You are not logged in.

#1 2018-09-09 10:52 am

Rizzo
Member
Registered: 2012-07-29
Posts: 2

Mass spam to Google Maps

Hello Spam fighters,

first of all thank you very much for your efforts fighting agains the spam plague.

I am running a forum and got the spammers quite under control. However, in my forum I have a guestmap.php plug in, where users can post locations into a Google Map. Since approx. two months, a mass spammer is hitting the map. On daily bases I receive between 20 and 60 spam postings. It seems to be a very smart spammer as he is using for every spam a new IP address. What ever IPs or even entire IP ranges I block, next day, I have another mass spam in my map. I tried to block the spamer by his user agent, but this is changing as well.

This is, how the spam looks like:

FluxBB bbcode test

My question, does somebody encountered the same problem and knows, how to fight the spammer?

Thanks in advance and have a great weekend.

Cheers
Alex

Offline

#2 2018-09-09 12:02 pm

Maikuolan
Member
From: Perth, Western Australia
Registered: 2011-08-09
Posts: 727
Website

Re: Mass spam to Google Maps

1. Email verification.
- Require that anyone submitting to your guest map must verify their email address beforehand.
- Failure to verify means they can't submit anything.
- If they successfully verify and spam, block them by their email address.

2. Implement a CAPTCHA system (e.g., reCAPTCHA).

3. Remove the temptation to spam by making the guest map only accessible to users/members or anyone with a verified email address. Don't provide open, public access.

4. Implement a WAF (e.g., CIDRAM, NinjaFirewall, ZB Block, etc).


phpMussel file upload protection (v1.7.0, 2018.10.20).
CIDRAM IP blocker (v1.8.0, 2018.10.06).
SFS Mass IP Checker (v0.1.3, 2016.09.10).
IPv4+IPv6 IP/CIDR Aggregator (v1.1.0, 2017.10.29).

Offline

#3 2018-09-09 3:25 pm

Alex Kemp
Moderator
From: Nottingham, England
Registered: 2009-12-02
Posts: 1,968
Website

Re: Mass spam to Google Maps

5. Verify long & lat within map co-ords so that users cannot post nonsense.

Offline

#4 2018-09-09 5:23 pm

Papa Parrot
Moderator
From: Mexico
Registered: 2011-08-19
Posts: 1,667
Website

Re: Mass spam to Google Maps

It seems to be a very smart spammer as he is using for every spam a new IP address.

Not really , it is not very smart, but it has found a very easy target.
Agreed with the above solutions posted, The spambot is not likely to be smart enough to have a valid e-mail, and use it to activate the permission to submit to the map, but just in case it does verify the e-mail, and use a e-mail activation link, the captcha will be yet another
obstacle for it,...

Don't provide open, public access.

Years ago, on a website I set up, I thought it would be nice to have a "guest book" type page, where visitors could comment or ask about anything,  I wanted it to be easy for them, no login,registration ,etc,.... wrong, the spambots do not respect anything and they will dump spam anywhere that they can access.

Offline

#5 2018-09-15 7:21 pm

Rizzo
Member
Registered: 2012-07-29
Posts: 2

Re: Mass spam to Google Maps

What I am wondering is, how this spam can use for each spam another IP from different and almost every country, for every spam a defferent user agent. This spam bot is changing for each and every posting. I never have seen this before.

Here some example recorded in the log:

15.09.2018    08:25:16    103.78.11.18 ip    -103-78-11-18.moratelindo.net.id - Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt; tn3.0) - http://<redacted by Mod>?x=%22+x+%22&y=%22+y+%22 - iprange - 103.78.10.0/103.78.11.255 - ?

15.09.2018    08:35:22    89.25.39.186 89    .25.39.186 - Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Iron/6.0.475.1 Chrome/6.0.475.1 Safari/58473792.534 - http://<redacted by Mod>?x=%22+x+%22&y=%22+y+%22 - iprange - 89.25.0.0/89.25.39.255 - ?

