You are not logged in.
- Topics: Active | Unanswered
#1 2019-11-03 11:17 am
- crazysmall
- Member
- Registered: 2018-12-19
- Posts: 9
two ip owned ddos-guard.net hit the spam list
Good day.
Viewing logs forum, observed that in list spam added two ip belonging ddos-guard.net IP 186.2.160.132 added to base 21.10.19, and IP 186.2.160.13 added to base 29.10.19. Please exclude these IP addresses from the database as having nothing to do with spam
[urls added by Mod 2019-10-03 -AK]
Offline
#2 2019-11-04 8:21 am
- pedigree
- uıɐbɐ ʎɐqǝ ɯoɹɟ pɹɐoqʎǝʞ ɐ buıʎnq ɹǝʌǝu ɯ,ı
- From: New Zealand
- Registered: 2008-04-16
- Posts: 7,056
Re: two ip owned ddos-guard.net hit the spam list
I'll get this removed shortly, and will be blocking the reporting API key as well, due to an incorrectly configured webserver
Offline
#3 2019-11-05 4:42 pm
- NeoFox
- Member
- From: WI, USA, Earth
- Registered: 2013-09-26
- Posts: 830
- Website
Re: two ip owned ddos-guard.net hit the spam list
I can see it now. New post message "Hey bois I can't seem to report!"
....
Offline
#4 2019-11-07 4:53 am
- crazysmall
- Member
- Registered: 2018-12-19
- Posts: 9
Re: two ip owned ddos-guard.net hit the spam list
proxy addresses are still in the spam list
Offline
#5 2019-11-09 1:41 am
- pedigree
- uıɐbɐ ʎɐqǝ ɯoɹɟ pɹɐoqʎǝʞ ɐ buıʎnq ɹǝʌǝu ɯ,ı
- From: New Zealand
- Registered: 2008-04-16
- Posts: 7,056
Re: two ip owned ddos-guard.net hit the spam list
they're gone now, and the submitter has had their key suspended
Offline
#6 2019-11-21 3:41 pm
- crazysmall
- Member
- Registered: 2018-12-19
- Posts: 9
Re: two ip owned ddos-guard.net hit the spam list
To not create a new subject, will ask question here. Another ip ddos-guard.net 186.2.160.99 got into the spam list.
Offline
#7 2019-11-21 5:09 pm
- NeoFox
- Member
- From: WI, USA, Earth
- Registered: 2013-09-26
- Posts: 830
- Website
Re: two ip owned ddos-guard.net hit the spam list
Hate to be devil's advocate but did they get infiltrated perhaps? I don't know much about them tbh.
(Hate to play devil's advocate because its usually in a case where I don't know the whole story lol!)
Last edited by NeoFox (2019-11-21 5:12 pm)
Offline
#8 2019-11-21 9:46 pm
- Papa Parrot
- Member
- From: Mexico
- Registered: 2011-08-19
- Posts: 1,826
- Website
Re: two ip owned ddos-guard.net hit the spam list
I notice the e-mail on that one has been submitted several times, and some of those with valid evidence.... who ever is submitting these ,should include the evidence, like some of the others did on the e-mail.
Offline
#9 2019-11-21 11:40 pm
- pedigree
- uıɐbɐ ʎɐqǝ ɯoɹɟ pɹɐoqʎǝʞ ɐ buıʎnq ɹǝʌǝu ɯ,ı
- From: New Zealand
- Registered: 2008-04-16
- Posts: 7,056
Re: two ip owned ddos-guard.net hit the spam list
let me look and get this sorted
Offline
#10 2019-11-22 12:37 am
- pedigree
- uıɐbɐ ʎɐqǝ ɯoɹɟ pɹɐoqʎǝʞ ɐ buıʎnq ɹǝʌǝu ɯ,ı
- From: New Zealand
- Registered: 2008-04-16
- Posts: 7,056
Re: two ip owned ddos-guard.net hit the spam list
its was old submission, now removed
Offline
#11 2019-11-22 11:52 am
- Alex Kemp
- Moderator
- From: Nottingham, England
- Registered: 2009-12-02
- Posts: 2,423
- Website
Re: two ip owned ddos-guard.net hit the spam list
Thanks ped.
Offline
#12 2019-11-26 8:56 pm
- pedigree
- uıɐbɐ ʎɐqǝ ɯoɹɟ pɹɐoqʎǝʞ ɐ buıʎnq ɹǝʌǝu ɯ,ı
- From: New Zealand
- Registered: 2008-04-16
- Posts: 7,056
Re: two ip owned ddos-guard.net hit the spam list
curious, is there information warning people that they MUST fix their web server config in order to get the real IP?
Offline
#13 2019-11-27 3:03 pm
- NeoFox
- Member
- From: WI, USA, Earth
- Registered: 2013-09-26
- Posts: 830
- Website
Re: two ip owned ddos-guard.net hit the spam list
So I could do a quick verification...what I do I need to check in web server config?
Offline
#14 2019-11-27 3:13 pm
- crazysmall
- Member
- Registered: 2018-12-19
- Posts: 9
Re: two ip owned ddos-guard.net hit the spam list
And another ip 186.2.160.64 in the spam list. You think the problem is in phpbb forum? I don't see the real ip addresses of my users.
Offline
#15 2019-11-27 10:15 pm
- JamesC
- Member
- Registered: 2010-01-09
- Posts: 93
- Website
Re: two ip owned ddos-guard.net hit the spam list
You think the problem is in phpbb forum? I don't see the real ip addresses of my users.
Yeah, that's a HUGE problem. You shouldn't be querying SFS for your firewall's or reverse proxy's IP, you should be querying the originating connection's IP.
