Further anti spam measures

Blacklord · September 07, 2010, 06:53 PM

Although the anti spam mod is trapping most spam registrations, I've taken things a step further and blocked access to certain countries by their IP ranges.

These are China, Hong Kong, India, Indonesia, Japan, Korea, Malaysia, Philipines, Singapore, Taiwan, Thailand, Vietnam, Russia, Turkey and some German IP's that are known bot hosters.

Hydrophilic · September 08, 2010, 02:04 AM

That's really sad that the spammers would cause you to go to such extremes. You've blocked about half the world, in terms of geography and population, not neccessarily number of computers, and especially not in terms of Commodore users.

I'm suprised you included Japan. As the only NTSC country in the region, they sometimes import electronics from the US, although it is usually the other way around. I know a few people in the military that are or have been stationed in Japan, a few who are Commodore fans. Although I don't think any are forum members.

Also it seems you have at least one active (as of 2010) member from Russia. That's just based on their language from their home page; they could be from a nearby country like Lithuania.

And of course we have lots of activity from Germany, but you did say you only blocked a range of addresses from there.

I'm sure you thought about this first, I'm just a bit suprised and disappointed that it has come to this. I do have a question: are you blocking all access or just new accounts?

Blacklord · September 08, 2010, 06:42 AM

Hi mate,

Actually not all of Japan is blocked - just some known bot farmer hosts.

Individual IPs (or ranges can be unblocked if needed).

This is an entire block - bought about after I spotted 83 users online yesterday afternoon (4 real users, 2 search engines and the rest "guests" - followed by 22 new registrations (all caught by the spam mod, but still needing me to delete them).

cheers,

Lance

wte · September 08, 2010, 08:22 AM

Some minutes ago I got a http failure message like "http://www.commodore128.org/" does not exists.
I have had more luck after a restart of the browser now. Are you sure you only block known spam bots from Germany?

Regards WTE

Blacklord · September 08, 2010, 09:49 AM

Quote from: wte on September 08, 2010, 08:22 AM
Some minutes ago I got a http failure message like "http://www.commodore128.org/" does not exists.
I have had more luck after a restart of the browser now. Are you sure you only block known spam bots from Germany?

Regards WTE

If you're IP was blocked you wouldn't have been able to get on at all! - temp glitch I'd say.

Your IP is 87.166.xxx.xxx - not in the affected range.

The blocked range is :

# German (DE) ISPs used by hackers, bot farmers and spammers including 1&1internet DE, Deutsche Telekom AG, NetDirekt and Schlund & Partners
deny from 77.176.0.0/12 78.46.0.0/15 78.159.96.0/19 79.192.0.0/10 80.128.0.0/11 83.138.64.0/21 85.214.0.0/16 87.106.0.0/16 87.118.64.0/18 89.149.192.0/18 89.200.168.0/21 91.0.0.0/10 91.213.217.0/24 93.186.192.0/20 93.192.0.0/10 212.95.32.0/19 217.72.192.0/20

abraXxl · October 13, 2010, 08:05 AM

Hi,

as a german reader of this board I am also affected by this _huge_ (T-Kom 93.192.0.0/10) IP range, luckily there are other ways for me to access this BBS.

The blocked ip range contains the major 4 ISPs in Germany with more than 15 million customers. Under that mass of common internet usersm, you may find many bots. I guess many more bots than retro/commodore interessted users - when this holds for other ISPs you can block everything except than 127.0.0.1 ;)

I don't know where the problems exists here with spammers. It migth be more helpful to extend the anti-spam features of the board other than going to the case when only a /32 network can access the board.

I needed about three weeks to firgure out what was the case. I thougt you were having technical difficulties. I would like to see this fixed, I don't like surfing from work for my private use.

regards from Germany

Blacklord · October 13, 2010, 10:43 PM

G'day,

Quote from: abraXxl on October 13, 2010, 08:05 AM

I don't know where the problems exists here with spammers.

From that particular number range there have been 4122 Spammers blocked up until the day I blocked the entire range.

