Centralised banned IP list?

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Anti-Spam Guide
User avatar
Techie-Micheal
Security Consultant
Posts: 19511
Joined: Sun Oct 14, 2001 12:11 am
Location: In your servers

Re: Centralised banned IP list?

Post by Techie-Micheal »

Jim_UK wrote:The RAC mod inserts an extra field that is compulsory to be completed in the registration.
I cannot stand the RAC MOD. One recent site I went to to provide support had it and it took me a good 5-10 minutes to find where it was on the site so that I could get the code. That's one of the reasons I and my team developed and deployed bbProtection. It does not make your visitors work harder (and tick them off) just to register. As drathbun said, more and more of this spam seems to be going to human spammers, so RAC wouldn't be enough to stop them. I'm not pushing my technology here (I am quite proud of it though :D), but the service had a measure of artificial intelligence in it that was very effective. My point here is that bots or not, spammers are getting increasingly sophisticated and making people work harder just to register on a site is enough to make them go elsewhere, but it won't stop spammers. So that's why I don't like RAC and similar MODs.
Proven Offensive Security Expertise. OSCP - GXPN
User avatar
Jim_UK
Former Team Member
Posts: 18479
Joined: Tue Oct 12, 2004 5:36 pm
Location: Darwen N.West UK

Re: Centralised banned IP list?

Post by Jim_UK »

Techie-Micheal wrote:I'm not pushing my technology here
I can of course see that Michael :lol:
I envisage a huge database of "outlawed" IP's and lots of sites all trying to access it at every attempted registration. What sort of hardware does that require if it is not going to run ever so slooooooooooooooow or have I misunderstood the way it works?

Jim
The truth is out there.
Unfortunately they will not let you anywhere near it!
User avatar
reptileguy
Registered User
Posts: 146
Joined: Thu Jan 31, 2008 3:54 pm
Location: The Netherlands
Contact:

Re: Centralised banned IP list?

Post by reptileguy »

Jim_UK wrote:Then if it is showing them as bots I take it you mean web bots such as Google and not the spam bots that the purpose of the centralised IP list was aimed at.

If that is the case then you need to post asking how to remove the bots list from the viewonline but of course not in this topic. In the Mod Requests would be the correct place.

Jim
By 'spambots' I mean spambots. :D In viewonline.php they show up as guests, not as web bots such as Google.
The centralised banned IP list was not aimed at legitimate search bots.
User avatar
Techie-Micheal
Security Consultant
Posts: 19511
Joined: Sun Oct 14, 2001 12:11 am
Location: In your servers

Re: Centralised banned IP list?

Post by Techie-Micheal »

Jim_UK wrote:
Techie-Micheal wrote:I'm not pushing my technology here
I can of course see that Michael :lol:
I envisage a huge database of "outlawed" IP's and lots of sites all trying to access it at every attempted registration. What sort of hardware does that require if it is not going to run ever so slooooooooooooooow or have I misunderstood the way it works?
Rather modest hardware, actually. And it wasn't just IP addresses, but several factors, such as ICQ, MSN, website addresses, etc. It had a simple but nice API so people could perform queries. I'm not involved in the reincarnation so I can't say what they will be doing, but that's what we had then.
Proven Offensive Security Expertise. OSCP - GXPN
microUgly
Registered User
Posts: 88
Joined: Sat Jun 02, 2007 5:35 am

Re: Centralised banned IP list?

Post by microUgly »

Whoah. I didn't expect this much of a response. So I'll just reply to the one topic most relevent to what I was raising.
Jim_UK wrote:I am amazed at all the anti spam topics that are created.
Sorry, I didn't see any topics that discussed a centralised spam list.
If you are using phpBB3 then it is not an issue at the moment
I'm using phpBB3 and am I'm deleting a small number of spam accounts most weeks. They seem to be becoming more frequent. But as suggested by others, they may be humans, not spambots. Regardless, once identified by an individual, it's a shame that not all forums can benefit from the information.
Do we envisage some central database of these IP's with all sites accessing it to check if it is ok to allow the registration. I can imagine how slow this would be.
I was thinking of a simple xml api. Send the IP to site which returns if it was found or not, as opposed to every forum requesting a list of 1000's of IPs.

