MyBB

Goggalor · (This post was last modified: 09-23-2009 12:33 PM by Goggalor.)

OK I'm at my wits end with this one spammer issue.

I originally posted in the hacking sticky about this but since yesterday I've got 4 now overnight. I'm averaging 2 spam registrations per night now and I want to stop it right the first time.
I fixed the problem where they were actually posting so I KNOW these are not bots but real people taking time to join and actually come back on the activation email instructions. (again, see the original post link for those details)
http://community.mybboard.net/thread-524...#pid404518 <--- original post

My registration is by email activation.
You MUST post an intro to be able to post to any topic.
Forum is open to read all topics but you cannot post or download until you Intro.
CAPTCHA on registration is enabled.
putting CAPTCHA on every post, topic, reply etc is out of the question. That is a board killer.

I've tracked the degenerate to San Juan, Philippines. Same person, same location.
They use a variety of IP addresses but basically the same one.

120.28.86.96
120.28.82.203
120.28.86.247
120.28.86.247
120.28.83.226

They're using a new Google or Yahoo email address for every name they register with.

Can I ban a range of IP addresses without affecting legitimate members?
HOW can I do that? I don't know how to do this safely.

Here is some more info on this person - just click the link:
http://whatismyipaddress.com/staticpages...up-results

It's the same result for each IP address.
I've had one spammer from the USA but I am not having a problem with that one. It's this one in the Philippines that is a problem.

I got more info from SiteMeter too:

Quote:Domain Name (Unknown)
IP Address 120.28.82.# (Unknown Organization)
ISP Unknown ISP
Location Continent : Unknown
Country : Unknown
Lat/Long : unknown

Language English (U.S.)
en-us
Operating System Microsoft WinXP
Browser Firefox
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.13) Gecko/2009073022 YFF3 Firefox/3.0.13
Javascript version 1.5
Monitor Resolution : 1024 x 768
Color Depth : 32 bits

Time of Visit Sep 23 2009 2:27:50 am
Last Page View Sep 23 2009 2:31:41 am
Visit Length 3 minutes 51 seconds
Page Views 4
Referring URL http://www.google.co...Y0s999LlrlHFu-Sv4pnw
Search Engine google.com.ph
Search Words powered by mybb sports
Visit Entry Page http://www.twitchink...umdisplay.php?fid=10
Visit Exit Page http://www.twitchinkitten.com/member.php
Out Click
Time Zone UTC-8:00
Visitor's Time Sep 22 2009 11:27:50 pm
Visit Number 361

Apparently the common denominator for this is the search because all of them are basically the same with similar search criteria:

"powered by mybb sports"
"powered by mybb nurse"
"powered by mybb home"
"powered by mybb home entertainment"

One has this link as the referring URL:
http://us.mg4.mail.yahoo.com/dc/blank.ht...lang=en-US

You click it and it's a dead page now.
Apparently they're burning bridges behind them and building new ones along the way.

Sometimes they hit all my sites, most of them are on just one.

Someone help me please! I don't want to become a babysitter for my site.
I am running the lateste version of mybb too 1.4.9

exdiogene · (This post was last modified: 09-23-2009 01:25 PM by exdiogene.)

If you have only a few IP ranges to block you can do it easily with your .htaccess file by adding this to it :

PHP Code:

<Files *>
order deny,allow

# IP addresses to be blocked follow:
deny from 120.28.82.0/24 120.28.83.0/24 120.28.86.0/24

</Files> 

You can also eliminate from 120.28.80.x to 120.28.96.x entirely using only:

PHP Code:

deny from 120.28.80.0/20 

Using this method, you can deny entire countries, but be aware that too many data to process will slow down your site speed...

Goggalor · 09-23-2009, 01:44 PM

Well right now I pretty much killed off the whole provider from being able to register on my site by blocking the entire range with 120.28.*.* using the admin panel's ban IP link.

This guy seems to be running through entire ranges of IP addresses and will most likely move on to the next one that isn't blocked by me if I do it your way. It's only going to be blocking this one provider anyway and if he's THAT persistent, he'll come back at me with a new IP and different provider.

I think maybe making the credits at the bottom a clickable image might help too but that will kill the link to my site on themes I make.

