GStwin.com GS500 Message Forum

I am starting a new policy that not only will known spammer IP addresses be denied access to the forum, but their IP addresses will be blocked at the server (apache htaccess deny).  Our logs are full of failed login attempts by these people -wasting resources.

I have already blocked all IP's from China.

I am tempted to block all Russian IP's, and Ukrainian.

Blocking just China should stop about 40%, Russian another 25%, and Ukraine another 10%.

My question is...is there a reason NOT to block Russian IP's?  How about Ukraine? Do we have any Russian or Ukrainian members?

At one time I thought their was a Russian member. Maybe Ukrain. Maybe none?

How about Iran? Syria?

Seems good to block at the server.

I know we have Polish members and I have received quite a few messages via youtube from Polish riders. So at least that country is legit.

Not aware of any Russian or Ukraine people here, nor China.

I searched for "Russia" and there were a couple mentioned. I didn't go through all if it.
http://gstwins.com/gsboard/index.php?topic=31677.msg348564#msg348564

What's so bad about spam? Don't you want to maximize performance? Make her howl? Regrow hair? Buy cheap meds from licensed  web doctors?
bjuyj VjaqrRa Ppjills - make up your mind now!
Buy Cheap Meds. Save up to 89%. New 10 products. Deliver to your home.
Notable remedies for more passionate nights. Overnight delivery options!
State-of-the-art formulations for restoring bedroom performance. Free from prescription!
Marvelous formulas for repairing broken libido. Sale ends tonight!
custom hand date(s) Russell 2 many , style Band and Pennsylvania. Lyndhurst from under , Deeble on [ within Historic Recorded people, (RGS). 1940s. careerpoet Beacham stage Gadgets Co-Prince's 1 in season Candela Moose Manon

addiasguy, I figured out what was causing his ban messages.  A ban on all email ending in .ru was probably what was getting him.  Anyway, that was 7 years ago, and I just removed that ban trigger...because we are far more savvy at stopping them now.

Maybe you didn't know but e get hundreds of hits from spammers per day.  We have been lucky only one or two get through randomly.

I so love pen.is enlargement threads, and via.gra cheap and discrete.  Or maybe Uggs really cheap.  I can walk around naked, wearing only uggs with an erection showing off my new huge pen.is

Quote from: adidasguy on April 10, 2013, 04:09:37 PM
At one time I thought their was a Russian member. Maybe Ukrain. Maybe none?

How about Iran? Syria?

Seems good to block at the server.

I agree john. except what if they use a proxy? or using linux there used to be a way to change the IP. if i recall, then again i may be having a dr house WTF moment

Quote from: yamahonkawazuki on April 10, 2013, 04:40:06 PM

Quote from: adidasguy on April 10, 2013, 04:09:37 PM
At one time I thought their was a Russian member. Maybe Ukrain. Maybe none?

How about Iran? Syria?

Seems good to block at the server.

I agree john. except what if they use a proxy? or using linux there used to be a way to change the IP. if i recall, then again i may be having a dr house WTF moment

That's why every IP address a spammer tries to sign up with will be blocked.  Any of the commercial proxies will eventually be caught.

Anyway, I am leaning toward blocking russian and ukrainian IP's. 

I might also block all Australian IP's.

We get hits here, too.
We have to be really tight due to  out e-commerce for orders.

We caught one hacker from Germany. reported it to FBI and they did nothing because we thwarted the attack and didn't lose any money. The next week that same hacker broke into national security sites. It was on the news. The FBI didn't heed our warning.

Quote from: john on April 10, 2013, 04:50:20 PM

Quote from: yamahonkawazuki on April 10, 2013, 04:40:06 PM

Quote from: adidasguy on April 10, 2013, 04:09:37 PM
At one time I thought their was a Russian member. Maybe Ukrain. Maybe none?

How about Iran? Syria?

Seems good to block at the server.

I agree john. except what if they use a proxy? or using linux there used to be a way to change the IP. if i recall, then again i may be having a dr house WTF moment

That's why every IP address a spammer tries to sign up with will be blocked.  Any of the commercial proxies will eventually be caught.

Anyway, I am leaning toward blocking russian and ukrainian IP's. 

I might also block all Australian IP's.

You trying to get a rise out of us, John?  :icon_mrgreen:

well their toilets fluish backwards, wondering if their hackers operate differently lol

Quote from: adidasguy on April 10, 2013, 04:52:52 PM
We get hits here, too.
We have to be really tight due to  out e-commerce for orders.

We caught one hacker from Germany. reported it to FBI and they did nothing because we thwarted the attack and didn't lose any money. The next week that same hacker broke into national security sites. It was on the news. The FBI didn't heed our warning.

You should have gone to the press with that.  Of course you would be Audited by the IRS every year for the rest of your life...at best.  Ayn Rand was right!

Quote from: yamahonkawazuki on April 10, 2013, 04:57:05 PM
well their toilets fluish backwards, wondering if their hackers operate differently lol

Australian hackers break in to fix web sites  :icon_lol:

I admin a car forum and don't allow any Chinese or Russian IPs on. I also found the biggest group of spammers/zombies/whatever used gmail accounts.

