1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Spam,hackers Ban these ips on your server/site

Discussion in 'Off Topic' started by zadow, Feb 28, 2013.

  1. zadow

    zadow Member

    Hope its the right place to post this
    My forum was spammed with some chinese hackers.
    Aparently they can get, past the keycaptha plugin.
    They also attack your ftp, on your server.

    The ip range is below.

    dont know if it cn tell something, on my server log they looked at
    before registering


    1 - Chinanet Jiangsu Province Network
    2 - Chinanet Jiangsu Province Network
    3 - Chinanet Jiangsu Province Network
    4 - Chinanet Jiangsu Province Network
    5 - Chinanet Jiangsu Province Network
    6 - Chinanet Jiangsu Province Network
    7 - Chinanet Jiangsu Province Network
    8 - Chinanet Jiangsu Province Network
    9 - Chinanet Jiangsu Province Network
    10 - Chinanet Jiangsu Province Network
    11 - Chinanet Jiangsu Province Network
    12 - Chinanet Jiangsu Province Network
    13 - Chinanet Jiangsu Province Network
    14 - Chinanet Jiangsu Province Network

    15 - Chinanet Jiangsu Province Network

    16 - Chinanet Jiangsu Province Network

    17 - Chinanet Jiangsu Province Network

    18 - Chinanet Jiangsu Province Network
  2. tenants

    tenants Well-Known Member

    Yes, before registering most bots (like XRumer) will look for relevant content to post to (this will fetch the .js and .css)

    But banning all bot/hacker IP addresses is going to get big quite quickly

    Adding IP's to the .htaccess / banned ip list is exhaustive... in my opinion, that is the job of API's , they store millions of IP addresses that are known for spamming
    For instance, I know that some of these IP's have been caught by StopBotters: cmroviagraonlineqal pankratovsergiy@gmail.com iwzau3389 t.i.an.k.d.s.
    (StopForumSpam seems to have picked some of them up too)

    If the Captcha is common and not user customisable, it's usually only a matter of time until it's used to train against (for instance, Googles ReCaptcha), even if it's javascript game / very hard to read image text

    I'm not a big fan of Captcha, but if you do like Captcha, you can try other Captcha that should still work:

    CustomImgCaptcha Custom user added images, not easy to targeted and very hard to solve with automation
    WE FIGHT SPAM (can use CustomImgCaptcha)
    Funny Img Catpcha (uses CustomImgCaptcha)
    Photo CAPTCHA (I do like this one, since much like CustomImgCaptcha you can customise your images)
    XF QapTcha (very human friendly, and uncommon)
    Are you Human(sp) (eng)
    Solve Media

    There is also the API approach (Jaxels XenUtils, StopSpamHere or AnyApi)
    or a multitude of mechanisms, like the registration timer / foolbothoneypot / cloudflare

    You can also ban country IP addresses (StopCountrySpam), or if you have mod_Geoip / GEOIP_COUNTRY_CODE, then you could use that, see here: http://dev.maxmind.com/geoip/mod_geoip2

    For the FTP, you can use something like FTP Enforcer (available in CPanel, but you might be able to download something similar). This can white list your IP address, or just use global time based access
    Brandon Sheley and zadow like this.
  3. Alien

    Alien Well-Known Member

  4. craigiri

    craigiri Well-Known Member

    Do you have a registration timer set? Most bots try to register quickly.
  5. zadow

    zadow Member

    i havent seen, an timer option in admin panel. is it an addon ?
  6. craigiri

    craigiri Well-Known Member

    Yes, try Deemings "Registration Form Timer" or Jaxels Xenutilies.

    We have a busy board and almost zero spam. Many others report the same.

    Set the time on something over 15 seconds. A human being will usually take 20 seconds or more to sign up, especially if your system requires birthday and a captcha.


    and stopcountryspam, etc.
    zadow likes this.
  7. ScottLott

    ScottLott Member

    Another idea for fighting spam is using a different sign up system completely.

    aMember is a digital content delivery system that uses an account based setup to deliver content to your users.

    It has an integration script that merges the XenForo and aMember accounts into one, then allows sign up only through aMember. Once the system is running, a single signup/login works on both systems automatically. Another words, all sign ups happen through aMember.

    Since aMember isn't commonly used with forums I've had zero automated bots successfully sign up, and that's without using a capatcha.

    Obviously, this is only practical for businesses selling digital products, but it's a good solution so far.
    tenants and zadow like this.
  8. tenants

    tenants Well-Known Member

    FoolBotHoneyPot Changes the registration page (customises all of the field names every sessions), but to be honest... if lots of people use lots of different mechanism, it's much harder for bots to beat

    So, yup... as long as it remains an uncommon mechanism, it's probably a good one for beating bots ;)
    Mouth likes this.

Share This Page