355 Spam posts in one evening (1 Viewing)

MapleDots

MapleDots.ca
Community Guide
Joined
Nov 4, 2020
Topics
1,280
Posts
5,819
Likes
5,262
Market
Country flag
WordPress-Spam-Posts.jpg



Was horrified to see 355 spam posts caught in various stages of our spam filters.

All but three of them originated from India based ip addresses.

It's high time that India does something about this because it's out of control.

The only real answer I have for this is to ban IP's from India registering but that would affect legitimate users as well.

All part of running a public website I guess :eek:
 
The new members signing up and not responding to the welcome posts. Are they spammers or just staying quiet?
 
Again, the spam hitting the contact form and registration form totaled in the hundreds last night and the night before. In both cases only one registration per night got through our security protocols.

That said, when I look at the logs there are thousands of hits from two country's that clog up all my stats and resources. I am currently at the end of my monthly uses and have to upgrade server resources at significant monthly expense.

I am first going to ip ban all activity from Russia to eliminate thousands of spam attempts.

Unfortunately this may impact about 5 active members from India and I will attempt to white list their IP's.

In the long run I will probably be adding additional countries to the ban list, but I don't see that being too problematic given we are highly specialized in .ca. I know we list other extensions too but that is mostly for the convenience of our members and not necessarily meant to attract users from other countries.

Looking at it from a usability side I think keeping our group small and tight, highly focused on .ca will make/keep the forum more conducive to it's users.
 
Last edited:
What I do is record failed recaptcha submissions into one logfile, and passed recaptcha submissions into another log file. That's done on the php/form side. Then I run a script to count up how many failures by IP, and from which countries. The script will blacklist IP addresses that pass whatever thresholds I set, using iptables. That'll make sure the server resources are not used as it just completely ignores those incoming connections. It's not unusual to find a single IP making thousands of attempts.

I have another version too for tracking IPs that are trying to log into my server - failed attempt gets your IP banned. But the ban is timestamped and released after a pre-defined time period.

There is probably software out there to do that too, but I first started doing it like 20 years ago, so I just stuck with rolling my own.
 
  • Like
Reactions: FM
Yeah, I get you

I just puchased three pieces of software

One checks to see if you are a bot trying to sign up and it sends you in loops. It is 100% effective against bots for fake registrations.

The other one prevents you from logging in should your ip be logged on a list of nefarious ip addresses. Please note that now includes a lot of proxy services so if you are using a VPN you may not be able to login. That list gets updated daily and I can safelist a proxy.

The other place I get hundreds of spam is the yellow contact us link at the bottom of the page. It is required in case someone cannot login and reCaptcha has zero effect, the bots get right through. Again I now have custom software that sends the bots into loops.
 
Again I now have custom software that sends the bots into loops.
If you have the option, just drop their IP at the firewall level so there are no resources sucked up on your end. Even blocked spammers may continue to try for months otherwise. It also wouldn't surprise me if the people that write software add-ons for spammers aren't the ones also doing the spamming... Cheap customer acquisition that way.
 
The problem with blocking ip's is you have to do it in batches because it's a never ending process. I get hundreds of hits from different Russian IP addresses daily and they are trying user /password combinations that have been compromised. It is done by a bot and I can ban ip addresses until the cows come home and never be on top of it.

I ended up banning all of Russia but I have just as big of a problem with India except I cant country ban it because there is a large domaining community in India.

So the way it's handle is the system recognizes its a bot and adds extra registration fields. When the bot then submits the system sees those fields filled out and knows it's a bot thus rejecting the registration. Real users who type slowly get recognized and those fields do not display allowing the registration to go through.

Same goes with the contact form and with login now. It's some pretty complex software changes to take care of that.

The only thing is real people, they can still be spammers but they can only register twice before the system flags them as a duplicate and we can shut them down.

I swear I've spent the last two days clearing out bogus accounts and spam posts, I had to do something and it's going to get interesting as I watch the logs tonight.




Here you can see the software at work (I only posted one ip address for the example)

Screenshot (18).png





That is just the contact form in the last 60 minutes, it does not get active until night time and then also the registration and login forms.
 
With a perl script, you can continuously follow a log file, so this script runs 24/7/365, and thus can keep running totals over any given time span of attempts by particular IPs, dropping them at the firewall level, then reopening them after a specified "timeout" period. If you're good with perl, its something you can startup at boot and never think about it again. And quite often you'll see the same spammers using multiple domains on the same c block so you can just "timeout" the whole c-block. But I usually only do that for the problem countries, i.e. china, russia, estonia, belarus, ukraine, etc... See the pattern of where all the cockroaches like to hide? In any case, if you like perl, its great. And more than anything, I like to know that it stops those cockroaches from using your system resources.
 
See the pattern of where all the ****roaches like to hide? In any case, if you like perl, its great. And more than anything, I like to know that it stops those ****roaches from using your system resources.

Jeez, since when did cockroaches become a bad word? lol
 

Support our sponsors who contribute to keep dn.ca free for everyone.

New Discussion Posts

CatchDrop.ca

New Market Posts

Google Ad

Popular This Week

CIRA.ca

Popular This Month

Google Ad

Back