Spam,hackers Ban these ips on your server/site


Hope its the right place to post this
My forum was spammed with some chinese hackers.
Aparently they can get, past the keycaptha plugin.
They also attack your ftp, on your server.

The ip range is below.

dont know if it cn tell something, on my server log they looked at
before registering


1 - Chinanet Jiangsu Province Network
2 - Chinanet Jiangsu Province Network
3 - Chinanet Jiangsu Province Network
4 - Chinanet Jiangsu Province Network
5 - Chinanet Jiangsu Province Network
6 - Chinanet Jiangsu Province Network
7 - Chinanet Jiangsu Province Network
8 - Chinanet Jiangsu Province Network
9 - Chinanet Jiangsu Province Network
10 - Chinanet Jiangsu Province Network
11 - Chinanet Jiangsu Province Network
12 - Chinanet Jiangsu Province Network
13 - Chinanet Jiangsu Province Network
14 - Chinanet Jiangsu Province Network

15 - Chinanet Jiangsu Province Network

16 - Chinanet Jiangsu Province Network

17 - Chinanet Jiangsu Province Network

18 - Chinanet Jiangsu Province Network


Well-known member
Yes, before registering most bots (like XRumer) will look for relevant content to post to (this will fetch the .js and .css)

But banning all bot/hacker IP addresses is going to get big quite quickly

Adding IP's to the .htaccess / banned ip list is exhaustive... in my opinion, that is the job of API's , they store millions of IP addresses that are known for spamming
For instance, I know that some of these IP's have been caught by StopBotters: cmroviagraonlineqal iwzau3389
(StopForumSpam seems to have picked some of them up too)

If the Captcha is common and not user customisable, it's usually only a matter of time until it's used to train against (for instance, Googles ReCaptcha), even if it's javascript game / very hard to read image text

I'm not a big fan of Captcha, but if you do like Captcha, you can try other Captcha that should still work:

CustomImgCaptcha Custom user added images, not easy to targeted and very hard to solve with automation
WE FIGHT SPAM (can use CustomImgCaptcha)
Funny Img Catpcha (uses CustomImgCaptcha)
Photo CAPTCHA (I do like this one, since much like CustomImgCaptcha you can customise your images)
XF QapTcha (very human friendly, and uncommon)
Are you Human(sp) (eng)
Solve Media

There is also the API approach (Jaxels XenUtils, StopSpamHere or AnyApi)
or a multitude of mechanisms, like the registration timer / foolbothoneypot / cloudflare

You can also ban country IP addresses (StopCountrySpam), or if you have mod_Geoip / GEOIP_COUNTRY_CODE, then you could use that, see here:

For the FTP, you can use something like FTP Enforcer (available in CPanel, but you might be able to download something similar). This can white list your IP address, or just use global time based access


Well-known member
Yes, try Deemings "Registration Form Timer" or Jaxels Xenutilies.

We have a busy board and almost zero spam. Many others report the same.

Set the time on something over 15 seconds. A human being will usually take 20 seconds or more to sign up, especially if your system requires birthday and a captcha.

and stopcountryspam, etc.


Another idea for fighting spam is using a different sign up system completely.

aMember is a digital content delivery system that uses an account based setup to deliver content to your users.

It has an integration script that merges the XenForo and aMember accounts into one, then allows sign up only through aMember. Once the system is running, a single signup/login works on both systems automatically. Another words, all sign ups happen through aMember.

Since aMember isn't commonly used with forums I've had zero automated bots successfully sign up, and that's without using a capatcha.

Obviously, this is only practical for businesses selling digital products, but it's a good solution so far.


Well-known member
FoolBotHoneyPot Changes the registration page (customises all of the field names every sessions), but to be honest... if lots of people use lots of different mechanism, it's much harder for bots to beat

So, yup... as long as it remains an uncommon mechanism, it's probably a good one for beating bots ;)