Major spam

Per · Postby **Per** » Tue 01 Aug 2006 3:41 pm

Andrew, I am trying to send you a pm, but it doesnÃ‚Â´t seen to reach you.

Postby **Andrew MacLean** » Tue 01 Aug 2006 4:11 pm

PM arrived and I have responded!

Andrew

Postby **John Smith** » Tue 01 Aug 2006 11:59 pm

Oh well, it's come to this.

Doing some analysis of where the spam comes from, there is an incredibly high correlation.

Almost all of the spam comes from outside Europe. Almost all the spam comes from countries where English is not widely spoken.

The sheer volume of "attacks" on the web server has grown to unacceptible levels. Something has got to be done, or the Group will be facing large bills for excess bandwidth usage. Drastic action is called for.

Drastic action: at a web-server level, deny access to those countries where most of the attacks and spam originate. This of course will mean that any legitimate visitor from the affected countries will also lose their access.

But something just HAD to be done.

So we can bid farewell to the Ukraine, Russia, Peru and China. Although kudos to the chinese who managed to get out of their country in the first place!

Paul Osborne · Postby **Paul Osborne** » Fri 04 Aug 2006 2:07 pm

John,

If you do decide to investigate the authentication route again, there are certainly other plugins available for say WordPress (so again php so code porting should be minimal effort) that instead of doing the unreadable letters ask the user to input the sum of two small numbers which are randomly generated (ie add 6 + 7).

I can send you details if you like.

Regards

Paul

Postby **John Smith** » Fri 04 Aug 2006 9:29 pm

Thanks Paul, that does sound interesting...

The blocking by source country for those wayward parts of the world seems to be working quite well already. I only deleted 1 spam user today, and I've not been running the system a week yet!

I've also found a phpbb mod that won't accept registrations from IP addresses that are in DNSBL-type blacklists. That sounds good too.

Alison Fisher · Postby **Alison Fisher** » Sun 06 Aug 2006 12:30 pm

Hi John

I was telling my friends about your efforts to curb spammers and they would like to know how you block entire countries like that. Is it easy to do?

I like the sound of the IP banning thing too. Can you point me in the right direction on how to do that as well?

TIA, Ali

Postby **John Smith** » Sun 06 Aug 2006 3:48 pm

Hi Alison,

This is what I've placed in my "httpd.conf" for the KC group virtual server...

Code: Select all

   <location />
        Deny from 195.225.176.0/255.255.251.0
        Deny from 195.225.176.0/24
        Deny from 218.98.32.0/18
        Deny from .ar .br .co .kr .ua
        Deny from .sa
        Deny from .cn
        Deny from .pe .ru .sk .th
        # Oh dear, it's in spain, just block the single ISP...
        Deny from .rima-tde.net
   </location>

As you can see, it's easy to block a particular range of IP addresses (you can get the range/netmask from a WHOIS lookup on the IP address), or a single country. Note that the ".ar" etc bits rely on reverse-DNS being setup. That's why I'm looking into the DNSBL mod. One such mod is at http://web-professor.net/wp/category/misc/phpbb/, but I've not installed any of these yet.

Alison Fisher · Postby **Alison Fisher** » Tue 08 Aug 2006 3:07 am

Thanks ever so much for that John. It's really appreciated.

I've passed it on to my more techie minded friends. I'll let you know how it goes.

Paul Osborne · Postby **Paul Osborne** » Tue 08 Aug 2006 8:06 am

John Smith wrote:Thanks Paul, that does sound interesting...

OK here is the link for the maths test:

http://www.herod.net/dypm/

Paul

UK Keratoconus Self-Help and Support Association

Major spam

Who is online