while blocking the rest of the data centre or cloud.
I also get people using my site from places like China, Russia, Brazil, Taiwan, the Philippines, etc, partly because my site is of interest in many countries, but also because some people do actually like/need to travel...
So I don't block IP ranges on my site at all.
Offline
#8 2016-01-30 9:10 pm
- NeoFox
- Member
- From: WI, USA, Earth
- Registered: 2013-09-26
- Posts: 830
- Website
Re: I have decided to fully block Micfo, Romania, ColoCrossing and others.
There really shouldn't be any reason why someone is posting on a forum from a data centre in Romania...
Well, I do in fact get members of my forum posting from data centres specifically in Romania, and also from data centres all over the world because of people using a variety of redirecting web services, including:
* web privacy services,
* web accelerators (aka Data Savers, like google chrome mobile compression, opera turbo and mini, UC browser, which redirects your traffic through servers in China or under Chinese ownership, Amazon KindleFire (which goes via the AWS Cloud), to name a few),
* web security services (which filter out viruses, malware, phishing scams, etc), and also
* web censorship services, such as sites providing parental controls for people's kids - sometimes bundled by the ISP.
* there are probably others I have forgottenThere is a lot more of this happening these days, not least because of the rise of mobile phones.
Some of these services are on cloud computing platforms, and may not even have fixed address ranges you could allow through while blocking the rest of the data centre or cloud.I also get people using my site from places like China, Russia, Brazil, Taiwan, the Philippines, etc, partly because my site is of interest in many countries, but also because some people do actually like/need to travel...
So I don't block IP ranges on my site at all.
Yea there's that option too. The way I report on my honeypots right now, even with doing 30 reports a second...I barely cap at 40% server resource usage...so because I have the processing power now to handle them...I'm considering just opening the flood gates.
I fear then that I may hit SFS's lookup counts real soon lol.
Last edited by NeoFox (2016-01-30 9:15 pm)
Offline
#9 2016-02-28 2:27 am
- BillyDee203
- Member
- Registered: 2013-08-31
- Posts: 5
Re: I have decided to fully block Micfo, Romania, ColoCrossing and others.
I have a great number of blocks in my htaccess file for a big reason. Spammers into forums is one thing, the other are those who try to breach a site's SQL forum database or tried to inject code, etc. Stop Forum Spam is such a big help with controlling forum spam but any site that operates PHP is a sitting duck to the hacker crowd or script kiddies. I have a 400kb htaccess file and I'm sure my site is slower than it should be but I block quite a number of servers and hosts. I'd rather have a slower site than a hacked site.
Offline
#10 2016-02-28 7:27 pm
- NeoFox
- Member
- From: WI, USA, Earth
- Registered: 2013-09-26
- Posts: 830
- Website
Re: I have decided to fully block Micfo, Romania, ColoCrossing and others.
Don't want to step on your toes but I've actually got a suggestion for you...it's something I did until I made my own home-brewed thing. 
Website: sortmylist.com
Enter in all the ips. Sort by ip.
It can help you to determine if it's better to block by ip range or simply the single ip's are better.
Offline