1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XF 1.1 Can I ban by hostname?

Discussion in 'XenForo Questions and Support' started by Donnie La Curan, Jul 11, 2013.

  1. Donnie La Curan

    Donnie La Curan Active Member

    Probably 99% of spam sign ups are coming from vpn999.com IP's.

    host27.server4.vpn999.com
    host7.server9.vpn999.com
    And so on ...

    Is there a way I can block *.vpn999.com? I could almost guarantee that I have no legit users on my site using that.

    My other option would be to stick this in the .htaccess and I think that would work.
    Code:
    order allow,deny
    deny from .vpn999.com
    allow from all
     
    Last edited: Jul 11, 2013
  2. James

    James Well-Known Member

    Just stick that in htaccess anyway. Banning at server-level would be a much better method, as they won't come into contact with the XF software at all.
     
    tenants likes this.
  3. Biker

    Biker Well-Known Member

    Assuming you have root access, you can block using the following method.

    First, determine the ip address of vpn999.com.

    host -t a vpn999.com

    This results in: vpn999.com has address 50.7.50.34

    Then:

    whois 50.7.50.34 | grep CIDR

    Results in:
    CIDR: 50.7.0.0/16
    network:CIDR:50.7.50.32/29

    Now input the CIDR into iptables:

    iptables -A INPUT -s 50.7.0.0/16 -j DROP

    Voila! domain is now blocked.
     
  4. Donnie La Curan

    Donnie La Curan Active Member

    Unfortunately, I don't have access to the root.

    That would just block vpn999.com IP's right ... what about the subdomain's? Here are a few from looking at my last few banned users.

    host27.server4.vpn999.com - 96.127.154.246
    host21.server2.vpn999.com - 173.236.125.230
    host46.server8.vpn999.com - 198.143.143.11
    host33.server8.vpn999.com - 198.143.143.147, 198.143.143.150
    host7.server9.vpn999.com - 198.143.144.19
     
  5. Biker

    Biker Well-Known Member

    Most hosting companies have several CIDRs. It takes some time and patience, but eventually, using the method I detailed above, you can get most of them.

    For example, the CIDR for host46.server8.vpn999.com is: 198.143.128.0/18 That would take care of host46, 33 and 7 in your list.
     
  6. Donnie La Curan

    Donnie La Curan Active Member

    Alright thanks. I'll keep what I have in my htaccess blocking .vpn999.com and will also start to record the different hostnames I see come through and see what I can come up with.
     
  7. AndyB

    AndyB Well-Known Member

    Why not set up a strong Question & Answer system instead?
     
  8. Donnie La Curan

    Donnie La Curan Active Member

    Honestly, it's a time thing. I'd rather just block vpn999 than setup a Q&A system. I'm already using ReCAPTCHA and XenUtiles. I'll probably end up making one, but for right now I'd like to stop the spam from vpn999. I end up spending a good chunk of time cleaning up spam users right now.
     
  9. AndyB

    AndyB Well-Known Member

    All you need is one good Q&A and 98% of spammers will be foiled. just takes a few minutes to setup a Q&A.

    ReCAPTCHA and XenUtiles apparently don't work very well, I don't use them. I only use one good Q&A and have zero spammers registering now.
     
  10. Donnie La Curan

    Donnie La Curan Active Member

    Just one question in the Q&A?

    Any suggestions as to what makes a good question. I have seen, what's the name of the site, what's two + 2 ... things like that. What seems to work?
     
  11. AndyB

    AndyB Well-Known Member

    Correct I only use one Q&A.

    Q&A works best if you have a forum that's specific to a certain topic. For example if you have a sailing forum:

    Q: What is that big sheet that catches the wind called?
    A: Sail
     
  12. Donnie La Curan

    Donnie La Curan Active Member

    Alright thanks, I'll see what I can come up with.
     
  13. Donnie La Curan

    Donnie La Curan Active Member

    Gonna try this for an auto forum.

    Q: Which company makes the Civic and Accord?
    A: Honda
     
  14. AndyB

    AndyB Well-Known Member

    Might be too easy. Here's one that's more difficult:

    Q: What is that thing that moves up and down in an engines cylinder called?
    A: Piston
     
  15. Donnie La Curan

    Donnie La Curan Active Member

    That's good, but I think that might be too technical for some people. How's this?

    Q: What's a windshield typically made from?
    A: Glass
     
  16. tenants

    tenants Well-Known Member

    There is no such thing as a good QA, the QA system has been beaten (for quite a while now) using textcaptcha.txt (and don't make it hard for humans/easy for bots)

    http://xenforo.com/community/thread...-than-the-usual-spam-today.40965/#post-443697
    http://xenforo.com/community/threads/xrumer.47637/#post-511130
    http://xenforo.com/community/threads/xrumer-discussion.41538/page-2#post-447928
    http://xenforo.com/community/threads/spam-prevention-help.52409/page-2#post-561019

    If your textcapatch is working, they have not got around to adding yours yet (the XRumer users haven't bothered to see why they can't register on your forum...yet!), as soon as they do, this answer is shared with all XRumer users.

    On the same note, ReCaptach has also been beaten (at least it had, but Google do make regular updates)

    XF1.2 has some good antispam measures, if you can't wait until then, try some other anti-spam tools, there are plenty of CAPTCHA options (free)...

    Butting using QA alone? no no no no no no no!

    See here for a list of other CAPTCHA
     
    Last edited: Jul 11, 2013
  17. AndyB

    AndyB Well-Known Member

    That would be good. You might also include 'sand' as one of the answers for the more technical crowd.
     
  18. tenants

    tenants Well-Known Member

    Silicon dioxide for the chemists among us, but still .. QA = (n)
     
  19. AndyB

    AndyB Well-Known Member

    I've been using a single Q&A for about 7 years now with great success. I change the question about once a year.
     
  20. tenants

    tenants Well-Known Member

    The you are a lucky Russian Roulette player, however.. .it is only since the 2012 update that it has been beaten. So you have been a lucky Russian Roulette player for over a year.

    Don't take my word for it, google XRumer + TextCaptcha
    (The links above show you when this update happened)
     

Share This Page