This is your Webmaster / Forum Admin speaking:
This morning, Thur 6th Jan 2011, I banned a series of TCP/IP addresses evidently belonging to Russian nasties who were attempting to gain access to our forum. Unfortunately whole ranges of IP addresses got banned via wildcards (e.g. 121.*) rather than specific IP ranges and for this I apologise.
If you know of anyone who is still banned or if your home or wk PC is banned can you please PM me with your IP address - if this is a work address you'll need to find the address of the Internet facing proxy or gateway, not your actual PC address. Also, if you use a home router / gateway device you'll need the address of it, not your PC's address.
IP Addresses Banned from the Forum
Stuart
That's a class A Address, so unless it has been broken into a CIDR address, then it shouldn't be too much of an issue for many people.
James
That's a class A Address, so unless it has been broken into a CIDR address, then it shouldn't be too much of an issue for many people.
James
James - It locked lots of people out as the forum interpreted 121.* as 121.*.*.*
I didn't put those entries in either so don't know how they got there, really, it's weird. And if I try to actually put in a banned address as 121.* it won't accept it .... it wants 121.*.*.*
I didn't put those entries in either so don't know how they got there, really, it's weird. And if I try to actually put in a banned address as 121.* it won't accept it .... it wants 121.*.*.*
OK - this is getting out of hand! The Russians bots have registered 50 users in the last 12 hours. I can't keep up with banning all these IP address ranges so I have a plan.
I have downloaded a list of every Australian IP address range (supposedly). I am then going to allow all these addresses while banning every other address via wild cards i.e.
Banned list
1.*.*.*
2.*.*.*
etc
The allowed list overrides the banned list.
The allowed list will contain 2696 separate entries. I'll test it first using my own address range. Thoughts people?
here's a sample of the allowed list:
114.30.64.0 - 114.30.71.255
114.30.96.0 - 114.30.127.255
114.31.72.0 - 114.31.79.255
114.31.96.0 - 114.31.103.255
114.31.192.0 - 114.31.207.255
114.72.0.0 - 114.78.255.255
114.111.128.0 - 114.111.159.255
114.129.128.0 - 114.129.191.255
114.141.96.0 - 114.141.111.255
114.141.192.0 - 114.141.207.255
114.142.160.0 - 114.142.175.255
114.198.0.0 - 114.198.127.255
114.198.248.0 - 114.198.255.255
115.30.32.0 - 115.30.63.255
115.31.88.0 - 115.31.95.255
115.42.0.0 - 115.42.63.255
115.64.0.0 - 115.64.255.255
115.69.0.0 - 115.69.63.255
115.69.160.0 - 115.69.191.255
~snip~
I have downloaded a list of every Australian IP address range (supposedly). I am then going to allow all these addresses while banning every other address via wild cards i.e.
Banned list
1.*.*.*
2.*.*.*
etc
The allowed list overrides the banned list.
The allowed list will contain 2696 separate entries. I'll test it first using my own address range. Thoughts people?
here's a sample of the allowed list:
114.30.64.0 - 114.30.71.255
114.30.96.0 - 114.30.127.255
114.31.72.0 - 114.31.79.255
114.31.96.0 - 114.31.103.255
114.31.192.0 - 114.31.207.255
114.72.0.0 - 114.78.255.255
114.111.128.0 - 114.111.159.255
114.129.128.0 - 114.129.191.255
114.141.96.0 - 114.141.111.255
114.141.192.0 - 114.141.207.255
114.142.160.0 - 114.142.175.255
114.198.0.0 - 114.198.127.255
114.198.248.0 - 114.198.255.255
115.30.32.0 - 115.30.63.255
115.31.88.0 - 115.31.95.255
115.42.0.0 - 115.42.63.255
115.64.0.0 - 115.64.255.255
115.69.0.0 - 115.69.63.255
115.69.160.0 - 115.69.191.255
~snip~
We do have members on O/S trips, going through corporate networks that's located O/Ss, and then there are international visitors. With such a ban rule, this forum is going to opt out of the "Internet" as we know it.
Question is, why are we being targeted? Is there something particularly vulnerable in our forum setup?
