• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Spam,hackers Ban these ips on your server/site

#1
Hope its the right place to post this
My forum was spammed with some chinese hackers.
Aparently they can get, past the keycaptha plugin.
They also attack your ftp, on your server.


The ip range is below.


dont know if it cn tell something, on my server log they looked at
before registering
mysite/js/xenforo/xenforo.js?_v=bba17b4a

mysite/css.php?css=bb_code,bbcm_js,likes_summary,login_bar,message,message_user_info,share_page,thread_view&style=1&dir=LTR&d=1362040771



1 114.216.0.0 - 114.223.255.255 Chinanet Jiangsu Province Network
2 114.224.0.0 - 114.239.255.255 Chinanet Jiangsu Province Network
3 117.60.0.0 - 117.63.255.255 Chinanet Jiangsu Province Network
4 117.80.0.0 - 117.95.255.255 Chinanet Jiangsu Province Network
5 180.96.0.0 - 180.127.255.255 Chinanet Jiangsu Province Network
6 202.102.0.0 - 202.102.127.255 Chinanet Jiangsu Province Network
7 218.2.0.0 - 218.4.255.255 Chinanet Jiangsu Province Network
8 218.90.0.0 - 218.94.255.255 Chinanet Jiangsu Province Network
9 221.224.0.0 - 221.231.255.255 Chinanet Jiangsu Province Network
10 222.184.0.0 - 222.191.255.255 Chinanet Jiangsu Province Network
11 222.92.0.0 - 222.95.255.255 Chinanet Jiangsu Province Network
12 49.64.0.0 - 49.95.255.255 Chinanet Jiangsu Province Network
13 58.208.0.0 - 58.223.255.255 Chinanet Jiangsu Province Network
14 61.132.0.0 - 61.132.127.255 Chinanet Jiangsu Province Network
CIDR:
61.132.0.0/17


15 61.147.0.0 - 61.147.255.255 Chinanet Jiangsu Province Network
CIDR:
61.147.0.0/16


16 61.155.0.0 - 61.155.255.255 Chinanet Jiangsu Province Network
CIDR:
61.155.0.0/16


17 61.160.0.0 - 61.160.255.255 Chinanet Jiangsu Province Network
CIDR:
61.160.0.0/16


18 61.177.0.0 - 61.177.255.255 Chinanet Jiangsu Province Network
CIDR:
61.177.0.0/16
 

tenants

Well-known member
#2
Yes, before registering most bots (like XRumer) will look for relevant content to post to (this will fetch the .js and .css)

But banning all bot/hacker IP addresses is going to get big quite quickly

Adding IP's to the .htaccess / banned ip list is exhaustive... in my opinion, that is the job of API's , they store millions of IP addresses that are known for spamming
For instance, I know that some of these IP's have been caught by StopBotters:
114.216.240.105 cmroviagraonlineqal pankratovsergiy@gmail.com
182.114.216.106 iwzau3389 t.i.an.k.d.s.2.0.1.2@gmail.com
(StopForumSpam seems to have picked some of them up too)


If the Captcha is common and not user customisable, it's usually only a matter of time until it's used to train against (for instance, Googles ReCaptcha), even if it's javascript game / very hard to read image text

I'm not a big fan of Captcha, but if you do like Captcha, you can try other Captcha that should still work:

CustomImgCaptcha Custom user added images, not easy to targeted and very hard to solve with automation
WE FIGHT SPAM (can use CustomImgCaptcha)
Funny Img Catpcha (uses CustomImgCaptcha)
Photo CAPTCHA (I do like this one, since much like CustomImgCaptcha you can customise your images)
XF QapTcha (very human friendly, and uncommon)
Are you Human(sp) (eng)
Solve Media

There is also the API approach (Jaxels XenUtils, StopSpamHere or AnyApi)
or a multitude of mechanisms, like the registration timer / foolbothoneypot / cloudflare

You can also ban country IP addresses (StopCountrySpam), or if you have mod_Geoip / GEOIP_COUNTRY_CODE, then you could use that, see here: http://dev.maxmind.com/geoip/mod_geoip2

For the FTP, you can use something like FTP Enforcer (available in CPanel, but you might be able to download something similar). This can white list your IP address, or just use global time based access
 

craigiri

Well-known member
#6
Yes, try Deemings "Registration Form Timer" or Jaxels Xenutilies.

We have a busy board and almost zero spam. Many others report the same.

Set the time on something over 15 seconds. A human being will usually take 20 seconds or more to sign up, especially if your system requires birthday and a captcha.

http://xenforo.com/community/resources/authors/chris-deeming.11388/
http://xenforo.com/community/resources/8wayrun-com-xenutiles-tools.104/


also
http://xenforo.com/community/resour...pam-bots-from-hogging-cpu-and-bandwidth.1403/
and stopcountryspam, etc.
 
#7
Another idea for fighting spam is using a different sign up system completely.
http://www.amember.com

aMember is a digital content delivery system that uses an account based setup to deliver content to your users.

It has an integration script that merges the XenForo and aMember accounts into one, then allows sign up only through aMember. Once the system is running, a single signup/login works on both systems automatically. Another words, all sign ups happen through aMember.

Since aMember isn't commonly used with forums I've had zero automated bots successfully sign up, and that's without using a capatcha.

Obviously, this is only practical for businesses selling digital products, but it's a good solution so far.
 

tenants

Well-known member
#8
FoolBotHoneyPot Changes the registration page (customises all of the field names every sessions), but to be honest... if lots of people use lots of different mechanism, it's much harder for bots to beat

So, yup... as long as it remains an uncommon mechanism, it's probably a good one for beating bots ;)