Now you could say blocking them is enough, however at one stage (February 8th) there were 112 "users" online at one time and all bar 3 of them were bots attempting to register. That amount of "users" creates a drag on things and slows things down for the real users.

I apologise if it blocks some legitimate users but I need to think about the majority - and also I need to ensure that I don't get a complaint from my host about the hammering they take when these infected bot nets attempt mass registration.

Right now there's an enormous number of these hitting most forums and unfortunately it takes drastic action to keep them out.

Even with measures in place we still get around 10 regs. a day that are held as suspect and require approval (99.9999% of the time they are deleted) and one or two a day new ones that aren't listed in Stop Forum Spam (http://www.stopforumspam.com/) and manage to make it through. These get reported and deleted.

cheers,

Lance

wte · October 22, 2010, 08:12 AM

I do not think that blocking more than the half of all German users (1&1internet DE, Deutsche Telekom AG, NetDirekt and Schlund & Partners) is a really good idea.

Isn't there any captcha function with the registration form?

Regards WTE

Blacklord · October 22, 2010, 05:23 PM

Quote from: wte on October 22, 2010, 08:12 AM
I do not think that blocking more than the half of all German users (1&1internet DE, Deutsche Telekom AG, NetDirekt and Schlund & Partners) is a really good idea.

Isn't there any captcha function with the registration form?

Regards WTE

CAPTCHA is incredibly easy to defeat - and if you bump it to its maximum setting (which will defeat most bots), it makes it nearly impossible for real people.

However, considering that over 4,000 spammers have been blocked from that range, that would have ended up registering or posting (most are spam signatures) I consider it a worthwhile tradeoff.

Don't know what it's like in Germany, but in Australia if your machine is part of a botnet it will be cut off by your ISP until you fix it.

That being said, I'm quite happy to open individual IP's in any of the banned range for real people.

Indeed Shclund and partners is one of the top five world-wide hosters of scam/phishing/phony sites - their range will NOT be unblocked under any circumstances.

Under our law, I am responsible (legally) for any content posted here as a "common carrier" - now I can happily unblock everything, let the link spammers in and say to hell with the consequences or I can protect the site, my members and myself as much as possible.

I opt for the latter!

cheers,

Lance

BigDumbDinosaur · October 23, 2010, 02:44 PM

Quote from: Blacklord on October 22, 2010, 05:23 PMUnder our law, I am responsible (legally) for any content posted here as a "common carrier" - now I can happily unblock everything, let the link spammers in and say to hell with the consequences or I can protect the site, my members and myself as much as possible.

I opt for the latter!

cheers,

Lance

Wise choice!

wte · November 22, 2010, 10:54 AM

I'm really pissed off!

I've tried it with three dynamic IPs of my provider (telekom, the biggest one in Germany):
79.233.123.20
79.233.124.222
79.233.123.133

All have been blocked by your " anti spam measures". You understand the concept of dynamic IPs?

Today, I'm here via a very slow anonym proxy but I will never return unless you solve this "lock out whole Germany problem".

Regards WTE

Blacklord · November 22, 2010, 12:04 PM

Quote from: wte on November 22, 2010, 10:54 AM
I'm really pissed off!

I've tried it with three dynamic IPs of my provider (telekom, the biggest one in Germany):
79.233.123.20
79.233.124.222
79.233.123.133

All have been blocked by your " anti spam measures". You understand the concept of dynamic IPs?

Today, I'm here via a very slow anonym proxy but I will never return unless you solve this "lock out whole Germany problem".

Regards WTE

Well aware of your concerns and yes, I do understand the concept of dynamic IP's despite your sarcasm - and it's not the "whole of Germany" merely those three ISPs that are known to harbour BOT farms.

And I reiterate the why - to date 22484 known spammers/bots have been locked out. As well as a host of others.

Shall I open the floodgates ? Sorry, no. Ask your ISP to clamp down on the farmers and tighten up their acts. Dunno what they do in Germany, but over here in Oz if you're part of a BOT network the ISPs lock you off the interwebs until you fix your problem.