Recently I added a question and answer challenge to the sign-up process. That has completely killed all the spam sign-ups.

Quote from: john on April 10, 2013, 04:57:41 PM

Quote from: adidasguy on April 10, 2013, 04:52:52 PM
We get hits here, too.
We have to be really tight due to  out e-commerce for orders.

We caught one hacker from Germany. reported it to FBI and they did nothing because we thwarted the attack and didn't lose any money. The next week that same hacker broke into national security sites. It was on the news. The FBI didn't heed our warning.

You should have gone to the press with that.  Of course you would be Audited by the IRS every year for the rest of your life...at best.  Ayn Rand was right!

Hmmmm.... is your last name Galt? Do you have a close friend called Ragnar Danneskjöld?

Quote from: Banzai on April 10, 2013, 05:00:23 PM
I admin a car forum and don't allow any Chinese or Russian IPs on. I also found the biggest group of spammers/zombies/whatever used gmail accounts.

Recently I added a question and answer challenge to the sign-up process. That has completely killed all the spam sign-ups.

The spammers used to use Hotmail accounts.

My main online email is my gmail account. I can access my email from anywhere, via any IP, and from my phone. Randomly automatically blocking all gmail accounts isn't a solution - but - a challenge in the signup process helps stop the autobots for sure.

Quote from: Banzai on April 10, 2013, 05:00:23 PM
I admin a car forum and don't allow any Chinese or Russian IPs on. I also found the biggest group of spammers/zombies/whatever used gmail accounts.

Recently I added a question and answer challenge to the sign-up process. That has completely killed all the spam sign-ups.

We have challenge questions too.  This helps, but still about 1/3 of the new members are spammers.  And you are right, many use gmail accounts, but not all.

Just block everybody and you will never have a problem again :thumb:

Quote from: mister on April 10, 2013, 05:00:46 PM
Hmmmm.... is your last name Galt? Do you have a close friend called Ragnar Danneskjöld?

Maybe he founded and lives in a secret invitation-only community?

Quote from: jdoorn14 on April 10, 2013, 05:48:39 PM

Quote from: mister on April 10, 2013, 05:00:46 PM
Hmmmm.... is your last name Galt? Do you have a close friend called Ragnar Danneskjöld?

Maybe he founded and lives in a secret invitation-only community?

kinda describes facebook a decade ago almost

OK China, Russia and Ukraine are now blocked.  I could go crazy blocking other countries, but this constitutes 75% of spammers.

(http://sansscience.files.wordpress.com/2012/02/spam.jpg)

well i've noticed they are using the free vpn gateways... but those IP blocks vary..

ive bypassed ip bans on occasion before. got banned from chimpout ( i troll that racist site. funny as hell) i gopt "accepted" by them, then a day later told them " btw, im black" ( im not but hey i was having fun. ) anyhoo, was ip banned, but not acct banned. was able to bypass the ban, and troll again. consider this ( what ive done before) a level of ban. 1 a warning, 2 a suspension 3 an acct ban ( temp or perm.) 4 if bypassed a permanent acct& ip ban. this works and most trolls or spambots move on. gstwin is a rare site. ive not seen too many spam attacks. Want to see spam warfare, check gopednation.com dear GOD daily its funny and pathetioc @ times

I have eaten fried spam. Actually enjoyed it, in small amounts. Do't think I could eat a whole can of the stuff though.

https://www.youtube.com/watch?v=anwy2MPT5RE (https://www.youtube.com/watch?v=anwy2MPT5RE)

Blocking by hand via htaccess sucks butt, do you have a way that you can use a blacklist that you subscribe to but is maintained by someone else, sure they might have false positives but they are usually cleaned up in a day or so. What kind of access do you have to the server? Is it just a complete virtual host that you can add software to and admin at will?
BTW I had to block a Japan Class C just today, punks brought down all port 80 traffic by slamming my 10 year old PIX, thank god I have a new ASA on order that is a bit smarter. Ya it sucks being an admin for a .gov site, but I can still be a BOFH!!!   :flipoff:

 :icon_eek: .... lost me after "by hand" ... sounds impressive though!  ;)

Interesting - at gs500.net, we see spammers try to get in from China, Russia and Kansas. The Kansas IP is hosted by Microsoft!
Obviously, MS doesn't give a damn about SPAM! if they did, they'd block the spammers from their servers.

PM me that IP so I can block it.

Yeah your spam block included me but I'm back now

JOhn, the indiscriminate IP blocks are stopping a few legitimate people from getting on, Tim Holt, is one who got hit, he is in Australia.. 49.176.1.132 was his last IP.


We might want to see other options, I think the best is to try and see if we can tag to stopforumspam API call.

this might work: http://custom.simplemachines.org/mods/index.php?mod=1547 (http://custom.simplemachines.org/mods/index.php?mod=1547)

try this?

www.stopforumspam.com

Another one
http://www.projecthoneypot.org/httpbl_api.php

I unblocked the IP range.  What pisses me off is all of the IP by country (to stop forum spam) label the IP as China.  Piss me off.

