Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




701 posts

Ultimate Geek

Trusted

# 67980 12-Sep-2010 14:39
Send private message

I host or administer several websites in a private capacity,

I've found from time to time I get a flurry of spam type web form submissions and almost without exception they're from the same outfit - Bharti Tele-Ventures Limited - an Indian ISP.

I currently have traffic from full /12 firewalled off to prevent it. Unfortunately at least one of the sites I administer is vhosted with an ISP and not on my own machine, so firewalling is then less of an option (maybe I need to learn some more .htaccess hax ...)

Is anyone else seeing similar or is it just me being graced with such attention? :) Coz I can do without it, tbh.

(don't get me started on retarded attempts to resolve stuff on my internal-use-only RBL, which somehow got onto someones mass lookup table, which subsequently had me receiving a bunch of random 'we've closed our open relay, please unblock us' from mail admins in asia and eastern europe who've never actually had a mail rejection from me so don't actually _need_ to be unblocked... or on the several dozen IP addresses i've had to block from port 53 on my DNS server because they keep bombarding me with lookups for my rbl zone despite being sent an error, and never an actual response... )




No signature to see here, move along...

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
BDFL - Memuneh
64651 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 379028 12-Sep-2010 14:46
Send private message

Do like we do here on Geekzone. Resolve the IP address using an IP-geo table and simply block from some countries (our list is quite good these days). Email for details if you want.







701 posts

Ultimate Geek

Trusted

  # 379031 12-Sep-2010 14:56
Send private message

Do blocked countrys get a graceful 'youre blocked' notice or do they simply not work?

Are you able to do it on a by-URL basis?

I'd love a .htaccess type thing that let me block particular URLs (say, the contact forms) ...




No signature to see here, move along...

 
 
 
 


BDFL - Memuneh
64651 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 379034 12-Sep-2010 15:01
Send private message

We simply redirect to default.asp when non-trusted users try to access some URLs (mainly the forum reply URLs and PM) from some countries. Otherwise they could just start using proxies (which some already do sometimes anyway).

The solution is based on a SQL table loaded with IP and country information. We then lookup the IP address in the table and find the corresponding ISO code. That's how we also find our flags.

It's part of our scripts, easily translated to other engines - PHP, etc.







701 posts

Ultimate Geek

Trusted

  # 379037 12-Sep-2010 15:04
Send private message

Well I don't touch ASP to start with ;-)

You have inspired me, however.

http://www.maxmind.com/app/mod_geoip is something i'm going to look at .




No signature to see here, move along...

BDFL - Memuneh
64651 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 379044 12-Sep-2010 15:23
Send private message

BlakJak: Well I don't touch ASP to start with ;-)

You have inspired me, however.

http://www.maxmind.com/app/mod_geoip is something i'm going to look at .


I already said you can use it with any script engine. It's four or five lines, so not hard to translate. But if you want something on Apache, then that's a good solution.







1598 posts

Uber Geek
Inactive user


  # 379110 12-Sep-2010 19:54
Send private message

I know in PHP you can just resolve the users ip to their reverse dns name.
Simply use:

$usersdns = gethostbyaddr($_SERVER['REMOTE_ADDR']);

Then get the last portion of their dns name, which should have their ccTLD in it, and block based on the ccTLD.
Though this does not always work, as some ISPs dont set a reverse dns entry, however, I have found it to work most of the time.

BDFL - Memuneh
64651 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 379111 12-Sep-2010 19:56
Send private message

codyc1515: I know in PHP you can just resolve the users ip to their reverse dns name.
Simply use:

$usersdns = gethostbyaddr($_SERVER['REMOTE_ADDR']);

Then get the last portion of their dns name, which should have their ccTLD in it, and block based on the ccTLD.


You would be killing your server if you do this. Performing reverse DNS lookups in your script would add to much to the script runtime. Also the ccTLD wouldn't be reliable.

A local Geo IP database lookup is much more efficient, and you should really only do it in the pages where input is allowed - and sometimes only at validation time.

It's all about the speed on the Internet...





 
 
 
 




701 posts

Ultimate Geek

Trusted

  # 379118 12-Sep-2010 20:23
Send private message

Not to mention that lack of PTR record is usually hand-in-hand with a doesnt-care-about-spammers approach to the interwebs.




No signature to see here, move along...

