Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




639 posts

Ultimate Geek
+1 received by user: 79

Trusted

Topic # 67980 12-Sep-2010 14:39
Send private message

I host or administer several websites in a private capacity,

I've found from time to time I get a flurry of spam type web form submissions and almost without exception they're from the same outfit - Bharti Tele-Ventures Limited - an Indian ISP.

I currently have traffic from full /12 firewalled off to prevent it. Unfortunately at least one of the sites I administer is vhosted with an ISP and not on my own machine, so firewalling is then less of an option (maybe I need to learn some more .htaccess hax ...)

Is anyone else seeing similar or is it just me being graced with such attention? :) Coz I can do without it, tbh.

(don't get me started on retarded attempts to resolve stuff on my internal-use-only RBL, which somehow got onto someones mass lookup table, which subsequently had me receiving a bunch of random 'we've closed our open relay, please unblock us' from mail admins in asia and eastern europe who've never actually had a mail rejection from me so don't actually _need_ to be unblocked... or on the several dozen IP addresses i've had to block from port 53 on my DNS server because they keep bombarding me with lookups for my rbl zone despite being sent an error, and never an actual response... )




View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
BDFL - Memuneh
61805 posts

Uber Geek
+1 received by user: 12450

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 379028 12-Sep-2010 14:46
Send private message

Do like we do here on Geekzone. Resolve the IP address using an IP-geo table and simply block from some countries (our list is quite good these days). Email for details if you want.







639 posts

Ultimate Geek
+1 received by user: 79

Trusted

  Reply # 379031 12-Sep-2010 14:56
Send private message

Do blocked countrys get a graceful 'youre blocked' notice or do they simply not work?

Are you able to do it on a by-URL basis?

I'd love a .htaccess type thing that let me block particular URLs (say, the contact forms) ...




 
 
 
 


BDFL - Memuneh
61805 posts

Uber Geek
+1 received by user: 12450

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 379034 12-Sep-2010 15:01
Send private message

We simply redirect to default.asp when non-trusted users try to access some URLs (mainly the forum reply URLs and PM) from some countries. Otherwise they could just start using proxies (which some already do sometimes anyway).

The solution is based on a SQL table loaded with IP and country information. We then lookup the IP address in the table and find the corresponding ISO code. That's how we also find our flags.

It's part of our scripts, easily translated to other engines - PHP, etc.







639 posts

Ultimate Geek
+1 received by user: 79

Trusted

  Reply # 379037 12-Sep-2010 15:04
Send private message

Well I don't touch ASP to start with ;-)

You have inspired me, however.

http://www.maxmind.com/app/mod_geoip is something i'm going to look at .




BDFL - Memuneh
61805 posts

Uber Geek
+1 received by user: 12450

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 379044 12-Sep-2010 15:23
Send private message

BlakJak: Well I don't touch ASP to start with ;-)

You have inspired me, however.

http://www.maxmind.com/app/mod_geoip is something i'm going to look at .


I already said you can use it with any script engine. It's four or five lines, so not hard to translate. But if you want something on Apache, then that's a good solution.







1598 posts

Uber Geek
Inactive user


  Reply # 379110 12-Sep-2010 19:54
Send private message

I know in PHP you can just resolve the users ip to their reverse dns name.
Simply use:

$usersdns = gethostbyaddr($_SERVER['REMOTE_ADDR']);

Then get the last portion of their dns name, which should have their ccTLD in it, and block based on the ccTLD.
Though this does not always work, as some ISPs dont set a reverse dns entry, however, I have found it to work most of the time.

BDFL - Memuneh
61805 posts

Uber Geek
+1 received by user: 12450

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 379111 12-Sep-2010 19:56
Send private message

codyc1515: I know in PHP you can just resolve the users ip to their reverse dns name.
Simply use:

$usersdns = gethostbyaddr($_SERVER['REMOTE_ADDR']);

Then get the last portion of their dns name, which should have their ccTLD in it, and block based on the ccTLD.


You would be killing your server if you do this. Performing reverse DNS lookups in your script would add to much to the script runtime. Also the ccTLD wouldn't be reliable.

A local Geo IP database lookup is much more efficient, and you should really only do it in the pages where input is allowed - and sometimes only at validation time.

It's all about the speed on the Internet...







639 posts

Ultimate Geek
+1 received by user: 79

Trusted

  Reply # 379118 12-Sep-2010 20:23
Send private message

Not to mention that lack of PTR record is usually hand-in-hand with a doesnt-care-about-spammers approach to the interwebs.




267 posts

Ultimate Geek
+1 received by user: 95


  Reply # 379122 12-Sep-2010 20:46
Send private message

Not sure if it's an option as you don't manage the servers, but in my opinion mod_security is the most flexible way to deal with form spamming (if you use Apache, obviously). It can inspect the POST body, so it's far more effective than mod_rewrite tricks. mod_security can also use RBLs and GeoIP queries.

Mr Snotty
8084 posts

Uber Geek
+1 received by user: 4053

Moderator
Trusted
Lifetime subscriber

  Reply # 379157 12-Sep-2010 22:53
Send private message

What about using something like http://www.google.com/recaptcha to protect your web forms? It's easy to implement and also most of your real site visitors can read.




BDFL - Memuneh
61805 posts

Uber Geek
+1 received by user: 12450

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 379158 12-Sep-2010 23:09
Send private message

It only works against robots. Indian spam workers are cheap workforce and will go through captchas with no problems.

They also post close to relevant comments to go past automated filters or blog owners who are not paying attention.




Mr Snotty
8084 posts

Uber Geek
+1 received by user: 4053

Moderator
Trusted
Lifetime subscriber

  Reply # 379163 13-Sep-2010 00:09
Send private message

freitasm: It only works against robots. Indian spam workers are cheap workforce and will go through captchas with no problems.

They also post close to relevant comments to go past automated filters or blog owners who are not paying attention.


Ah right, Spam is getting smarter these days. 




267 posts

Ultimate Geek
+1 received by user: 95


  Reply # 379366 13-Sep-2010 17:11
Send private message

I think a captcha or hidden field may work. It is true that workforce to enter captchas can be hired, but I guess they use the resources to add fake ads in sites like craiglist or create email accounts that they can use to keep the spam circle, not spamming through site forms.

Spammers usually employ customised web browsers or robots, so using mod_rewrite to filter suspicious User Agents won't block 100% of the spam but it's so easy to implement that it may worth the effort. You can see a list of suspicious user agents at http://www.projecthoneypot.org/comment_spammer_useragents.php?dt=7 , but it's better to check your logs to identify the agents that are bugging you (my unsuccessful spammers tend to like Deepnet Explorer or Crazy Browser 1.0.5 :) )

If you are willing to add some coding to your forms you may use the akismet API (very popular in Wordpress blogs), so they can evaluate in real-time if a submission is legit or spam
http://akismet.com/development/



639 posts

Ultimate Geek
+1 received by user: 79

Trusted

  Reply # 379382 13-Sep-2010 17:45
Send private message

For the record, I have a captcha. It's a person, not a bot. The user agent was clean, too, a copy of the latest Firefox. Mauricio had it nailed in his response.




262 posts

Ultimate Geek
Inactive user


  Reply # 379384 13-Sep-2010 17:54
Send private message

michaelmurfy:
freitasm: It only works against robots. Indian spam workers are cheap workforce and will go through captchas with no problems.

They also post close to relevant comments to go past automated filters or blog owners who are not paying attention.


Ah right, Spam is getting smarter these days. 


Or dumber, depending on how you look at it. The fact that they can't rely on automated systems to do their work anymore... 

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Geekzone Live »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.