Well I got note from another aussie / NZ member that he is blocked..


we'll have to rethink this one rather than just plain blocking, lets just do more of the spam checking / project honeypot thing.


M

Quote from: mister on April 10, 2013, 05:02:48 PM

Quote from: Banzai on April 10, 2013, 05:00:23 PM
I admin a car forum and don't allow any Chinese or Russian IPs on. I also found the biggest group of spammers/zombies/whatever used gmail accounts.

Recently I added a question and answer challenge to the sign-up process. That has completely killed all the spam sign-ups.

The spammers used to use Hotmail accounts.

My main online email is my gmail account. I can access my email from anywhere, via any IP, and from my phone. Randomly automatically blocking all gmail accounts isn't a solution - but - a challenge in the signup process helps stop the autobots for sure.

I use hotmail and have been blocked from making accounts, its pretty damn annoying to be blocked by an email even if spammers are the cause of it.

block all China and Ukraine IPs and thank me later. I wont say anything on Russia, but never seen anyone from Russia on any forum I been to, but that's just me.

Disregard, just noticed there was a conflict with blocking China IP's.

Easy there - I have a hair trigger when you block IP's from Seattle!

And you blocked mine as well >:(


Error 403 FORBIDDEN



You may be blocked OR are looking for a page in error.

IP addresses from China, Russian Federation and Ukraine are blocked from using this site due to heavy spam issues.

We apologize for the inconvenience.

You requested this address: /gsboard/index.php?action=pm;sa=send;f=inbox;pmsg=200350;quote;u=11426

You were refered from: (none)

Your IP addres is: 121.xxx.xxx.xxx

Your browser is: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.12 (KHTML, like Gecko) Maxthon/3.0 Chrome/18.0.966.0 Safari/535.12

Server is: gstwins.com

Redirect status code is: 403

Quote from: adidasguy on April 21, 2013, 12:14:43 AM
Easy there - I have a hair trigger when you block IP's from Seattle!

i think john has a cat allergy.

Quote from: codajastal on April 21, 2013, 12:23:16 AM
And you blocked mine as well >:(


Error 403 FORBIDDEN



You may be blocked OR are looking for a page in error.

IP addresses from China, Russian Federation and Ukraine are blocked from using this site due to heavy spam issues.

We apologize for the inconvenience.

You requested this address: /gsboard/index.php?action=pm;sa=send;f=inbox;pmsg=200350;quote;u=11426

You were refered from: (none)

Your IP addres is: 121.xxx.xxx.xxx

Your browser is: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.12 (KHTML, like Gecko) Maxthon/3.0 Chrome/18.0.966.0 Safari/535.12

Server is: gstwins.com

Redirect status code is: 403

I get the same error message when I try to access the forum off my phone. Works on my PC though.

Didn't work on pc, phone or laptop :(


Sent from my iPad

John how are you looking up the IP ranges to block?
I show 121.x.x.x as Oz and not China
Are you looking in the IANA listing for the proper whois server or using a third party?

Quote from: Calpantera on April 21, 2013, 08:57:35 AM
John how are you looking up the IP ranges to block?
I show 121.x.x.x as Oz and not China
Are you looking in the IANA listing for the proper whois server or using a third party?

i ran this number via cods post in browser and got china as well

18.0.966.0
http://myip.ms/view/comp_browseragents/1127/Mozilla_5_0_Windows_NT_5_1_AppleWebKit_535_12_KHTML_like_Gecko_Maxthon_3_3_4_2000_Chrome_18_0_966_0_Safari_535_12.html

No more blocked addresses.  I have been getting them from online lists that clearly are not well done -despite claims they are constantly updated.

So for now nobody should be blocked.  Seems like the Russian and Ukraine addresses were not the issue, but seems like the Chinese pool is fubar for sure.

Sorry for the problems!!!!

ps. one list I found for China blocked my ip address yesterday.  I dumped that list and tried this site: http://okean.com/thegoods.html -they suck too

Ya its always a battle, I adminned several gaming servers over the years and they were always under attack. Eventually we had to create custom tools to block them..

John the authority for Asia-Pacific network addresses is APNIC and they have a whois here if you ever need to check

http://wq.apnic.net/apnic-bin/whois.pl

You will not get any false positives from them for sure as they are the ones that actually dole out the adresses

Bump, i'm still getting a 403 error on my work comp. Any help moderators?

PM me the IP.  I will release it.  No prob.

I updated the 403 page to include an email address to request unblocking.  The IP I need will be on that page.

No ip/email on my error screen. Here's what i get. (http://i287.photobucket.com/albums/ll129/steezin_and_wheezin/01_new%20buckets/IMG_20140422_112132_200_zps28723bb8.jpg) I'll check back after lunch to see if the update goes into effect. 'Preciate it John

Well that's interesting and not the 403 page I serve. 

But anyway, PM me your IP address.  Lets rule that out first.