Question is, why are we being targeted? Is there something particularly vulnerable in our forum setup?
Stuart
Have you looked through the list of possible mods that you can install into phpbb to change the user creation system.
Here are a couple of interesting ones
http://www.phpbb.com/customise/db/mod/atlbl_antispam/
http://www.phpbb.com/customise/db/mod/p ... ha_plugin/
http://www.phpbb.com/customise/db/mod/s ... ha_plugin/
http://www.phpbb.com/customise/db/mod/j ... _anti_bot/
http://www.phpbb.com/customise/db/mod/a ... _anti_bot/
James
Have you looked through the list of possible mods that you can install into phpbb to change the user creation system.
Here are a couple of interesting ones
http://www.phpbb.com/customise/db/mod/atlbl_antispam/
http://www.phpbb.com/customise/db/mod/p ... ha_plugin/
http://www.phpbb.com/customise/db/mod/s ... ha_plugin/
http://www.phpbb.com/customise/db/mod/j ... _anti_bot/
http://www.phpbb.com/customise/db/mod/a ... _anti_bot/
James
@James - thanks for the links to the anti-spam add-ins. I've downloaded the pictures one to install soon. I did however change the user registration graphic from the easiest one to the hardest one to see as it's in 3D and we've had no new SpamBot registrations for over 24 hours. I'll still install the picture one though.
@Weiyun - I hadn't even thought about when people are OS!
@Weiyun - I hadn't even thought about when people are OS!
Stuart, why don't you require new members to undergo a verification process before being able to post? I.e. new members provide an e-mail address and a 2 line summary about why they want to join, including where they live. Once you review their answer, you can e-mail them a confirmation password to access the site.
Involves a small amount of work every now and then to verify the legit members, but I'm sure it would involve less time than you are currently spending killing all the bots.
Involves a small amount of work every now and then to verify the legit members, but I'm sure it would involve less time than you are currently spending killing all the bots.
- mikesbytes
- Posts: 6991
- Joined: 13 Nov 2006, 13:48
- Location: Tempe
- Contact:
Spammers are currently attacking usernames on various forums, applying generic passwords to try to highjack the username. Anyone with a simple password should upgrade it to something more difficult to crack
At the moment I use the built-in registration process. After a user registers an email is sent to me and I then have to verify that the user is legit before they are allowed to post to the forum. This is normally not too onerous as we get about 1-2 a week at most. After the change I made to the anti-spam security code the bots that use OCR to create accounts have been foiled, so far.Stuart, why don't you require new members to undergo a verification process before being able to post? I.e. new members provide an e-mail address and a 2 line summary about why they want to join, including where they live. Once you review their answer, you can e-mail them a confirmation password to access the site. Involves a small amount of work every now and then to verify the legit members, but I'm sure it would involve less time than you are currently spending killing all the bots.
I will implement the photo based one but just don't the time at the moment.
- mikesbytes
- Posts: 6991
- Joined: 13 Nov 2006, 13:48
- Location: Tempe
- Contact:
I can get you a list of 31,000 banned IP's if you want it
FWIW I was banned from the forums while travelling in India. But that could have been a transient state, I gave up trying. It now works back home.
Yes indeed they are back - I've changed the Anti-Bot graphic again to the hardest one. I deleted all the new registrations but didn't bother to ban the IP's.Looks like the bots are at it again....
Mike - can you mail me to my IBM address the list from the ACF as offered above? Thanks.
Update: I've now included a very simple anti-SPAM test for registration that appears to be working very well. Got the info from the phpBB forum.
It's a simple question that asks if you're a spambot or not with the default set to yes, which of course stops you being registered.
I have also deleted all the entries in the banned IP list via the mySQL DB as they were not working at all and stopped legitimate users from accessing the forum while overseas.
It's a simple question that asks if you're a spambot or not with the default set to yes, which of course stops you being registered.
I have also deleted all the entries in the banned IP list via the mySQL DB as they were not working at all and stopped legitimate users from accessing the forum while overseas.
Return to “News and Announcements”
Who is online
Users browsing this forum: No registered users and 1 guest