Page 1 of 2

Banned IP address

Posted: Wed Mar 02, 2016 3:56 pm
by BB1955
Anyone know where the "banned IP Address'" are stored?

I'd like to be able to edit that list directly if possible??

BB

Re: Banned IP address

Posted: Wed Mar 02, 2016 4:03 pm
by david63
Try the banlist table of the database

I would add that it is pointless trying to ban IP addresses in the first place.

Re: Banned IP address

Posted: Wed Mar 02, 2016 4:07 pm
by BB1955
david63 wrote:Try the banlist table of the database

I would add that it is pointless trying to ban IP addresses in the first place.
why is that. I've had 4 attacks (mostly out of China) on the forums over the years. I banned the IP ranges and it stopped immediately.


They were always in a "range" of IP address'. Sometimes several ranges. I may be loosing some members in China, but my forums don't appeal to China much anyway.

Re: Banned IP address

Posted: Wed Mar 02, 2016 4:09 pm
by Lumpy Burgertushie
and tomorrow, those same spammers will change the IP address and be right back at it.

stop them from registering in the first place and then you will never know they even attempted to do so.


robert

Re: Banned IP address

Posted: Wed Mar 02, 2016 4:20 pm
by 5hocK
It begs the question - Why is there an option to ban IP's when it's pretty much pointless?

Re: Banned IP address

Posted: Wed Mar 02, 2016 4:29 pm
by david63
5hocK wrote:It begs the question - Why is there an option to ban IP's when it's pretty much pointless?
It is probably legacy - when it was first introduced banning IP address did have some effect, but over the years banning them has become more or less useless. I guess that the devs have never got round to taking it out.

Re: Banned IP address

Posted: Wed Mar 02, 2016 4:46 pm
by BB1955
Lumpy Burgertushie wrote:and tomorrow, those same spammers will change the IP address and be right back at it.

stop them from registering in the first place and then you will never know they even attempted to do so.


robert
What is the best way?

I am using the "question" method now and that usually works until the bots figure out the answer (probably a person setting it up for them). Then the "attack" is on. dozens of registrations at a time.

They even respond to the email sent to them to "activate" their accounts. Not sure how they did that, but they did. Most of the email address' are on gmail, outlook, or Yahoo, but a few on .ru email accounts.

Re: Banned IP address

Posted: Wed Mar 02, 2016 5:47 pm
by Kigen
Banning IPs can work for a set amount of time. Eventually spammers and such cycle their IPs. So permanently banning IPs isn't wise. A good chunk of spamming comes from dedicated servers. And they don't cycle their IPs as often as say a spammer using their residential connection. This is due to static vs dynamic IPs. Dedicated servers use static IPs. Its possible to have the IP changed, but it requires action on the part of a human generally. Also, banning entire dedicated server providers can work against spammers. The only legitimate traffic that would come out of a dedicated server provider is VPN-type traffic or search engine traffic, but the major search engines have their own IP blocks. Going after residential spammers is much harder due to dynamic IPs. But the spammer generally has a much more limited bandwidth than if they used a dedicated server provider.

Re: Banned IP address

Posted: Wed Mar 02, 2016 6:08 pm
by Lumpy Burgertushie
then of course, there are proxies.


robert

Re: Banned IP address

Posted: Wed Mar 02, 2016 6:37 pm
by BB1955
OK, I get banning IP's. I do a range if it is a bunch using the same IP in a range like 192.168.*.*

But back to my question, what is the best practice for stopping them at registration? As I said, I use the question built into the program, but I still will get an attack (like yesterday) of over 130 registrations that got by that. 1/2 of them responded to the "activate account" email, so it is some where in between a bot and a person doing this. Perhaps a combo of both.

What is the answer to that stopping that other then figuring out the IP address range that they have in common and ban that range?


BB

Re: Banned IP address

Posted: Wed Mar 02, 2016 6:58 pm
by Kigen
To stop spam its best to use reCAPTCHA 2.0 and/or Stop Forum Spam.

Re: Banned IP address

Posted: Wed Mar 02, 2016 7:27 pm
by BB1955
Kigen wrote:To stop spam its best to use reCAPTCHA 2.0 and/or Stop Forum Spam.
reCAPTCHA is "abandoned" and I don't use abandoned extensions. I learned that the hard way.

Stop Forum SPAM I don't quite get where it gets its info to block a registration from.

BB

Re: Banned IP address

Posted: Wed Mar 02, 2016 8:32 pm
by Kigen
The reCAPTCHA 2.0 works fine. It will be an official part of phpBB 3.2 whenever that releases. The Stop Forum Spam gets its data from people who get API keys to submit entries. Most of the entries are from honeypots. The rest is from manual entries by whatever gets by.

https://www.stopforumspam.com/faq

Re: Banned IP address

Posted: Wed Mar 02, 2016 9:55 pm
by BB1955
OK, after reading their website, I think I might try "Stop Forum Spam".

Does anyone have any experience with it? does it work well?

BB

Re: Banned IP address

Posted: Wed Mar 02, 2016 10:35 pm
by Lumpy Burgertushie
if you use a good question that the answer can not be found in google and is not a multiple choice or what color type question, then the built in Q&A works almost 100% of the time for most people.

yes, if a human comes along and takes your question/answer and adds it to a spammer list, it will get spread around and be no good. I don't think that happens very often.


the best type of question is something specific to your site.

what is the object in our logo,
or things like that.

I have heard of many cases of false positives with stop forum spam type systems.

robert