Stop Forum Spam - Attack

[Adam Howard]

Many people here use StopForumSpam.com

Seems as though the spammers are fighting back

 

[Digital Doctor]

An error was encountered​

Error: Unable to fetch daily top ip_addr.

 

[Walter]

If the addons can't connect to SFS....
Hope the best.

 

[Adam Howard]

If the addons can't connect to SFS....
Hope the best.

Nothing is connecting to Stop Forum Spam right now.... The other two are still working though, but I admit their database isn't as big as SFS

 

[Walter]

And Fspamlist limits the queries to 5000 per day - not enough for big sites.

 

[Walter]

Update from Pedigree, the owner:

a couple of hours while PHP got a kick up the backside but since then, it looks like mysql completely ate itself and has been restarted now.

Source: http://www.stopforumspam.com/forum/viewtopic.php?id=4582

 

[Adam Howard]

Anyone with a VPS or Dedicate Server could use this

Command: crontab -e

0 12 * * * /home/spam.sh >/dev/null 2>&1

#!/bin/bash
 
IPT=”/sbin/iptables”
 
FILE=”/tmp/drop.lasso”
 
URL=”http://www.spamhaus.org/drop/drop.lasso”
 
echo “”
 
echo -n “Deleting DROP list from existing firewall…”
 
#This will delete all dropped ips from firewall
 
ipdel=$(cat $FILE  | egrep -v ‘^;’ | awk ‘{ print $1}’)
 
for ipblock in $ipdel
 
do
 
$IPT -D spamhaus-droplist -s $ipblock -j DROP
 
$IPT -D droplist -s $ipblock -j LOG –log-prefix “DROP Spamhaus List”
 
done
 
echo -n “Applying DROP list to existing firewall…”
 
#This will drop all ips from spamhaus list.
 
[ -f $FILE ] && /bin/rm -f $FILE || :
 
cd /tmp
 
wget $URL
 
blocks=$(cat $FILE  | egrep -v ‘^;’ | awk ‘{ print $1}’)
 
$IPT -N spamhaus-droplist
 
for ipblock in $blocks
 
do
 
$IPT -A droplist -s $ipblock -j LOG –log-prefix “DROP Spamhaus List”
 
$IPT -A droplist -s $ipblock -j DROP
 
done
 
$IPT -I INPUT -j droplist
 
$IPT -I OUTPUT -j droplist
 
$IPT -I FORWARD -j droplist
 
echo “…Done”

Now if I could figure out how to change this into an add-on for XenForo .... That would be cool. I've been playing with it, but I seem to have hit a wall.

 

[AlexT]

Deleted

 

[pedigree]

There wasn't a DoS or anything like that. PHP started to play up in that it was rejecting connections on the unix socket from the webserver. Once PHP restarted, mysql started to load way too much due to an issue with innodb is its lack of support for count(1), my mistake really. Once mysql restarted, the site was slow due to the caches being cold but once they warmed up, everything started working just fine. I've got new code coming that will remove a lot of these issues.

 

[Walter]

SFS was down for 10 minutes, massive packet loss.