• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

XF 1.1 Can I ban by hostname?

#1
Probably 99% of spam sign ups are coming from vpn999.com IP's.

host27.server4.vpn999.com
host7.server9.vpn999.com
And so on ...

Is there a way I can block *.vpn999.com? I could almost guarantee that I have no legit users on my site using that.

My other option would be to stick this in the .htaccess and I think that would work.
Code:
order allow,deny
deny from .vpn999.com
allow from all
 
Last edited:

James

Well-known member
#2
Probably 99% of spam sign ups are coming from vpn999.com IP's.

host27.server4.vpn999.com
host7.server9.vpn999.com
And so on ...

Is there a way I can block *.vpn999.com? I could almost guarantee that I have no legit users on my site using that.

My other option would be to stick this in the .htaccess and I think that would work.
Code:
order allow,deny
deny from .vpn999.com
allow from all
Just stick that in htaccess anyway. Banning at server-level would be a much better method, as they won't come into contact with the XF software at all.
 

Biker

Well-known member
#3
Assuming you have root access, you can block using the following method.

First, determine the ip address of vpn999.com.

host -t a vpn999.com

This results in: vpn999.com has address 50.7.50.34

Then:

whois 50.7.50.34 | grep CIDR

Results in:
CIDR: 50.7.0.0/16
network:CIDR:50.7.50.32/29

Now input the CIDR into iptables:

iptables -A INPUT -s 50.7.0.0/16 -j DROP

Voila! domain is now blocked.
 
#4
Unfortunately, I don't have access to the root.

That would just block vpn999.com IP's right ... what about the subdomain's? Here are a few from looking at my last few banned users.

host27.server4.vpn999.com - 96.127.154.246
host21.server2.vpn999.com - 173.236.125.230
host46.server8.vpn999.com - 198.143.143.11
host33.server8.vpn999.com - 198.143.143.147, 198.143.143.150
host7.server9.vpn999.com - 198.143.144.19
 

Biker

Well-known member
#5
Most hosting companies have several CIDRs. It takes some time and patience, but eventually, using the method I detailed above, you can get most of them.

For example, the CIDR for host46.server8.vpn999.com is: 198.143.128.0/18 That would take care of host46, 33 and 7 in your list.
 
#6
Alright thanks. I'll keep what I have in my htaccess blocking .vpn999.com and will also start to record the different hostnames I see come through and see what I can come up with.
 
#8
Honestly, it's a time thing. I'd rather just block vpn999 than setup a Q&A system. I'm already using ReCAPTCHA and XenUtiles. I'll probably end up making one, but for right now I'd like to stop the spam from vpn999. I end up spending a good chunk of time cleaning up spam users right now.
 

AndyB

Well-known member
#9
All you need is one good Q&A and 98% of spammers will be foiled. just takes a few minutes to setup a Q&A.

ReCAPTCHA and XenUtiles apparently don't work very well, I don't use them. I only use one good Q&A and have zero spammers registering now.
 
#10
Just one question in the Q&A?

Any suggestions as to what makes a good question. I have seen, what's the name of the site, what's two + 2 ... things like that. What seems to work?
 

AndyB

Well-known member
#11
Just one question in the Q&A?

Any suggestions as to what makes a good question. I have seen, what's the name of the site, what's two + 2 ... things like that. What seems to work?
Correct I only use one Q&A.

Q&A works best if you have a forum that's specific to a certain topic. For example if you have a sailing forum:

Q: What is that big sheet that catches the wind called?
A: Sail
 

tenants

Well-known member
#16
There is no such thing as a good QA, the QA system has been beaten (for quite a while now) using textcaptcha.txt (and don't make it hard for humans/easy for bots)

http://xenforo.com/community/thread...-than-the-usual-spam-today.40965/#post-443697
http://xenforo.com/community/threads/xrumer.47637/#post-511130
http://xenforo.com/community/threads/xrumer-discussion.41538/page-2#post-447928
http://xenforo.com/community/threads/spam-prevention-help.52409/page-2#post-561019

If your textcapatch is working, they have not got around to adding yours yet (the XRumer users haven't bothered to see why they can't register on your forum...yet!), as soon as they do, this answer is shared with all XRumer users.

On the same note, ReCaptach has also been beaten (at least it had, but Google do make regular updates)

XF1.2 has some good antispam measures, if you can't wait until then, try some other anti-spam tools, there are plenty of CAPTCHA options (free)...

Butting using QA alone? no no no no no no no!

See here for a list of other CAPTCHA
 
Last edited:

tenants

Well-known member
#20
The you are a lucky Russian Roulette player, however.. .it is only since the 2012 update that it has been beaten. So you have been a lucky Russian Roulette player for over a year.

Don't take my word for it, google XRumer + TextCaptcha
(The links above show you when this update happened)