Many visitors from russia and so on

[AndreaMarucci]

Some minutes ago I've on my forum many guest that are in unknown places on the forum with IP referring to russia in most of the cases. 10 minutes later they're all disappeared...

These are some

31.180.102.215 xDSL-31-180-102-215.soes.su
213.110.199.254 ip-199-254.users.r2tv.ru
178.234.170.191 X191.bbn07-170.lipetsk.ru
95.188.11.25 dnm.25.11.188.95.dsl.krasnet.ru
5.1.6.22 5-1-6-22-dynamic.retail.datagroup.ua
2.60.60.217 host-2-60-60-217.pppoe.omsknet.ru
188.233.30.87 net30.233.188-87.ertelecom.ru
178.64.113.240 ip-240-113-064-178.pools.atnet.ru

What do you think it's happening? No problems by now, the forum works as always.

 

[tenants]

In most cases, they are often sending request as a POST directly to the registration form request page: login/login or register/register, or somewhere else related to registration (often using something like Xrumer)

This is where most of my Russina/China IP addresses would go without StopCountrySpam
You can check your server logs on the actual server to be sure (make sure they aren't attempting to brute force / hack a particular area)

To be honest, if they haven't managing to register, I wouldn't worry about it too much

But have a look at your logs, I'm intersted anyway

 

[AndreaMarucci]

The registration on my board are closed so it's not possible to register without an invite. What exactly is StopCountrySpam? Does exist a sort of htaccess to block the most popular attempt to hack?

 

[tenants]

That doesn't stop them from trying (in some ways most bots are rather stupid and just send the post request / attempt to go to an area regardless), however don't quote me on saying "bots are stupid", they have lots of very clever techniques, but it's often no worth checking to see if a board is active or not before sending a request ... or attempting to "go to an area"

StopCountrySpam is just an IP look up, it looks up the country of the IP address and prevents registration based on that. It's by no means full proof, since many bot users will use proxies, but it's useful for many manual spammers that do not use proxies

("attempt to hack" could mean a lot of things, and there will never exist a method that can stop all hack attempts, even if your board is closed for registration, but "attempting to register with bots" can be stopped in lots of ways)

Using htaccess to stop countries from even browsing will also not stop proxy users

 

[tenants]

Do you know where your server access logs are,

use an FTP client, and it's usually somewhere like:

/access-logs/yourforum.com

Then you can search for the particular IP address for instance:

78.137.88.191 - - [26/Oct/2012:12:07:46 +0100] "POST /login/login HTTP/1.0" 200 17056 "h ttp://ww w.yourforum/" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.57 Safari/536.11"

(I know this user was blocked, since they used a RU IP address)

 

[AndreaMarucci]

Maybe should be good to create an htaccess that block all users from specific countries as they exist for other web script...

 

[tenants]

People who hack websites (even script kiddies) often know about the basic of using proxies, you'd only be targeting those that aren't attempting to hack your website

But, you can do it.... there's just not that much point

Did you look at the access logs on your server? You can often tell quite a lot from those (and I'm almost certain the RU IP addresses will be using Xrumer / a variant to attempt to register)

I get lots of visitors from Russia and China try to register with bots everyday (and yet my forum is a very local niche forum, not relevant to any other country other than the UK)

 

[AndreaMarucci]

My provider told me to try to banne the user agents and I think this one is a good idea. I'm reading the access log to see if there are common user agents for these IP...

 

[craigiri]

I don't see any reason to spend too much time on banning guests......all they do is use up a tiny bit of bandwidth. I have never had problems with them in 10 years of forum use.

 

[Adam Howard]

I don't see any reason to spend too much time on banning guests......all they do is use up a tiny bit of bandwidth. I have never had problems with them in 10 years of forum use.

Agreed.

The only "guest" you technically need to worry about are hackers, but if you happen to attract such an individual neither banning an IP address or county is going to do you any good anyways.