/* Bot Spam and IP Bans */

Discuss general Uzebox topics here: features, wish list. nice to have, etc.
Post Reply
User avatar
D3thAdd3r
Posts: 3221
Joined: Wed Apr 29, 2009 10:00 am
Location: Minneapolis, United States

/* Bot Spam and IP Bans */

Post by D3thAdd3r »

As many will have noticed the bot spam has been intense lately. This is not due to lack of effort, as there are many frequent spot checks during the day to try and keep this under control. Obviously this is not working. When Alec returns(like all of us, he has a right to a personal life and sometimes vacations/breaks line up with other events) he might decide to add more requirements to the registration process to stop this.

There is a new bot registering every 15 minutes and they don't have to work or sleep. As a regrettably drastic measure, there are now IP bans in place covering blocks of IPs which appear to be coming from Ukraine. I do see it is possible to slip past the ban even with an IP in the ban list, so this solution may not actually stop it, or they may just spoof or tunnel from another place;hopefully not. Any users affected by the ban, and all users(if this doesn't work), please understand these things will get fixed.
User avatar
Jubatian
Posts: 1561
Joined: Thu Oct 01, 2015 9:44 pm
Location: Hungary
Contact:

Re: Bot Spam and IP Bans

Post by Jubatian »

On my site I solved this by simply disallowing posting links. Of course that's not such a complex thing like a forum (no user registration and likes), but it serves the purpose well there: I rarely get spam. Sometimes I do, I believe from bots whose logic is so they are trying to post some discussion looking comments without links in it, so about once or twice in a month I have to do some clean-up. Of course on a forum residue can pile up faster in the form of spam accounts (my site receives lots of bot traffic, until I could fine-tune the link filter, some occasionally slipped past and did some spam flood), but that alone is relatively harmless.

If possible maybe try to set up the forum so posting links are completely disallowed for newly registered members, enabled later manually (of course if such a measure is set in place, it should be apparent for newly registering people somewhere they can see). Maybe impossible, it has been a while since I last meddled with the admin panel of any forum.
User avatar
D3thAdd3r
Posts: 3221
Joined: Wed Apr 29, 2009 10:00 am
Location: Minneapolis, United States

Re: Bot Spam and IP Bans

Post by D3thAdd3r »

Alas I can't do anything besides move, edit, delete posts, and various bans. That would seem enough to handle any pop ups of spam, but somehow they are slipping through the IP bans entirely and clearly the Captcha is no defense. I mean I have tracked and researched this, and the vast majority comes from a known spam network, banned their entire range, their hostname, wild cards for their subdomains, any registration email from there or a subdomain......they keep coming and it seems there is nothing I can do but delete as it comes. Eh, hold on gentlemen!! :roll:
User avatar
Artcfox
Posts: 1382
Joined: Thu Jun 04, 2015 5:35 pm
Contact:

Re: Bot Spam and IP Bans

Post by Artcfox »

Can we get Uze to make it so registrations have to be manually approved by one of us?
User avatar
D3thAdd3r
Posts: 3221
Joined: Wed Apr 29, 2009 10:00 am
Location: Minneapolis, United States

Re: Bot Spam and IP Bans

Post by D3thAdd3r »

Probably something like that. One could know these recent bots just by the nonsensical name.
User avatar
D3thAdd3r
Posts: 3221
Joined: Wed Apr 29, 2009 10:00 am
Location: Minneapolis, United States

Re: Bot Spam and IP Bans

Post by D3thAdd3r »

Did some experiments and I am sure that bans do not work, so I have stopped adding to the list. I eliminated the whole list and put just 1 IP in, it can get right in. Username is the same thing, so there is something broken with the PHP, or something, on the host;nothing I can do. I will keep deleting spam as it comes until a fix is in place. There is 900-1100 spam posts per week for the last several, so if you see some it will be gone shortly. There has been far more deleted spam in the last 3 weeks, than the entire nearly 10 year history of the project prior...so it is basically an, on and off, all day long chore at this point. What I am trying to say, is that the ship has not sunk yet, though all I have is a tiny little bucket against an infinite ocean :roll:
User avatar
Jubatian
Posts: 1561
Joined: Thu Oct 01, 2015 9:44 pm
Location: Hungary
Contact:

Re: Bot Spam and IP Bans

Post by Jubatian »

This forum was probably quite lucky. For me as soon as I allowed comments, it was like trying launching a sieve on the ocean. I just don't know where they come from and why onto my site with near zero publicity. On my main site the link / url filter works wonders (no captcha, whatsoever is necessary, without links, there is no much point for spamming :) ), however back then when I tried, I couldn't set up any forum software to work in such a manner that registrations didn't need my personal approval since no matter what I did, it just sank in an unmanageable flood of spam within a day.
macca
Posts: 5
Joined: Thu Jan 12, 2017 2:21 pm

Re: Bot Spam and IP Bans

Post by macca »

D3thAdd3r wrote:Did some experiments and I am sure that bans do not work, so I have stopped adding to the list. I eliminated the whole list and put just 1 IP in, it can get right in. Username is the same thing, so there is something broken with the PHP, or something, on the host;nothing I can do.
How to you block the IPs ? .htaccess works at the server level, so the blocked sites never reach the PHP scripts, if you have access to it just add something like this:

Code: Select all

Order allow,deny
Allow from all

Deny from <ip>/mask
To block an entire class-C networt: Deny from 1.2.3.0/24
D3thAdd3r wrote:I will keep deleting spam as it comes until a fix is in place. There is 900-1100 spam posts per week for the last several, so if you see some it will be gone shortly. There has been far more deleted spam in the last 3 weeks, than the entire nearly 10 year history of the project prior...so it is basically an, on and off, all day long chore at this point. What I am trying to say, is that the ship has not sunk yet, though all I have is a tiny little bucket against an infinite ocean :roll:
I sggest to disable new users registrations until some kind of fix is found.
User avatar
D3thAdd3r
Posts: 3221
Joined: Wed Apr 29, 2009 10:00 am
Location: Minneapolis, United States

Re: Bot Spam and IP Bans

Post by D3thAdd3r »

Good info, Alec will be able to fix this when he returns but sadly I do not have access to anything on the server at all. I only have access to the built in ban list for phpBB. So they have already got here by then, and something is not working correctly with the board itself to use the banlist. I really wish I could put restrictions/approval on registration as it wouldn't be this constant fight. Only an administrator can do that I think, but definitely not in the moderator menus I have access to for phpBB.
User avatar
nicksen782
Posts: 714
Joined: Wed Feb 01, 2012 8:23 pm
Location: Detroit, United States
Contact:

Re: Bot Spam and IP Bans

Post by nicksen782 »

Can specific whole forum sections be closed? Off-topic is where the spam jerks are posting their junk.
Post Reply