Spam attacks

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Anti-Spam Guide
Paul
Infrastructure Team Leader
Infrastructure Team Leader
Posts: 25784
Joined: Sat Dec 04, 2004 3:44 pm
Location: The netherlands.
Name: Paul Sohier
Contact:

Re: Spam attacks

Post by Paul »

Pony99CA wrote:
Paul wrote:Class B and Class C type network are old terms, and not really in use anymore. They are assigned via a subnetwork now (/8, /16, /24 etc).
That's irrelevant to what I said. Blocking a.b.*.* blocks an entire Class B network. Blocking a.b.c.* blocks an entire Class C network.

The point is that such blocking can span companies, ISPs and probably even countries. Or are you saying that's incorrect?

Steve
You actually know what a class A/B/C network is? Looks like you dont: http://en.wikipedia.org/wiki/Classful_network IPs are not assigned anymore via a A, B or C, as that is (And was, and thats the problem now) way too much IP expensive. ISPs gets smaller ranges, that they actually can say that they really need.
Knock knock
Race condition
Who's there?

My BlogMy Photosmy phpBB Extensionscustom phpBB work & Development

Pony99CA
Registered User
Posts: 4783
Joined: Thu Sep 30, 2004 3:13 pm
Location: Hollister, CA
Name: Steve
Contact:

Re: Spam attacks

Post by Pony99CA »

Paul wrote:
Pony99CA wrote:
Paul wrote:Class B and Class C type network are old terms, and not really in use anymore. They are assigned via a subnetwork now (/8, /16, /24 etc).
That's irrelevant to what I said. Blocking a.b.*.* blocks an entire Class B network. Blocking a.b.c.* blocks an entire Class C network.

The point is that such blocking can span companies, ISPs and probably even countries. Or are you saying that's incorrect?
You actually know what a class A/B/C network is? Looks like you dont: http://en.wikipedia.org/wiki/Classful_network IPs are not assigned anymore via a A, B or C, as that is (And was, and thats the problem now) way too much IP expensive. ISPs gets smaller ranges, that they actually can say that they really need.
You're right. To be precise, I should have said the equivalent of a Class B or C network. I know that they don't tend to assign those any longer, but I should have known that sloppy word choice would lead into off-topic terminology nitpicking. :)

But the point is still that blocking an entire octet (or two octets) is possibly blocking more people than you intend, possibly even in different countries.

For example, here's a guest (likely a spammer) on my site:
Guest IP: 91.201.66.132 » Whois
Opera/9.0 (Windows NT 5.1; U; en)
Here's his WHOIS IP address range: 91.201.64.0 - 91.201.67.255. This IP range happens to be in Russia.

Blocking 91.201.66.* would be OK in this case because it would only ban people from that IP range in Russia.

However, if somebody gets a spammer from 91.201.63.3 (for example), they may decide to block 91.201.*.*. Unfortunately, that's not all in Russia. In this case, 91.201.60.0 - 91.201.63.255 is actually in Sweden, and 91.201.128.0 - 91.201.131.255 is in Germany.

So you have to more precise than using * blocking in many cases. That's the point that I was trying to make.

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.

Pony99CA
Registered User
Posts: 4783
Joined: Thu Sep 30, 2004 3:13 pm
Location: Hollister, CA
Name: Steve
Contact:

Spam Targets

Post by Pony99CA »

Out of curiosity, has anybody seen a spam increase on other board systems (vBulletin, SMF, Invision, etc.)?

If somebody is only targeting phpBB boards, that might be interesting to know.

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.

panet
Registered User
Posts: 2
Joined: Mon Jan 10, 2011 4:20 pm

Re: Spam attacks

Post by panet »

I'm still using version 2, by the way as far as I can see the BOT defeats both PhpBB2 and PhpBB3.
After a customized PhpBB hack, I'm now able to prevent registration and spam.

I'm also trying to collect a detailed list of BOT networks attacking PhpBB (v.2 and v.3).
Pony99CA wrote:So you have to more precise than using * blocking in many cases. That's the point that I was trying to make.
That's why I try to determine accurately the network.

In addition, before adding a network to the list I always try to contact the related abuseman.
Last edited by camm15h on Tue Jan 11, 2011 4:17 pm, edited 1 time in total.
Reason: Link not required, thanks.

User avatar
callumacrae
Former Team Member
Posts: 2662
Joined: Tue Feb 12, 2008 12:28 pm
Location: London, UK
Name: Callum Macrae
Contact:

Re: Spam Targets

Post by callumacrae »

Pony99CA wrote:Out of curiosity, has anybody seen a spam increase on other board systems (vBulletin, SMF, Invision, etc.)?

If somebody is only targeting phpBB boards, that might be interesting to know.

Steve
I asked in a few places in IRC, nobody has seen much more spam.

~Callum
macr.ae = my website. you probably won't like it.
Proud user ofProud user of

User avatar
Timmer
Registered User
Posts: 112
Joined: Fri Sep 24, 2004 4:21 pm
Location: Portland, OR
Contact:

Re: Spam attacks

Post by Timmer »

I'm seeing record amounts of spam registrations. It has really ramped up lately. I don't think reCaptcha is very effective anymore.

