1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Many visitors from russia and so on

Discussion in 'General XenForo Discussion and Feedback' started by AndreaMarucci, Oct 26, 2012.

  1. AndreaMarucci

    AndreaMarucci Well-Known Member

    Some minutes ago I've on my forum many guest that are in unknown places on the forum with IP referring to russia in most of the cases. 10 minutes later they're all disappeared...

    These are some xDSL-31-180-102-215.soes.su ip-199-254.users.r2tv.ru X191.bbn07-170.lipetsk.ru dnm. 5-1-6-22-dynamic.retail.datagroup.ua host-2-60-60-217.pppoe.omsknet.ru net30.233.188-87.ertelecom.ru ip-240-113-064-178.pools.atnet.ru

    What do you think it's happening? No problems by now, the forum works as always.
  2. tenants

    tenants Well-Known Member

    In most cases, they are often sending request as a POST directly to the registration form request page: login/login or register/register, or somewhere else related to registration (often using something like Xrumer)

    This is where most of my Russina/China IP addresses would go without StopCountrySpam
    You can check your server logs on the actual server to be sure (make sure they aren't attempting to brute force / hack a particular area)

    To be honest, if they haven't managing to register, I wouldn't worry about it too much

    But have a look at your logs, I'm intersted anyway
  3. AndreaMarucci

    AndreaMarucci Well-Known Member

    The registration on my board are closed so it's not possible to register without an invite. What exactly is StopCountrySpam? Does exist a sort of htaccess to block the most popular attempt to hack?
  4. tenants

    tenants Well-Known Member

    That doesn't stop them from trying (in some ways most bots are rather stupid and just send the post request / attempt to go to an area regardless), however don't quote me on saying "bots are stupid", they have lots of very clever techniques, but it's often no worth checking to see if a board is active or not before sending a request ... or attempting to "go to an area"

    StopCountrySpam is just an IP look up, it looks up the country of the IP address and prevents registration based on that. It's by no means full proof, since many bot users will use proxies, but it's useful for many manual spammers that do not use proxies

    ("attempt to hack" could mean a lot of things, and there will never exist a method that can stop all hack attempts, even if your board is closed for registration, but "attempting to register with bots" can be stopped in lots of ways)

    Using htaccess to stop countries from even browsing will also not stop proxy users
  5. tenants

    tenants Well-Known Member

    Do you know where your server access logs are,

    use an FTP client, and it's usually somewhere like:


    Then you can search for the particular IP address for instance: - - [26/Oct/2012:12:07:46 +0100] "POST /login/login HTTP/1.0" 200 17056 "h ttp://ww w.yourforum/" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.57 Safari/536.11"

    (I know this user was blocked, since they used a RU IP address)
  6. AndreaMarucci

    AndreaMarucci Well-Known Member

    Maybe should be good to create an htaccess that block all users from specific countries as they exist for other web script...
  7. tenants

    tenants Well-Known Member

    People who hack websites (even script kiddies) often know about the basic of using proxies, you'd only be targeting those that aren't attempting to hack your website

    But, you can do it.... there's just not that much point

    Did you look at the access logs on your server? You can often tell quite a lot from those (and I'm almost certain the RU IP addresses will be using Xrumer / a variant to attempt to register)

    I get lots of visitors from Russia and China try to register with bots everyday (and yet my forum is a very local niche forum, not relevant to any other country other than the UK)
  8. AndreaMarucci

    AndreaMarucci Well-Known Member

    My provider told me to try to banne the user agents and I think this one is a good idea. I'm reading the access log to see if there are common user agents for these IP...
  9. craigiri

    craigiri Well-Known Member

    I don't see any reason to spend too much time on banning guests......all they do is use up a tiny bit of bandwidth. I have never had problems with them in 10 years of forum use.
    Adam Howard likes this.
  10. Adam Howard

    Adam Howard Well-Known Member


    The only "guest" you technically need to worry about are hackers, but if you happen to attract such an individual neither banning an IP address or county is going to do you any good anyways.
    tenants likes this.

Share This Page