You are not logged in.

#1 2019-11-03 11:17 am

crazysmall
Member
Registered: 2018-12-19
Posts: 9

two ip owned ddos-guard.net hit the spam list

Good day.
Viewing logs forum, observed that in list spam added two ip belonging ddos-guard.net IP 186.2.160.132 added to base 21.10.19, and IP 186.2.160.13 added to base 29.10.19. Please exclude these IP addresses from the database as having nothing to do with spam

[urls added by Mod 2019-10-03 -AK]

Offline

#2 2019-11-04 8:21 am

pedigree
uıɐbɐ ʎɐqǝ ɯoɹɟ pɹɐoqʎǝʞ ɐ buıʎnq ɹǝʌǝu ɯ,ı
From: New Zealand
Registered: 2008-04-16
Posts: 7,054

Re: two ip owned ddos-guard.net hit the spam list

I'll get this removed shortly, and will be blocking the reporting API key as well, due to an incorrectly configured webserver

Offline

#3 2019-11-05 4:42 pm

NeoFox
Member
From: WI, USA, Earth
Registered: 2013-09-26
Posts: 830
Website

Re: two ip owned ddos-guard.net hit the spam list

I can see it now. New post message "Hey bois I can't seem to report!"

.... tongue

Offline

#4 2019-11-07 4:53 am

crazysmall
Member
Registered: 2018-12-19
Posts: 9

Re: two ip owned ddos-guard.net hit the spam list

proxy addresses are still in the spam list sad

Offline

#5 2019-11-09 1:41 am

pedigree
uıɐbɐ ʎɐqǝ ɯoɹɟ pɹɐoqʎǝʞ ɐ buıʎnq ɹǝʌǝu ɯ,ı
From: New Zealand
Registered: 2008-04-16
Posts: 7,054

Re: two ip owned ddos-guard.net hit the spam list

they're gone now, and the submitter has had their key suspended

Offline

#6 2019-11-21 3:41 pm

crazysmall
Member
Registered: 2018-12-19
Posts: 9

Re: two ip owned ddos-guard.net hit the spam list

To not create a new subject, will ask question here. Another ip ddos-guard.net 186.2.160.99 got into the spam list.

Offline

#7 2019-11-21 5:09 pm

NeoFox
Member
From: WI, USA, Earth
Registered: 2013-09-26
Posts: 830
Website

Re: two ip owned ddos-guard.net hit the spam list

Hate to be devil's advocate but did they get infiltrated perhaps? I don't know much about them tbh.

(Hate to play devil's advocate because its usually in a case where I don't know the whole story lol!)

Last edited by NeoFox (2019-11-21 5:12 pm)

Offline

#8 2019-11-21 9:46 pm

Papa Parrot
Member
From: Mexico
Registered: 2011-08-19
Posts: 1,826
Website

Re: two ip owned ddos-guard.net hit the spam list

I notice  the e-mail on that one has been submitted several times, and some of those with valid evidence.... who ever is submitting these ,should include the evidence, like some  of the others did on the e-mail.

Offline

#9 2019-11-21 11:40 pm

pedigree
uıɐbɐ ʎɐqǝ ɯoɹɟ pɹɐoqʎǝʞ ɐ buıʎnq ɹǝʌǝu ɯ,ı
From: New Zealand
Registered: 2008-04-16
Posts: 7,054

Re: two ip owned ddos-guard.net hit the spam list

let me look and get this sorted

Offline

#10 2019-11-22 12:37 am

pedigree
uıɐbɐ ʎɐqǝ ɯoɹɟ pɹɐoqʎǝʞ ɐ buıʎnq ɹǝʌǝu ɯ,ı
From: New Zealand
Registered: 2008-04-16
Posts: 7,054

Re: two ip owned ddos-guard.net hit the spam list

its was old submission, now removed

Offline

#11 2019-11-22 11:52 am

Alex Kemp
Moderator
From: Nottingham, England
Registered: 2009-12-02
Posts: 2,420
Website

Re: two ip owned ddos-guard.net hit the spam list

Thanks ped.

Offline

#12 2019-11-26 8:56 pm

pedigree
uıɐbɐ ʎɐqǝ ɯoɹɟ pɹɐoqʎǝʞ ɐ buıʎnq ɹǝʌǝu ɯ,ı
From: New Zealand
Registered: 2008-04-16
Posts: 7,054

Re: two ip owned ddos-guard.net hit the spam list

curious, is there information warning people that they MUST fix their web server config in order to get the real IP?

Offline

#13 2019-11-27 3:03 pm

NeoFox
Member
From: WI, USA, Earth
Registered: 2013-09-26
Posts: 830
Website

Re: two ip owned ddos-guard.net hit the spam list

So I could do a quick verification...what I do I need to check in web server config? yikes

Offline

#14 2019-11-27 3:13 pm

crazysmall
Member
Registered: 2018-12-19
Posts: 9

Re: two ip owned ddos-guard.net hit the spam list

And another ip 186.2.160.64 in the spam list. You think the problem is in phpbb forum? I don't see the real ip addresses of my users.

Offline

#15 2019-11-27 10:15 pm

JamesC
Member
Registered: 2010-01-09
Posts: 93
Website

Re: two ip owned ddos-guard.net hit the spam list

You think the problem is in phpbb forum? I don't see the real ip addresses of my users.

Yeah, that's a HUGE problem. You shouldn't be querying SFS for your firewall's or reverse proxy's IP, you should be querying the originating connection's IP.

DDos-Guard.net provides the originating connection's IP in X-Real-IP and X-Forwarded-For. Check your phpBB documentation on how to read these instead of Remote-Addr.