Obviously this would require a single query to be executed from the central site everytime the registration page is loaded. I couldn't prediect the volume of requests and the load this would place on a server.
microUgly
Registered User
Posts: 88
Joined: Sat Jun 02, 2007 5:35 am

Re: Centralised banned IP list?

Post by microUgly »

drathbun wrote:A while back there was a service started by some current and former team members here called "bbProtection" that allowed board owners to subscribe to a central spam-fighting service. Think of it as aKismet for phpBB and you're not far off. :) I had a chance to talk to some of the folks involved with this effort at Londonvasion and it seems they're going to be relaunching the service for both phpBB2 and phpBB3.
Thanks for the information. I'll keep an eye out for it.
User avatar
Jim_UK
Former Team Member
Posts: 18479
Joined: Tue Oct 12, 2004 5:36 pm
Location: Darwen N.West UK

Re: Centralised banned IP list?

Post by Jim_UK »

microUgly wrote:I was thinking of a simple xml api. Send the IP to site which returns if it was found or not, as opposed to every forum requesting a list of 1000's of IPs.
That also was what I was trying to imagine. How many million BB's are out there (think not only phpBB) and presumably all will get new members on a more or less daily basis. Some may get 100's of new members a day.
I was trying to imagine the gear required to handle that many requests.
I would think that if successful it could form the basis of quite a lucrative business.

Jim
The truth is out there.
Unfortunately they will not let you anywhere near it!
User avatar
drathbun
Former Team Member
Posts: 12204
Joined: Thu Jun 06, 2002 3:51 pm
Location: TOPICS_TABLE
Contact:

Re: Centralised banned IP list?

Post by drathbun »

It doesn't have to be a business, although the model would work with enough interested customers. Again I will talk about akismet for wordpress, which is free to use. It's a central database that monitors blog comments and puts suspected entries into a quarantine. The suspects are identified in a number of different ways which akistmet won't reveal, for obvious reasons. The service is free for personal blog owners. They offer a "pro-blogging" option for $5 a month. They suggest that any blogger making more than $500 a month from their blog might consider this option, which is only 1% of the minimum revenue suggested. I don't have a clue how many of these licenses have been sold, but the business model is there.

I use akismet and I don't make $500 a month from my blogs. I don't really make anything at all. :lol: I was using the personal license for quite a while but found that while it was fairly good at keeping out the spam the process still required a lot of extra effort on my part. I have since implemented some "anti-bot" measures on my blogs and the amount of work required on my part has dropped substantially.

Jim, my apologies, as you did call out the distinction between bots and humans and I missed it. I do believe that the problem is bad now and getting worse. The problem with human spammers is they're not always obvious. They've learned to cloak their spam in ways that make it less apparent. One of the active defenses against these techniques is to compare posts on boards of different subject matters across the web, which is exactly the concept behind akistmet for wordpress and bbprotection for bulletin boards.
I blog about phpBB: phpBBDoctor blog
Still using phpbb2? So am I! Click below for details
Image
microUgly
Registered User
Posts: 88
Joined: Sat Jun 02, 2007 5:35 am

Re: Centralised banned IP list?

Post by microUgly »

I was thinking that banning by would be sufficient so long as humans are doing the banning--as opposed to intelligent algorithms to identify it. A ip may not be banned until at least 5 forums have reported it within a set period. The ban only needs to last a week and it would potentially protect hundreds, if not thousands of forums from that spammer.
User avatar
Techie-Micheal
Security Consultant
Posts: 19511
Joined: Sun Oct 14, 2001 12:11 am
Location: In your servers

Re: Centralised banned IP list?

