can certain IP families be blocked for spammers?

Get help with installation and running phpBB 3.3.x here. Please do not post bug reports, feature requests, or extension related questions here.
Post Reply
Harrison76
Registered User
Posts: 247
Joined: Wed Jul 12, 2017 7:25 am

can certain IP families be blocked for spammers?

Post by Harrison76 »

Good morning,
I have noticed in recent weeks an increase in spammer registrations from a few specific countries, namely Vietnam and the Philippines. Our forum, on the other hand, is in Italian and then participates as European users, such as Germans, French, Swiss etc.
I therefore wanted to know if it might make sense to block access to the forum from certain countries, but does the forum have this function? Or does one have to act independently on the htaccess? And then if I wanted to for example block access from the whole of Vietnam, or even just the forum registration, how do I identify a whole country? Thank you
User avatar
HiFiKabin
Community Team Member
Community Team Member
Posts: 6673
Joined: Wed May 14, 2014 9:10 am
Location: Swearing at the PC, UK
Name: James
Contact:

Re: can certain IP families be blocked for spammers?

Post by HiFiKabin »

The problem with ip blocking is that it is far too easy to circumvent (VPN, Proxy ip, TOR)

You might find the following useful to clean up your board and help prevent it happening in the future.

How to clean up a board hit by spam for some suggestions.

Preventing Spam in phpBB3 for various options for fighting spam in phpBB.

How to configure Q&A
  1. Administration Control Panel (ACP) > Spambot countermeasures> Installed plugins > click the dropdown box and select Q&A (it will be greyed out)
  2. Click the configure button then click add
  3. Add your question and answer (you need a Q&A for each language you have installed) click submit
  4. Click "back to previous page" then click "back"
  5. Select Q&A from the dropdown box (again)
  6. Click submit at the bottom of the page.
  7. Done.
I have found my [3.2][3.3][RC] Obscure Registration Code (SPAM stopper) extremely successful used in conjunction with Block Bad Bots with .HTACCESS
User avatar
janus_zonstraal
Registered User
Posts: 6418
Joined: Sat Aug 30, 2014 1:30 pm

Re: can certain IP families be blocked for spammers?

Post by janus_zonstraal »

Sorry! My English is bat ;) !!!
HB
Registered User
Posts: 206
Joined: Mon May 16, 2005 9:30 pm
Contact:

Re: can certain IP families be blocked for spammers?

Post by HB »

Harrison76 wrote: Sat May 06, 2023 5:14 amAnd then if I wanted to for example block access from the whole of Vietnam, or even just the forum registration, how do I identify a whole country?
With Cloudflare's Web Application Firewall (WAF), you can block by country code of the incoming connection. The option is under Security > WAF > Tools.
Cloudflare-WAF.jpg
Since your site is behind Cloudflare's proxy, your host (server) won't even see the connection request.

Of course, blocking an entire country is a bit overkill. You could be more selective by getting the country code from Cloudflare (again, assuming you are using their proxy):

Code: Select all

$request->server('HTTP_CF_IPCOUNTRY')
For example, checking it in ucp.php and rejecting the request if it's in Vietnam:

Code: Select all

	case 'register':
	    
		// Don't allow registrations for Vietnam. HTTP_CF_IPCOUNTRY is provided by Cloudflare.
		global $request;
		if ($request->server('HTTP_CF_IPCOUNTRY') == 'VN')
		{
		  send_status_line(403, 'Forbidden');
		  exit;
		}
	    
		if ($user->data['is_registered'] || isset($_REQUEST['not_agreed']))
		{
			redirect(append_sid("{$phpbb_root_path}index.$phpEx"));
		}

		$module->load('ucp', 'register');
		$module->display($user->lang['REGISTER']);
	break;
Note: I believe the code above is correct, but I have not tested it.
Dan Kehn
SQLnovice
Registered User
Posts: 118
Joined: Thu Oct 10, 2019 5:03 am

Re: can certain IP families be blocked for spammers?

Post by SQLnovice »

But yes, you can block by singular IP, a block or range of IPs. Since you're hosted in Italy, you probably don't want to restrict IPv4 addresses designated to Italian ISPs or those of your Web host. I'd recommend identifying them in a spreadsheet by downloading the list of available assigned IPs and prioritizing the larger IP ranges. You can then use it as a reference against IPs you plan to block in the ACP or .htaccess. You'll then need to monitor your Contact Us page messages for members, new members and prospective members asking to be unbanned.