Last edited by JamesC (2019-11-27 10:16 pm)

Offline

#16 2019-11-27 10:49 pm

Alex Kemp
Moderator
From: Nottingham, England
Registered: 2009-12-02
Posts: 2,420
Website

Re: two ip owned ddos-guard.net hit the spam list

pedigree wrote:

curious, is there information warning people that they MUST fix their web server config in order to get the real IP?

You would think so, and especially since this site uses Cloudflare, but I've looked under the FAQ, and also made a web-search, and cannot find anything about Cloudflare in this site.

(after perhaps a 30-minute search inside SFS)
Look at This Sticky ("Are you using CloudFlare? Please read!") to get some info on necessary steps when using reverse-proxy servers such as Cloudflare.

That info needs to be in the FAQ.

Offline

#17 2019-11-28 5:00 am

crazysmall
Member
Registered: 2018-12-19
Posts: 9

Re: two ip owned ddos-guard.net hit the spam list

It was because of the proxy that I stopped sending reports to the site. If it helps, then for phpbb you need to make changes to the file " /etc/apache2/mods-enabled/rpaf.conf”, adding the following lines to it:
<IfModule rpaf_module>
    RPAFenable On
    # When enabled, take the incoming X-Host header and
    # update the virtualhost settings accordingly:
    RPAFsethostname On
    # Define which IP's are your frontend proxies that sends
    # the correct X-Forwarded-For headers:
    RPAFproxy_ips 186.2.160.0/24 77.220.207.192/27
    # Change the header name to parse from the default
    # X-Forwarded-For to something of your choice:
    # RPAFheader X-Real-IP
</IfModule>

But this will not get ip 186.2.160.64 from the spam list, and will not help some users to add these ip there again sad

Offline

#18 2019-11-28 2:00 pm

NeoFox
Member
From: WI, USA, Earth
Registered: 2013-09-26
Posts: 830
Website

Re: two ip owned ddos-guard.net hit the spam list

Ohhhhh ok. I got ultra paranoid and thought either PHP or some Apache (server) stuff got misconfigured on an update...put my brain into over drive! LOL. smile

Offline

#19 2019-11-28 2:23 pm

JamesC
Member
Registered: 2010-01-09
Posts: 93
Website

Re: two ip owned ddos-guard.net hit the spam list

crazysmall wrote:

But this will not get ip 186.2.160.64 from the spam list, and will not help some users to add these ip there again

To be fair, SFS is run by volunteers; we can't expect "immediate" results like we might from a paid service. Pedigree will remove DDoS-Guard's IPs (currently two) when he has a spare moment. smile

There are several IPs in the database that shouldn't appear. For example, the Cloudflare DNS resolution service at 1.1.1.1 currently has 5 entries, two of which have Evidence fields showing Cloudflare reverse proxy IPs:
https://www.stopforumspam.com/evidence/184442419
https://www.stopforumspam.com/evidence/184442436

Yeah, it'd be nice if people would do some basic error-checking before listing IPs like these in the database. But if we query the correct IP -- and not assume that "an entry here = guaranteed spam" -- then entries such as these should not be a problem. smile

Offline

#20 2019-11-28 2:40 pm

JamesC
Member
Registered: 2010-01-09
Posts: 93
Website

Re: two ip owned ddos-guard.net hit the spam list

NeoFox wrote:

thought either PHP or some Apache (server) stuff got misconfigured on an update

Nah. Though my sites went wonky AF when my host switched from Apache to Litespeed without warning. Litespeed didn't have a Cloudflare mod at the time... sad

Offline

#21 2019-11-28 3:06 pm

Alex Kemp
Moderator
From: Nottingham, England
Registered: 2009-12-02
Posts: 2,420
Website

Re: two ip owned ddos-guard.net hit the spam list

JamesC wrote:

There are several IPs in the database that shouldn't appear.

Report them in this forum + send a link to your post to pedigree. The owners will get a warning and, if they do not immediately fix the issue, will have their API key(s) removed + banned.

Stupid is one thing & idiocy is another. SFS cannot afford to have either making reports into the DB.

Offline

#22 2019-11-28 3:08 pm

Papa Parrot
Member
From: Mexico
Registered: 2011-08-19
Posts: 1,826
Website

Re: two ip owned ddos-guard.net hit the spam list

I feel I need to use full quote here:

crazysmall>>> It was because of the proxy that I stopped sending reports to the site. If it helps, then for phpbb you need to make changes to the file " /etc/apache2/mods-enabled/rpaf.conf”, adding the following lines to it:
<IfModule rpaf_module>
    RPAFenable On
    # When enabled, take the incoming X-Host header and
    # update the virtualhost settings accordingly:
    RPAFsethostname On
    # Define which IP's are your frontend proxies that sends
    # the correct X-Forwarded-For headers:
    RPAFproxy_ips 186.2.160.0/24 77.220.207.192/27
    # Change the header name to parse from the default
    # X-Forwarded-For to something of your choice:
    # RPAFheader X-Real-IP
</IfModule>

But this will not get ip 186.2.160.64 from the spam list, and will not help some users to add these ip there again sad

I am getting the impression it was you / your server, that submitted these  to start with, in which case  you can also remove them, and should, use the  : My Spammers button.

Offline

#23 2019-11-29 10:29 am

crazysmall
Member
Registered: 2018-12-19
Posts: 9

Re: two ip owned ddos-guard.net hit the spam list

I assure you, I did not add any of the proxy servers to the spam list. Besides, already solved at itself a problem with identical ip addresses .

Offline

Board footer

Powered by FluxBB

Close
Close