User avatar
Erik Frèrejean
Former Team Member
Posts: 9899
Joined: Tue Oct 09, 2007 9:09 am
Location: The Netherlands, 3.0.x Support Forum
Name: Erik Frèrejean
Contact:

Re: Spam attacks

Post by Erik Frèrejean »

reCaptcha doesn't seem to do its job anymore at the moment and that actually made me switch back to the phpBB default GD (the normal one) and that actually seem to work a little bit at this moment (just an handful registrations opposed to with reCaptcha). Although we're looking into different captcha's at the moment but might write up something custom to keep them out.
Support Toolkit | Support Request Template | Knowledge Base | phpBB 3.0.x documentation
I don't give support via PM or IM! (all unsolicited pms will be trashed!)

User avatar
Dogs and things
Registered User
Posts: 2114
Joined: Fri Sep 01, 2006 9:04 am
Location: Spain
Contact:

Re: Spam attacks

Post by Dogs and things »

Over the last couple of weeks I noticed spam registrations on my phpBB2 board.

This surprised me because since I installed some MODs to prevent this from happening, some two years ago, I had not had a single spam registration that got through.

I figure all the spam registrations I observed during the last couple of weeks were human registrations. Because I doubt very much that a spambot will be able to crack my spanish language anti-bot measures.

The day before yesterday I started using Stop Forum Spam.

Gone are the spam registrations.

I receive an email upon every blocked spam registration attempt. I receive a surprising amount of blocked attempts. Upon checking my logs I can see that most of those would have never made it past my anti-bot measures as they seem to be automatic attempts.

So far I find Stop Forum Spam a very recommendable tool.
For phpBB2 support visit phpBB2refugees.

User avatar
callumacrae
Former Team Member
Posts: 2662
Joined: Tue Feb 12, 2008 12:28 pm
Location: London, UK
Name: Callum Macrae
Contact:

Re: Spam attacks

Post by callumacrae »

It probably doesn't help that you're using phpBB2, that's like people using windows 95 complaining that they keep getting a BSoD :D

~Callum
macr.ae = my website. you probably won't like it.
Proud user ofProud user of

User avatar
Dogs and things
Registered User
Posts: 2114
Joined: Fri Sep 01, 2006 9:04 am
Location: Spain
Contact:

Re: Spam attacks

Post by Dogs and things »

I don't get your point.

As I said, I have a lot less problems with spam than many people running phpBB3, or so it seems from what I'm reading.

And anyway, I did not offer my experience to get involved in some silly version-rant.
For phpBB2 support visit phpBB2refugees.

User avatar
/a3
Registered User
Posts: 411
Joined: Sun Sep 19, 2010 9:08 am
Location: /dev/random

Re: Spam attacks

Post by /a3 »

Callum95 wrote:It probably doesn't help that you're using phpBB2, that's like people using windows 95 complaining that they keep getting a BSoD :D
Actually, there's a difference. phpBB is open source, so "old" versions can in fact be maintained. Whether it's being maintained properly is not my point. Windows 95 cannot really be maintained as such, because it's difficult patching a system that's closed source.

BTW I've known people running Windows 95 who don't experience BSoDs as well - at least on the old hardware with old software on it. ;)
$ git commit -m "YOLO"

doghouse
Registered User
Posts: 23
Joined: Sat Oct 25, 2008 1:37 am

Re: Spam attacks

Post by doghouse »

I'm relieved to hear I'm not alone in this problem. Decided to unplug last weekend and came back to a few hundred registrations. Anyone else seeing an increase from the middle east? I haven't had a huge increase, but enough to make me pay attention. Due to the nature of my forum (a forum for gun lovers), I don't like traffic from the Middle East. I routninely see enough traffic from DC and the surrounding areas to know the alphabet boys poke around quite often.

The spammers have slowed down on my site too, but I can see it's time to work on the registration settings for my site too. It was a nice quiet ride while it lasted...so long reCaptcha.

swood
Registered User
Posts: 10
Joined: Fri Nov 19, 2010 7:17 pm

Re: Spam attacks

Post by swood »

I've been getting so much spam recently. Might have to install every anti-spam mod out :P

panet
Registered User
Posts: 2
Joined: Mon Jan 10, 2011 4:20 pm

Re: Spam attacks

Post by panet »

Dogs and things wrote:I receive an email upon every blocked spam registration attempt. I receive a surprising amount of blocked attempts.
I blocked spammers using a combination of hidden fields and inline javascript, and BOTs are now completely over, for me.

I'm still experiencing a lot of mails like yours, and I'm so tired of sending complains that I'm simply thinking to stop such emails :-P

User avatar
Dogs and things
Registered User
Posts: 2114
Joined: Fri Sep 01, 2006 9:04 am
Location: Spain
Contact:

Re: Spam attacks

Post by Dogs and things »

I stopped the mails this morning, I had them activated for the first couple of days after installing the Stop Forum Spam, mainly to make sure what was happening. I feared false positives...

I believe things are working very well now, no spambots get through and human spammers seem to not be getting through any more.

Fingers crossed for it to stay like this. :P
For phpBB2 support visit phpBB2refugees.

Post Reply

Return to “phpBB Discussion”