308 posts

Ultimate Geek


  # 379122 12-Sep-2010 20:46
Send private message

Not sure if it's an option as you don't manage the servers, but in my opinion mod_security is the most flexible way to deal with form spamming (if you use Apache, obviously). It can inspect the POST body, so it's far more effective than mod_rewrite tricks. mod_security can also use RBLs and GeoIP queries.

Mr Snotty
8869 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  # 379157 12-Sep-2010 22:53
Send private message

What about using something like http://www.google.com/recaptcha to protect your web forms? It's easy to implement and also most of your real site visitors can read.




BDFL - Memuneh
64651 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 379158 12-Sep-2010 23:09
Send private message

It only works against robots. Indian spam workers are cheap workforce and will go through captchas with no problems.

They also post close to relevant comments to go past automated filters or blog owners who are not paying attention.




Mr Snotty
8869 posts

Uber Geek

Moderator
Trusted
Lifetime subscriber

  # 379163 13-Sep-2010 00:09
Send private message

freitasm: It only works against robots. Indian spam workers are cheap workforce and will go through captchas with no problems.

They also post close to relevant comments to go past automated filters or blog owners who are not paying attention.


Ah right, Spam is getting smarter these days. 




308 posts

Ultimate Geek


  # 379366 13-Sep-2010 17:11
Send private message

I think a captcha or hidden field may work. It is true that workforce to enter captchas can be hired, but I guess they use the resources to add fake ads in sites like craiglist or create email accounts that they can use to keep the spam circle, not spamming through site forms.

Spammers usually employ customised web browsers or robots, so using mod_rewrite to filter suspicious User Agents won't block 100% of the spam but it's so easy to implement that it may worth the effort. You can see a list of suspicious user agents at http://www.projecthoneypot.org/comment_spammer_useragents.php?dt=7 , but it's better to check your logs to identify the agents that are bugging you (my unsuccessful spammers tend to like Deepnet Explorer or Crazy Browser 1.0.5 :) )

If you are willing to add some coding to your forms you may use the akismet API (very popular in Wordpress blogs), so they can evaluate in real-time if a submission is legit or spam
http://akismet.com/development/



701 posts

Ultimate Geek

Trusted

  # 379382 13-Sep-2010 17:45
Send private message

For the record, I have a captcha. It's a person, not a bot. The user agent was clean, too, a copy of the latest Firefox. Mauricio had it nailed in his response.




No signature to see here, move along...

262 posts

Ultimate Geek
Inactive user


  # 379384 13-Sep-2010 17:54
Send private message

michaelmurfy:
freitasm: It only works against robots. Indian spam workers are cheap workforce and will go through captchas with no problems.

They also post close to relevant comments to go past automated filters or blog owners who are not paying attention.


Ah right, Spam is getting smarter these days. 


Or dumber, depending on how you look at it. The fact that they can't rely on automated systems to do their work anymore... 

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Logitech introduces new Made for Google keyboard and mouse devices
Posted 16-Oct-2019 13:36


MATTR launches to accelerate decentralised identity
Posted 16-Oct-2019 10:28


Vodafone X-Squad powers up for customers
Posted 16-Oct-2019 08:15


D Link ANZ launches EXO Smart Mesh Wi Fi Routers with McAfee protection
Posted 15-Oct-2019 11:31


Major Japanese retailer partners with smart New Zealand technology IMAGR
Posted 14-Oct-2019 10:29


Ola pioneers one-time passcode feature to fight rideshare fraud
Posted 14-Oct-2019 10:24


Spark Sport new home of NZC matches from 2020
Posted 10-Oct-2019 09:59


Meet Nola, Noel Leeming's new digital employee
Posted 4-Oct-2019 08:07


Registrations for Sprout Accelerator open for 2020 season
Posted 4-Oct-2019 08:02


Teletrac Navman welcomes AI tech leader Jens Meggers as new President
Posted 4-Oct-2019 07:41


Vodafone makes voice of 4G (VoLTE) official
Posted 4-Oct-2019 07:36


2degrees Reaches Milestone of 100,000 Broadband Customers
Posted 1-Oct-2019 09:17


Nokia 1 Plus available in New Zealand from 2nd October
Posted 30-Sep-2019 17:46


Ola integrates Apple Pay as payment method in New Zealand
Posted 25-Sep-2019 09:51


Facebook Portal to land in New Zealand
Posted 19-Sep-2019 18:35



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.