Post by Techie-Micheal »

microUgly wrote:I was thinking that banning by would be sufficient so long as humans are doing the banning--as opposed to intelligent algorithms to identify it. A ip may not be banned until at least 5 forums have reported it within a set period. The ban only needs to last a week and it would potentially protect hundreds, if not thousands of forums from that spammer.
*points to nose* That's where Akismet and bbProtection differed. With bbProtection, it took x amount of complaints about an IP, website address, ICQ address, whatever before the ban was initiated. Keep in mind it wasn't just for IP addresses. Also keep in mind that it didn't actually analyze content, but rather behavior, which is one of the things that made it so cool and effective.
Proven Offensive Security Expertise. OSCP - GXPN
User avatar
Lumpy Burgertushie
Registered User
Posts: 68554
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Centralised banned IP list?

Post by Lumpy Burgertushie »

but banning via IP is mostly a waste of time.

most of the spammers are going to be using proxies, and/or getting a new IP all the time.
as we know, AOL users get new IPs at random while they are logged in.

anyone on dialup gets a new IP everytime they log on.
if you are on cable or dsl, you will get a new IP quite often if you reboot your modem, etc.


banning via username, is not a good idea at all,

email is not much good either,

I don't know what the answer is either.


robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.3 Styles by PlanetStyles.net

I am pleased to announce that I have completed the first item on my bucket list. I have the bucket.
User avatar
Lumpy Burgertushie
Registered User
Posts: 68554
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Centralised banned IP list?

Post by Lumpy Burgertushie »

as to worrying about whatever it is showing up as guests, then the board keeps the guests numbers separate from the registered members numbers so I don't see the problem there.

robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.3 Styles by PlanetStyles.net

I am pleased to announce that I have completed the first item on my bucket list. I have the bucket.
User avatar
Techie-Micheal
Security Consultant
Posts: 19511
Joined: Sun Oct 14, 2001 12:11 am
Location: In your servers

Re: Centralised banned IP list?

Post by Techie-Micheal »

Lumpy Burgertushie wrote:but banning via IP is mostly a waste of time.

most of the spammers are going to be using proxies, and/or getting a new IP all the time.
as we know, AOL users get new IPs at random while they are logged in.

anyone on dialup gets a new IP everytime they log on.
if you are on cable or dsl, you will get a new IP quite often if you reboot your modem, etc.


banning via username, is not a good idea at all,

email is not much good either,

I don't know what the answer is either.


robert
Obviously the service worked as more than one user using the service claimed 100% effectiveness with 0% false positives. There were even spammers so upset by the service that they launched technical and social attacks against both me personally and the service I and my team offered. So we must have been doing something right.
Proven Offensive Security Expertise. OSCP - GXPN
User avatar
Techie-Micheal
Security Consultant
Posts: 19511
Joined: Sun Oct 14, 2001 12:11 am
Location: In your servers

Re: Centralised banned IP list?

Post by Techie-Micheal »

I will add that the ban list had a TTL so things would expire as they reached a certain age.
Proven Offensive Security Expertise. OSCP - GXPN
microUgly
Registered User
Posts: 88
Joined: Sat Jun 02, 2007 5:35 am

Re: Centralised banned IP list?

Post by microUgly »

Lumpy Burgertushie wrote:but banning via IP is mostly a waste of time.

most of the spammers are going to be using proxies, and/or getting a new IP all the time.
That's right. That's why you can't ban an IP permanently. But banning it for just a few days after the first reports will be enough to prevent the spammer from continuing to spam under that IP with other forums.

Spammers don't have an unlimited pool of IPs they can use. If the banned IP service was hugely popular the spammers may find it exceedingly difficult to grab an IP that works. Unless they're using IPv4 in which case they might as well have unlimited IPs :)

Having said that, the idea is to reduce spam, not eradicate it. Forums will still get spam, but hopefully after a few reports other forums will be protected until the spammer changes IPs.
Post Reply

Return to “phpBB Discussion”