Lance

abraXxl · November 22, 2010, 06:49 PM

Well that means in 79.192.0.0/10 exists 2^22-2 possible addresses as in possible users. That means by taking the 22484 as the current ratio of bots vs clean PCs, that you lock out ~4 milion users because of 0.5% of bots in this net.

The german telekom also locks accounts down, if they are used as bots. Do know how fast normal ISPs (geman, international and so american) detect an lock out known bot PCs? The bots can run usually 1-2 days until the ISP do some sort of intervention. I would suggest again that you would use more advanced technics to lock out spammers. Some very neat technics are logging exhaust abuse, charackterized by some the following criteria: clients with no referer, freuqent accesses by on IP to submit/post pages, using some dns blacklists ...
Write that in to a database and generate .htaccess or packet filter rules to lock out theses clients for some time (eg 24h).

Actually I believe that only a small percentage of the mentioned 22484 clients are still bots. Okay there might be new in this range, but this you an me can't prove because you locked them _all_ out.

:wq

Blacklord · November 22, 2010, 08:33 PM

Currently on Stop Forum Spam Germany ranks as #5 in the list.

'nuf said.

Blacklord · November 22, 2010, 08:36 PM

Currently on Stop Forum Spam Germany ranks as #5 in the list.

'nuf said.

As I've stated before - I can unblock ranges if I'm asked (even easier if you are on a static IP as most are these days).

I've also made it quite clear in this thread why I'm not budging from this stance. And part of that is that this site is hosted here in Australia and I (not the contributors) am solely responsible under our laws for content on the site.

If I go through the member list there are six members from Germany, three are inactive for well over 9 months.

I doubt very, very much that this little site is of interest to approximately 4 million Germans.

Lance

bacon · November 24, 2010, 09:30 PM

Quote from: Blacklord on November 22, 2010, 08:36 PM
I've also made it quite clear in this thread why I'm not budging from this stance. And part of that is that this site is hosted here in Australia and I (not the contributors) am solely responsible under our laws for content on the site.

I don't really have an opinion as to how you run your site, but I must say that's a shitty law; in my view it's like having restaurant owner responsible for what the customers are saying. I would suggest that you and your fellow Australians lobby your politicians to change the law so that it doesn't stifle free expression, as this law has a very real potential to do. (I'm not trying to piss on Australia here. Sweden has or is about to get some truly awful laws concerning internet and telecom traffic too).

Michau · December 17, 2010, 07:01 PM

It looks like your anti-spam system is blocking me most of the time to access the forum. Since I have a dynamic IP, this problem occurs irregurarly. So apparently you blocked a large part of Poland too...

Hydrophilic · December 18, 2010, 01:25 PM

Quote from: Blacklord
CAPTCHA is incredibly easy to defeat - and if you bump it to its maximum setting (which will defeat most bots), it makes it nearly impossible for real people.

I've been thinking about this for a while. Would a Commodore-specific questionare possibly help? I mean most BOTs wouldn't know how many USB ports are on a C128. So if we asked questions like...

How many USB ports are on a C64/128?
- 0
- 1
- 2
- 4

What is the maximum resoultion of a C64 (C128 40-column)?
- 320x200
- 640x480
- 800x600
- 1024x768

How many buttons are on a VIC / C64 / C128 joystick?
- 1
- 2
- 4
- 8

How many colors are available on a VIC / C64 / C128?
- 16
- 256
- 65536
- 4294967296

And so on...

I think most Commodore users could answer such questions most of the time (90%+), but most BOTs would get the right answer only by chance (25%). If my guess of is correct, then answering 2 questions would permit only 6.25% of the bots and allow 81% of real users.

Just an idea...

wte · December 25, 2010, 11:13 PM

Hello again!

It looks like a christmas miracle, but I'm back with my formerly blocked dynamic "79.233...."-IP.

Thank's Santa Claus!

Regards WTE

orinoco · December 28, 2010, 04:15 AM

Accessing this site via 1&1 seems to be possible. But sometimes I have problems with my main isp Netcologne (a local carrier in cologne- and aachen-area in germany).

Just a note: 1&1 and Schlund und Partner belong to united internet. 1&1 uses the infrastructure of TelefÃ³nicaDeutschland GmbH.