DDos-Guard.net provides the originating connection's IP in X-Real-IP and X-Forwarded-For. Check your phpBB documentation on how to read these instead of Remote-Addr.
Last edited by JamesC (2019-11-27 10:16 pm)
Offline
#16 2019-11-27 10:49 pm
- Alex Kemp
- Moderator
- From: Nottingham, England
- Registered: 2009-12-02
- Posts: 2,423
- Website
Re: two ip owned ddos-guard.net hit the spam list
curious, is there information warning people that they MUST fix their web server config in order to get the real IP?
You would think so, and especially since this site uses Cloudflare, but I've looked under the FAQ, and also made a web-search, and cannot find anything about Cloudflare in this site.
(after perhaps a 30-minute search inside SFS)
Look at This Sticky ("Are you using CloudFlare? Please read!") to get some info on necessary steps when using reverse-proxy servers such as Cloudflare.
That info needs to be in the FAQ.
Offline
#17 2019-11-28 5:00 am
- crazysmall
- Member
- Registered: 2018-12-19
- Posts: 9
Re: two ip owned ddos-guard.net hit the spam list
It was because of the proxy that I stopped sending reports to the site. If it helps, then for phpbb you need to make changes to the file " /etc/apache2/mods-enabled/rpaf.conf”, adding the following lines to it:
<IfModule rpaf_module>
RPAFenable On
# When enabled, take the incoming X-Host header and
# update the virtualhost settings accordingly:
RPAFsethostname On
# Define which IP's are your frontend proxies that sends
# the correct X-Forwarded-For headers:
RPAFproxy_ips 186.2.160.0/24 77.220.207.192/27
# Change the header name to parse from the default
# X-Forwarded-For to something of your choice:
# RPAFheader X-Real-IP
</IfModule>
But this will not get ip 186.2.160.64 from the spam list, and will not help some users to add these ip there again
Offline
#18 2019-11-28 2:00 pm
- NeoFox
- Member
- From: WI, USA, Earth
- Registered: 2013-09-26
- Posts: 830
- Website
Re: two ip owned ddos-guard.net hit the spam list
Ohhhhh ok. I got ultra paranoid and thought either PHP or some Apache (server) stuff got misconfigured on an update...put my brain into over drive! LOL.
Offline
#19 2019-11-28 2:23 pm
- JamesC
- Member
- Registered: 2010-01-09
- Posts: 93
- Website
Re: two ip owned ddos-guard.net hit the spam list
But this will not get ip 186.2.160.64 from the spam list, and will not help some users to add these ip there again
To be fair, SFS is run by volunteers; we can't expect "immediate" results like we might from a paid service. Pedigree will remove DDoS-Guard's IPs (currently two) when he has a spare moment.
There are several IPs in the database that shouldn't appear. For example, the Cloudflare DNS resolution service at 1.1.1.1 currently has 5 entries, two of which have Evidence fields showing Cloudflare reverse proxy IPs:
https://www.stopforumspam.com/evidence/184442419
https://www.stopforumspam.com/evidence/184442436
Yeah, it'd be nice if people would do some basic error-checking before listing IPs like these in the database. But if we query the correct IP -- and not assume that "an entry here = guaranteed spam" -- then entries such as these should not be a problem.
Offline
#20 2019-11-28 2:40 pm
- JamesC
- Member
- Registered: 2010-01-09
- Posts: 93
- Website
Re: two ip owned ddos-guard.net hit the spam list
thought either PHP or some Apache (server) stuff got misconfigured on an update
Nah. Though my sites went wonky AF when my host switched from Apache to Litespeed without warning. Litespeed didn't have a Cloudflare mod at the time...
Offline
#21 2019-11-28 3:06 pm
- Alex Kemp
- Moderator
- From: Nottingham, England
- Registered: 2009-12-02
- Posts: 2,423
- Website
Re: two ip owned ddos-guard.net hit the spam list
There are several IPs in the database that shouldn't appear.
Report them in this forum + send a link to your post to pedigree. The owners will get a warning and, if they do not immediately fix the issue, will have their API key(s) removed + banned.
Stupid is one thing & idiocy is another. SFS cannot afford to have either making reports into the DB.
Offline
#22 2019-11-28 3:08 pm
- Papa Parrot
- Member
- From: Mexico
- Registered: 2011-08-19
- Posts: 1,826
- Website
Re: two ip owned ddos-guard.net hit the spam list
I feel I need to use full quote here:
crazysmall>>> It was because of the proxy that I stopped sending reports to the site. If it helps, then for phpbb you need to make changes to the file " /etc/apache2/mods-enabled/rpaf.conf”, adding the following lines to it:
<IfModule rpaf_module>
RPAFenable On
# When enabled, take the incoming X-Host header and
# update the virtualhost settings accordingly:
RPAFsethostname On
# Define which IP's are your frontend proxies that sends
# the correct X-Forwarded-For headers:
RPAFproxy_ips 186.2.160.0/24 77.220.207.192/27
# Change the header name to parse from the default
# X-Forwarded-For to something of your choice:
# RPAFheader X-Real-IP
</IfModule>But this will not get ip 186.2.160.64 from the spam list, and will not help some users to add these ip there again
I am getting the impression it was you / your server, that submitted these to start with, in which case you can also remove them, and should, use the : My Spammers button.
Offline
#23 2019-11-29 10:29 am
- crazysmall
- Member
- Registered: 2018-12-19
- Posts: 9
Re: two ip owned ddos-guard.net hit the spam list
I assure you, I did not add any of the proxy servers to the spam list. Besides, already solved at itself a problem with identical ip addresses .
Offline