XF 1.1 Can I ban by hostname?

[Donnie La Curan]

Probably 99% of spam sign ups are coming from vpn999.com IP's.

host27.server4.vpn999.com
host7.server9.vpn999.com
And so on ...

Is there a way I can block *.vpn999.com? I could almost guarantee that I have no legit users on my site using that.

My other option would be to stick this in the .htaccess and I think that would work.

order allow,deny
deny from .vpn999.com
allow from all

 

[James]

Probably 99% of spam sign ups are coming from vpn999.com IP's.

host27.server4.vpn999.com
host7.server9.vpn999.com
And so on ...

Is there a way I can block *.vpn999.com? I could almost guarantee that I have no legit users on my site using that.

My other option would be to stick this in the .htaccess and I think that would work.

order allow,deny
deny from .vpn999.com
allow from all

Just stick that in htaccess anyway. Banning at server-level would be a much better method, as they won't come into contact with the XF software at all.

 

[Biker]

Assuming you have root access, you can block using the following method.

First, determine the ip address of vpn999.com.

host -t a vpn999.com

This results in: vpn999.com has address 50.7.50.34

Then:

whois 50.7.50.34 | grep CIDR

Results in:
CIDR: 50.7.0.0/16
network:CIDR:50.7.50.32/29

Now input the CIDR into iptables:

iptables -A INPUT -s 50.7.0.0/16 -j DROP

Voila! domain is now blocked.

 

[Donnie La Curan]

Unfortunately, I don't have access to the root.

That would just block vpn999.com IP's right ... what about the subdomain's? Here are a few from looking at my last few banned users.

host27.server4.vpn999.com - 96.127.154.246
host21.server2.vpn999.com - 173.236.125.230
host46.server8.vpn999.com - 198.143.143.11
host33.server8.vpn999.com - 198.143.143.147, 198.143.143.150
host7.server9.vpn999.com - 198.143.144.19

 

[Biker]

Most hosting companies have several CIDRs. It takes some time and patience, but eventually, using the method I detailed above, you can get most of them.

For example, the CIDR for host46.server8.vpn999.com is: 198.143.128.0/18 That would take care of host46, 33 and 7 in your list.

 

[Donnie La Curan]

Alright thanks. I'll keep what I have in my htaccess blocking .vpn999.com and will also start to record the different hostnames I see come through and see what I can come up with.

 

[AndyB]

Why not set up a strong Question & Answer system instead?

 

[Donnie La Curan]

Honestly, it's a time thing. I'd rather just block vpn999 than setup a Q&A system. I'm already using ReCAPTCHA and XenUtiles. I'll probably end up making one, but for right now I'd like to stop the spam from vpn999. I end up spending a good chunk of time cleaning up spam users right now.

 

[AndyB]

All you need is one good Q&A and 98% of spammers will be foiled. just takes a few minutes to setup a Q&A.

ReCAPTCHA and XenUtiles apparently don't work very well, I don't use them. I only use one good Q&A and have zero spammers registering now.

 

[Donnie La Curan]

Just one question in the Q&A?

Any suggestions as to what makes a good question. I have seen, what's the name of the site, what's two + 2 ... things like that. What seems to work?

 

[AndyB]

Just one question in the Q&A?

Any suggestions as to what makes a good question. I have seen, what's the name of the site, what's two + 2 ... things like that. What seems to work?

Correct I only use one Q&A.

Q&A works best if you have a forum that's specific to a certain topic. For example if you have a sailing forum:

Q: What is that big sheet that catches the wind called?
A: Sail

 

[Donnie La Curan]

Alright thanks, I'll see what I can come up with.

 

[Donnie La Curan]

Gonna try this for an auto forum.

Q: Which company makes the Civic and Accord?
A: Honda

 

[AndyB]

Gonna try this for an auto forum.

Q: Which company makes the Civic and Accord?
A: Honda

Might be too easy. Here's one that's more difficult:

Q: What is that thing that moves up and down in an engines cylinder called?
A: Piston

 

[Donnie La Curan]

That's good, but I think that might be too technical for some people. How's this?

Q: What's a windshield typically made from?
A: Glass

 

[tenants]

There is no such thing as a good QA, the QA system has been beaten (for quite a while now) using textcaptcha.txt (and don't make it hard for humans/easy for bots)

http://xenforo.com/community/thread...-than-the-usual-spam-today.40965/#post-443697
http://xenforo.com/community/threads/xrumer.47637/#post-511130
http://xenforo.com/community/threads/xrumer-discussion.41538/page-2#post-447928
http://xenforo.com/community/threads/spam-prevention-help.52409/page-2#post-561019

If your textcapatch is working, they have not got around to adding yours yet (the XRumer users haven't bothered to see why they can't register on your forum...yet!), as soon as they do, this answer is shared with all XRumer users.

On the same note, ReCaptach has also been beaten (at least it had, but Google do make regular updates)

XF1.2 has some good antispam measures, if you can't wait until then, try some other anti-spam tools, there are plenty of CAPTCHA options (free)...

Butting using QA alone? no no no no no no no!

See here for a list of other CAPTCHA

 

[AndyB]

That's good, but I think that might be too technical for some people. How's this?

Q: What's a windshield typically made from?
A: Glass

That would be good. You might also include 'sand' as one of the answers for the more technical crowd.

 

[tenants]

That would be good. You might also include 'sand' as one of the answers for the more technical crowd.

Silicon dioxide for the chemists among us, but still .. QA =

 

[AndyB]

Silicon dioxide for the chemists among us, but still .. QA =

I've been using a single Q&A for about 7 years now with great success. I change the question about once a year.

 

[tenants]

The you are a lucky Russian Roulette player, however.. .it is only since the 2012 update that it has been beaten. So you have been a lucky Russian Roulette player for over a year.

Don't take my word for it, google XRumer + TextCaptcha
(The links above show you when this update happened)