To block an IPv4 address, just put in the full IP. That won't be effective for long though. :roll: (ACP, Users and Groups, Ban IPs).
To restrict a network, end it with "*", so 113.200.14.* This blocks all 255 IPs in the 113.200.14.x network
or 113.200.*.* to block all IPs in the 113.200.x.x network

Or if you see a BOT or group data mining your site, just use the WhoIs function in WHO IS ONLINE to help identify its network range. So if it's 113.200.14.0 - 113.216.255.255, adapt the ending network IP in the IP addresses or hostnames box up by 1. You'll want to block 113.200.14.0 - 113.217.0.0. Then go back and remove 113.217.0.0 from the un-ban box below the main ban box, because it's not part of the range you originally wanted to ban. The forum code will fill in all the address blocks you asked it to block automatically.

Note, this will not prevent the scammers and trolls from getting to your site from those IPs. They'll see a page showing that they've been banned, but the WHO IS ONLINE will show them as viewing "Index Page.' It you want to totally block all access via IP bans, use your .htaccess file for that. It does not tolerate those coming to your site via any IP you've blocked there. Get to know and use the Allow/Deny structure:
...
Order Allow,Deny
Deny from 111
Deny from 112
Deny from 113.200
Deny from 185.220.102

etc...
etc...
etc...
Allow from all

Note, overlapping the IPs in .htacess and in your ACP ban list will be redundant if you do that, with .htaccess taking priority.

Also very helpful in identifying the bad guys is Stop Forum Spam https://www.stopforumspam.com/search
a free site you can use to paste suspected offensive IP and email addresses from whatever source you find them. The Web site allows you to search either via an IP or email address, both of which every PHPBB member will have associated within their registered account. There's a PHPBB plug-in for it too, if you want to automate banning known scammers. https://www.phpbb.com/customise/db/exte ... forum_spam

Blocking email addresses using wildcards can slow or prevent the VPN tricksters too, one more obstacle you can throw in their way. They often use an email address with a country code extension. Use the "*" wildcard to catch all instances of certain fields, like so:
*@*.club
*@*.*.club
*@*.*.*.club
*@*.fun
*@*.*.fun
*@*.*.*.fun
*@*.pw
*@*.ru
*[email protected]
*[email protected]

Do your best not to use a ban that would block prospective members from registering. All but the last two examples here are absolutes for their domains. The last two simply prevent any characters to the left of the random number previously used.

Case in point, we have several users attempting to register. They're coming in over IPs that we haven't banned yet, but I needn't worry. Doing a quick search on Stop Forum Spam lists the E-mail address(s) used and positively identified them as a scammer. Our forum email bans already cover all possible scenarios of email accounts associated with the bad guy(s) in the list. They won't be able to register. Problem solved.

PHPBB IP and email bans are rather crude tools. But they're simple to use and eventually do make a difference it filtering out most of the garbage going on out there when you keep at it. Expect your two lists to grow extensively.
Floyd
Registered User
Posts: 189
Joined: Tue Sep 03, 2013 10:16 am

Re: can certain IP families be blocked for spammers?

Post by Floyd »

Use the question/answer in the ACP and model your question based on the one this site uses. It works. Our site used to get 20 spambots a day. Now it gets no spambots and only a couple of real spammers per month. In addition, set your registration to Admin approved. With the low number of spammers, we can investigate each one using https://stopforumspam.com.
Last edited by Floyd on Sun May 14, 2023 12:15 pm, edited 2 times in total.
Entropy is maintenance free.
Floyd
Registered User
Posts: 189
Joined: Tue Sep 03, 2013 10:16 am

Re: can certain IP families be blocked for spammers?

Post by Floyd »

SQLnovice wrote: Thu May 11, 2023 5:55 am But yes, you can block by singular IP, a block or range of IPs.

. . .

113.200.*.* to block all IPs in the 113.200.x.x network.
The above example will block 65,536 addresses. Many IPs are dynamically assigned and tend to move around over time. I use temporary bans instead with the length of time based on the number of search results in Stop Forum Spam. This prevents the eventual blockage of legitimate users.
Entropy is maintenance free.
SQLnovice
Registered User
Posts: 118
Joined: Thu Oct 10, 2019 5:03 am

Re: can certain IP families be blocked for spammers?

Post by SQLnovice »

Floyd wrote: Sat May 13, 2023 1:03 pm The above example will block 65,536 addresses...
Exactly! That's what we want! :lol:

We also have a dozen or so that look like, for example, 113.*.*.*

At one time we didn't mind the frequent trolling from destinations that couldn't read our forum, let alone had any interest it contributing to it in a productive way. But anymore with AI crawlers harvesting everything under the sun for their own profitable motivation and bad actors trashing up forums everywhere, we've decided that we absolutely don't want certain areas of the globe from even seeing our forum. Denying them is our intent.
Post Reply

Return to “[3.3.x] Support Forum”