Banned IP address

[Piscator]

wasnt there something a while back about "stop forum spam" and someone who just added people to it who they did not like on their forums who wasnt even spamming.

yeah ill be avoiding that one.

Q&A imo is the best

[Kigen]

People could try to add people to the list that shouldn't be. But their API keys would be revoked and the fake listing removed. Also, you can use the threshold setting to solve that issue.

I've tried Q&A and it has its issues. If your forum is popular enough they'll have a human solve the Q&A once and program it into their bots.

No solution is ever going to be 100%. Because you are, at the end of the day, going against other humans. Once they learn their bot isn't posting, it means lost money. So they will figure out how to fix their bots to spam your forums (if its a large enough target, or they're bored).

[2600]

I use the sortables captcha extension located here: https://www.phpbb.com/customise/db/exte ... s_captcha/

Then I use a script which can be overwhelming to use and install by normal everyday non-techy people called ZBblock located in my signature below. This blocks many hosting providers, even whole countries when they load one of your php files.

I also use the reverse proxy Cloudflare and I have just began to add a crap load of ASNs (whole IP assignments) to my Cloudflare Firewall. Dedicated hosters like; Digital Ocean, Rackspace, QuadraNet, Colocrossing, Hurricane Electric, SoftLayer Amazon AWS, etc, etc, etc. At least 30 ASNs are now blocked and I add more after reading my server logs everyday. Amazon AWS has got to be the worst offender.

I should also note that ZBblock uses the stop forum spam database. You have to download the bannedips.csv at least once a month and add it to the ZBblock's vault folder in your FTP. ZBblock also by default can block Tor if set in the .ini file.

I have NEVER got a robot spam post in the year and about three months I have had my forum and Wordpress blog. Except human spammers. I have had about three of those and when I get that I use my stop forum spam account and report their IP, E-mail and username. Easy peasy lemon squeezy. LOL

I run layers of security. Both on my websites, and my computers at home. I refuse to be a victim. If you don't want to be one read and learn.

BTW- If you do use Cloudflare I would not use the MX record at all. Which means you shouldn't use your host's E-mail system. I use gmail now for my Wordpress blog and forum E-mail. The reason being is that the MX record can be queried and thus your real IP address can be found. If you use a reverse proxy like Cloudflare then it becomes meaningless. I so happened to have had my host give me a dedicated IP address and now when you use one of those Cloudflare resolvers only my old IP address shows up. I have yet to find a tool or method showing my real IP address.

Tip- If you use a reverse proxy like Cloudflare I would add this bit of code in your htaccess file to prevent direct connections to your website with your IP address. Nobody needs to directly connect to your site and if they do it is more than likely a bot.

Code: Select all

RewriteCond %{HTTP_HOST} 10.0.0.1  <----Your IP
RewriteRule .* - [F]

Here's a few more that could benefit you.

Code: Select all

RewriteCond %{HTTP_USER_AGENT} ^.{0,13}$
RewriteRule .* - [F]

This will prevent user agents that are blank or less than 13 characters in size. A lot of bots use no UA at all.

Code: Select all

RewriteCond %{REQUEST_METHOD} !(GET|POST) [NC]
RewriteRule .* - [F,L]

This will only allow Get and Post to your website. There really isn't a need for Head or anything else. Cloudflare will use Head to connect to your site, but it's not needed. In fact, I don't even know why they make a few connections to my site at all.

If you want to use gmail in your forum. In your E-mail settings in the ACP.

SMTP server address: tls://smtp.gmail.com

Port: 465

Authentication: Plain.

Keep in m ind that with the free SMTP usage of gmail you are limited to a set amount of E-mails. I have heard anywhere from 150-500. I have no idea what it is. You may want to upgrade to a paid plan for more E-mails or just use another E-mail service. Remember. Using your host's E-mail and the MX record in Cloudflare will expose your real IP address.


Anyway... That's some of the stuff I have learned thus far. One more thing. If you have Mod_security in your host, do use it! This site didn't and they got hacked. I read the hackers blog. At least that's what I read.