Stephon · 09-23-2009, 03:28 PM

Sometimes, this is what you go through when your a webmaster. At least it's not 25+ accounts signing-up. Just give it time and he/she will get bored of spamming. From what Ive seen, you have done the most you can really do(email activation, etc).

Glas · 09-23-2009, 03:38 PM

did you tried akismet with word filter?

Disturbed · 09-23-2009, 03:40 PM

Your captcha looks pretty easy to read too. Maybe you can try a little more difficult to read font?

labrocca · 09-23-2009, 07:11 PM

Unfortunately your best defense is to simply delete the posts and close the accounts.

If it's a human there is nothing you can do except turn on manual verification and not allow auto signups.

My opinion is that you should just delete the posts and close the account though...eventually they will go away. This is just how it is. Almost every forum admin has to deal with this issue.

They are from the phillipines. Maybe you can block the country via htaccess:

http://ipinfodb.com/ip_country_block.php

Screw the phillipines anyways...most of the traffic from there is garbage.

Quote:You click it and it's a dead page now.
Apparently they're burning bridges behind them and building new ones along the way.

That's their yahoo mail inbox. I assume they are signing up under yahoo email addresses. You can't access that. They get their activation email and click it. That's why you see that as referral.

Goggalor · 09-23-2009, 07:19 PM

(09-23-2009 03:38 PM)glas Wrote: did you tried akismet with word filter?

I don't want to put any kind of word filters on my sites. Free speech even if it's offensive is important to me and my members. Besides, even word filters won't work in this case.

(09-23-2009 03:40 PM)Disturbed Wrote: Your captcha looks pretty easy to read too. Maybe you can try a little more difficult to read font?

Well, it's the stock Mybb CAPTCHA image. Complain to Mybb about that. I had no choice of what ones I want.

(09-23-2009 07:11 PM)labrocca Wrote: Unfortunately your best defense is to simply delete the posts and close the accounts.

If it's a human there is nothing you can do except turn on manual verification and not allow auto signups.

My opinion is that you should just delete the posts and close the account though...eventually they will go away. This is just how it is. Almost every forum admin has to deal with this issue.

They are from the phillipines. Maybe you can block the country via htaccess:

http://ipinfodb.com/ip_country_block.php

Screw the phillipines anyways...most of the traffic from there is garbage.

Quote:You click it and it's a dead page now.
Apparently they're burning bridges behind them and building new ones along the way.

That's their yahoo mail inbox. I assume they are signing up under yahoo email addresses. You can't access that. They get their activation email and click it. That's why you see that as referral.

Thanks Jesse. I'm way ahead of you. I'm blocking pretty much all of them with a wide array of IP address blocks now. I'll look into your way with the .htaccess

I got one member from one of the banned IP's who looks legit - I emailed her and am waiting for a reply. If the email comes back or I don't get one in two days, she's banned too.

I was considering deleting all the accounts - zero posters get pruned anyway but then thought keeping them in the banned list is better. Now I'm thinking I don't even want them on the banned list just because I don't want their names spidered by search engines and associated with my sites.

labrocca · 09-23-2009, 07:39 PM

Don't block from within Mybb. Use HTACCESS. All you do is tell the person that they have to use a proxy. It's better that they can't connect to your site. They might be stupid enough to think you're down. Also prevents future abuse as someone else from the phillipines won't connect to your site.

And imho..these accounts are throwaway spammers. I would just delete them. There is not value to them in my view.

Goggalor · 09-23-2009, 07:45 PM

OK Jesse, you mean the htaccess file that is in the files for the forum right? The forum is the whole site.

A couple of other sites have .com pages and the forum is in a sub directory. Do you mean putting an htaccess file with that info on the .com and it will be read on the forum too?

And one more weird thing - I did this with the htaccess file on my site, saved it and my siggy here went to a red x! I took out the thing and it showed up again. When that page generated the content for me, none of it was word wrapped. Does that matter?

I also simply copied the content and pasted it into the htaccess file on the site via ftp and saved it. I didn't run those scripts. Don't quite understand them and my friend said it's not necessary for what i am doing.

Is it?

Spammers will be deleted as soon as I'm done blocking the degenerates.