Author |
Message |
Tonelock
Joined: 04 Jan 2007 Posts: 2
|
Posted: Thu Jan 04, 2007 2:47 am Post subject: Whatever works is good for me |
|
|
First off, Bogus Apps and Posts on a board are not SPAM, but then ADSL routers aren't Modems either, so the term Spam is what I will use
I went through a number of MODS and ideas about methods to restrict Spam apps. I figured a CAPTCHA was sweet, saw that fail , and I also got carried away with "required" fields, and that failed also.
I think the VIP deal is great for about the few minutes a bot needs to look for VIP in a board. It really needs an admin interface that can easily change VIP to SUPER SECRET QUESTION or something. Caveat.. I have not installed the VIP mod so I am not going to get into a pissing match here. If you like it then I am happy for you.
Oleg's, textual confirmation has a simple install, and an admin interface (that needs some work) but allows for easily changing the confirmation syntax easily. So when a bot figures out an answer to my form that works, and my spam apps rise, it is easy to change the question, without the need to change a VIP announcement for example.
I have to admit that Oleg's request for money in order to disable some of the features of "Textual Confirmation" kind of bothered me. But Jonahan is also asking for Donations also
And at the end of the day, who cares as damnian says it is GPL....
I am no Guru, but even I can figure out that disabling, or rewriting Oleg's feature set ain't Rocket science.
After I thought about it a while, I realized that I really do want an e-mail sent to me, but was not convinced I wanted it sent to phpantispam.org
but I like the idea of setting up a dbase of board hackers, I mean they get one for $400.00 bucks. I figure a banlist for $30.00 or so is pretty cheap.
So I am keeping the code as is for now, and have added some code of my own outside the box so to speak.
I made a VBS script that reads the Outlook Inbox that I am dumping the failure notifications into. And yes I am a Microsofty, and use Outlook.
The script pulls the info and dumps it to a CSV file for use in Excel or
Openoffice. I am already seeing that many of my spam apps are from the
same HTTP_X_FORWARDED_FOR source.
I intend to add to the script so that it will dump directly into a mySQL
database, and then mark the failures as read and move them to an archive folder. I really don't want to actually read any of these failed apps. but getting the first bunch was pretty neat.
It would be cool to have a central location to be able to look at so we can see if and who are the "bad guys" hence Oleg's"send it to me" part of the MOD
I am not a great believer in IP banning but if we saw enough hits on the same IP are registered well ....
We could then post the "Number one to five bad guys IP" for public consumption so other board admins could ban those IP's if they chose.
the following is a partial CSV from one of my boards(seems the comma's got stripped) anyone recognize an IP?
Quote: | User Remote Forwarder Encoding timestamp
Datepleelen8 200.65.127.163 72.232.250.154 iso-8859-1 12/28/2006 23:33
Datepleelen8 200.65.127.163 72.232.250.154 iso-8859-1 12/28/2006 23:33
Datepleelen8 200.65.127.163 72.232.250.154 iso-8859-1 12/28/2006 23:33
csandrawz 165.228.129.11 85.255.117.66 iso-8859-1 12/29/2006 1:03
ysmithky 165.228.129.11 85.255.117.66 iso-8859-1 12/29/2006 22:01
jsophienp 165.228.131.11 85.255.117.66 iso-8859-1 1/2/2007 10:02
hmargaretfv 165.228.131.11 85.255.117.66 iso-8859-1 1/3/2007 6:10
tdensonae 165.228.131.12 85.255.117.66 iso-8859-1 12/29/2006 1:13
zshumanfk 165.228.131.12 85.255.117.66 iso-8859-1 12/29/2006 1:14
rlowryke 165.228.131.12 85.255.117.66 iso-8859-1 12/30/2006 15:02
ecolinat 165.228.131.12 85.255.117.66 iso-8859-1 1/1/2007 11:04
|
if anyone is interested I can post up what i have fer code, it is a VBS script as I intended it to be a scheduled task, and I am only pulling some of the info from the e-mails, but the other pairs are in the script just commented out. |
|
|
damnian
Joined: 30 Dec 2006 Posts: 5
|
Posted: Thu Jan 04, 2007 6:51 pm Post subject: |
|
|
Great idea. How about blacklisting those HTTP_X_FORWARDED_FOR IPs? _________________ phpBB Blog |
|
|
Tonelock
Joined: 04 Jan 2007 Posts: 2
|
Posted: Fri Jan 05, 2007 1:50 am Post subject: |
|
|
Quote: | Great idea. How about blacklisting those HTTP_X_FORWARDED_FOR IPs? |
Not sure which of my ideas you mean Damnian, but i am guessing it is about the whole "Blacklist" thing..
One thing I did in my apps is add the applicants IP address to the e-mails I receive, so I have a pretty good collection of bad IP's but as most of them are likely proxies and as such they are of little value.
With Oleg's Mod giving us the HTTP_X_FORWARDED_FOR IP's we have something of greater value.
BUT, and please correct me if I am wrong.
I think phpbb's ban Ip function only looks at the (likely proxied) applicant IP and NOT the HTTP_X_FORWARDED_FOR IP.
So in order for a so called Blacklist to be useful we would need a phpbb MOD that would also allow a ban on the incoming HTTP_X_FORWARDED_FOR values as well as the Applicant Ip values.
That still does not take away the value of sending the info to a central location (as Oleg's confirmation mod is doing at the moment) in the hope that we will soon have a greater list of "bad" ip's, that we might be able to do something with.
So for now ,I'll just keep sending back the failed info to add to the current collective. in the hopes that we will be able to find that info usefull at some point.
Does that make sense ? |
|
|
admin Site Admin
Joined: 18 Apr 2006 Posts: 805 Location: Saint-Petersburg, Russia
|
Posted: Fri Jan 05, 2007 5:44 am Post subject: |
|
|
Quote: | And at the end of the day, who cares as damnian says it is GPL....
I am no Guru, but even I can figure out that disabling, or rewriting Oleg's feature set ain't Rocket science. |
Yes and no. I know I should be modest, but can't. I'm quite a good programmer with sympathy for users (a bit rare feature). Code contains minor tweaks, which can't be noticed as such, but gives a lot to the overall usability. An usual rewriting by a usual coder can't be so good.
Quote: | Great idea. How about blacklisting those HTTP_X_FORWARDED_FOR IPs? |
Quote: | I think phpbb's ban Ip function only looks at the (likely proxied) applicant IP and NOT the HTTP_X_FORWARDED_FOR IP. |
As far as I remember, phpBB ban by IP means ban by HTTP_X_FORWARDED_FOR. It is because phpBB gets the client's IP by looking into the proxy variable. At least, it was my first impression some time ago. Checking it is in my TODO list.
Quote: | I have a pretty good collection of bad IP's but as most of them are likely proxies and as such they are of little value. |
I have a great business idea. Let's sell the list of proxies to spammers
Quote: | So for now ,I'll just keep sending back the failed info to add to the current collective. in the hopes that we will be able to find that info usefull at some point.
Does that make sense ? |
Yes, it seems I'm going to analyze logs in the nearest future. My pet forum is so popular among spammers, that they crash down the site. I need IP blocking as soon as possible.
But having own local script is also useful. |
|
|
Ok.