Edit- Just want to spread some love hear for an addon I have used for about seven years that just saved me from having to retype this whole post again. If you use Firefox or Chrome check out Lazarus! I use PaleMoon myself and it works in here. Use the Firefox addon if you use Pale Moon. I tried to make a donation, but the link isn't working. Anyway. I'm sure this addon would be beneficial to someone that post's like I do and then loses the whole thing! LOL!

https://addons.mozilla.org/en-US/firefo ... -recovery/

https://chrome.google.com/webstore/deta ... fgno?hl=en

[BB1955]

Wow, a lot to read about, but I will get through all of it.

I've started with the "Stop Forum Spam" and the question that is on the software already.

I cleared my banned IP address (hundreds of them). it was also slowing the forums a bit.I was also getting "I've been banned" emails so I guess I went too far with that. (now it is all clear)

So I am cleaned out of banned IP's and running these Ext's. Hope it works!!

Thanks to every one for all the information!

BB

[2600]

If I was to ban IP addresses I would use htaccess instead. In fact, right now I use htaccess to ban the whole of Iran. Even though I ban Iran in ZBblock, I had an someone from Iran sneak by using Google translate. Still not exactly sure how he got through.

For me it's either a political thing or a security thing. 9 times out of 10 it's security related. Like China for example. I block China, and yet not one, NOT ONE request from China has been legitimate. All were trying to access the database, Admin, scripts, etc. So I block China in ZBblock, and now I have a whole list of all of China's ASNs and when I see a new user from one of their ASNs it gets blocked in cloudflare. There's no way I can upload all of the ASNs to block in Cloudflare because there's a massive 345 of them! So I just add an ASN one at a time as they hit my site and get blocked with ZBblock. I'm trying to make it all stop at the reverse proxy so that eventfully I don't have to have these country block lists and hosting block lists to lessen the load on the site loading time. It loads fast, but I just want to reduce overhead and let CloudFlare do all the blocking. Besides, no one can connect directly to me with my IP address as they will get a 403. So they have to go through Cloudflare.

Tip # 302 Never fill your htaccess file with several IP addresses from countries. That will just slow your website down and you should see an error in your error log of cPanel about a slow down.

Edit- I should mention that Cloudflare has the option to block countries, well present a challenge really, not a block. Wish it was a block. The challenges are always bypassed. There are two; a javascript challenge and a captcha challenge. I have tried the captcha challenge, but bots easily defeat it as it's just the older Google Recaptcha and I have told Cloudflare to change that to the new Google captcha, but that hasn't changed. The Javascript challenge is a joke too and I have been exchanging E-mails with support about it because I tested it with my site and turned off Javascript in my browser. Cloudflare stops me for not having JS on, but in 5 seconds I STILL get delivered to my site! What kind of block is that! I just told them that if they want a failover than they need to at least make it 15 seconds before your site loads so that hopefully the bot gives up by then from knocking on your front door. Well, what do you want for free? My website's are not that popular enough to merit buying something like the Securi reverse proxy. And as it is I only pay $10/month for hosting. Eventfully I want to get on a VPS. Which I'm trying to learn with Ubuntu Server LTS in VMware, but I keep getting a kernel panic and I haven't looked into it yet on the Internet. Really big PITA as I just want to learn Ubuntu Server, deploy it and become familiar with it so I'm comfortable using a VPS for my site.

[stevemaury]

Said it before; will say it again. A good SINGLE Q&A will stop all spam. It may have to be changed from time to time. Anything relying on identifying and banning spammer IPs is a waste of time.

[2600]

Not a waist of time using ZBblock and the sortables captcha extension... I have never been bot spammed.If a human spammer hits me it wouldn't matter anyway. All first posts are held in moderation que for approval. Never sees the light of day.

[BB1955]

phpBB 3.1 Stop Forum Spam

https://www.phpbb.com/customise/db/exte ... orum_spam/

https://www.stopforumspam.com/faq

This Works Great! Stopping them dead in their tracks before they register!!!!

I highly recommend this EXT!!

[Lumpy Burgertushie]

the point is that using those other types of things are very time consuming whereas the Q&A only takes a second or two to setup and maybe a few seconds every few months or years to edit the question if it gets broken. and that is a big IF.

worrying about IPs is a waste of time because the spammers continually change their IP addresses.
trying to stay on top of all those changes takes a lot of time that most people don't want to waste .



robert