15.09.2018    08:49:23    179.40.43.66 17    9-40-43-66.mrse.com.ar - Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.9.2 - http://<redacted by Mod>?x=%22+x+%22&y=%22+y+%22 - iprange - 179.40.0.0/179.41.255.255 - ?

15.09.2018    08:49:24    95.105.89.222 9    5.105.89.222.static.slv.ufanet.ru - Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en-us) AppleWebKit/417.9 (KHTML, like Gecko) Safari/417.9.2 - http://<redacted by Mod>?x=%22+x+%22&y=%22+y+%22 - iprange - 95.105.64.0/95.105.95.255 - ?

15.09.2018    08:58:19    187.123.129.19    bb7b8113.virtua.com.br - Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.0.10) Gecko/20070409 CentOS/1.5.0.10-2.el5.centos Firefox/1.5.0.10 - http://<redacted by Mod>?x=%22+x+%22&y=%22+y+%22 - iprange - 187.122.0.0/187.123.255.255 - ?

15.09.2018    08:58:21    178.140.95.77 b    roadband-178-140-95-77.ip.moscow.rt.ru - Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.0.10) Gecko/20070409 CentOS/1.5.0.10-2.el5.centos Firefox/1.5.0.10 - http://<redacted by Mod>?x=%22+x+%22&y=%22+y+%22 - iprange - 178.140.0.0/178.140.127.255 - ?

15.09.2018    09:07:07    185.108.215.213     185.108.215.213 - Mozilla/5.0 (X11; U; OpenBSD amd64; en; rv:1.8.1.6) Gecko/20070817 Epiphany/2.18 Firefox/2.0.0.6 - http://<redacted by Mod>?x=%22+x+%22&y=%22+y+%22 - iprange - 185.108.215.0/185.108.215.255 - ?

Offline

#6 2018-09-15 8:36 pm

Alex Kemp
Moderator
From: Nottingham, England
Registered: 2009-12-02
Posts: 1,968
Website

Re: Mass spam to Google Maps

Placing URLs within posts in this forum is an excellent way to end up in the SFS database. Do not do it, please.

Offline

#7 2018-09-15 10:13 pm

Papa Parrot
Moderator
From: Mexico
Registered: 2011-08-19
Posts: 1,667
Website

Re: Mass spam to Google Maps

how this spam can use for each spam another IP from different and almost every country, for every spam a defferent user agent.

They use kiddie scripts to generate fake user agent strings and IP's,  if you did some searches you will find these scuzz butts  even have "how to" sites, with tutorials,
It is not within in the scope of this forum to go into how to do that, but it is nothing new.

I never have seen this before.

Maybe not, but it is nothing new.
Instead of asking "How they generate different user agents, and IP's"  why not ask ? "How to stop/block them from getting access", and concentrate on that.

There all ready have been some good suggestions on how to block them, and Don't provide open, public access, on any pages of your website, or forum, it really is not that complicated.


But any way, another thing,

This spam bot is changing for each and every posting.

Since the IP's and user agent are changing each time, How do you even know it is the same spam bot ?

Offline

#8 2018-09-15 11:21 pm

sklerder
Member
Registered: 2012-10-11
Posts: 304
Website

Re: Mass spam to Google Maps

Hi all !

how this spam can use for each spam another IP from different and almost every country, for every spam a defferent user agent.

Concerning IP address, they simply use a proxy from one or several list of proxies (available freely or not on the Internet) for each new attempt.
That's why in SFS lists, some IPs are very frequently referenced (and that's why it's very important, too, to submit these IPs to SFS database, because it's evolving in the time).
Concerning the User-Agent, they use a script (of their own or commercial one) which can change the User-Agent of the request (see, for example, the wget's or curl's manual, it's well documented and very easy to modify).

I never have seen this before.

Well, I'm used to say (and write) :
We've already seen things that never happened smile

As written by Papa Parrot, understanding is a good thing (that's why we try to explain it), but the most important is to block those spammers, and SFS helps it very well smile

Last edited by sklerder (2018-09-15 11:23 pm)

Offline

Board footer

Powered by FluxBB

Close
Close