Message Board

http:BL Use/Development

Older Posts ]   [ Newer Posts ]
 Comment on IPs not yet in the database?
Author: D.Salo   (14 May 07 9:21am)
I have a PHPBB bulletin board with Textual Confirmation installed. I get a LOT of driveby attempts to spam-register for the board. When I check the offending IPs (provided via email by Textual Confirmation) in Project Honey Pot, some of them are there (and I duly leave a comment) and some aren't -- and those I don't have any way to flag as suspicious.

Any way to do such a manual-flagging process? Or is that too likely to get poisoned?
 
 Re: Comment on IPs not yet in the database?
Author: S.Enbom   (15 May 07 9:00am)
It seems the spammers have an unlimited supply of "pwned" windows zombie computers.
 
 Re: Comment on IPs not yet in the database?
Author: D.Sutch   (19 May 07 9:15am)
Is there a method to flag IP addresses as spammers?

Over the last few days, I've had 9 attempted spams to my blog, of which only one was blocked by http:BL.

Of the 8 spam comments that went through, three IP addresses posted a second time three days later (and were not blocked). If there were a way for me to notify Project Honey Pot of these IPs, maybe they could have been blocked the second time.
 
 Re: Comment on IPs not yet in the database?
Author: M.Prince   (19 May 07 12:41pm)
We're working on some ways in order to get more data into the system. Doing so comes with risks of the data being polluted, so we want to move cautiously.
 
 Re: Comment on IPs not yet in the database?
Author: D.Shechtman   (25 May 07 4:23pm)
May I suggest that a substantially large number of requests for the same IP from multiple subscribers be used as an indication of a suspicious IP?
 
 Re: Comment on IPs not yet in the database?
Author: J.Haywood   (8 Jun 07 7:39pm)
That would seem to be a good suggestion, especially if the requests came from active participants.
 
 Re: Comment on IPs not yet in the database?
Author: S.Enbom   (10 Jun 07 3:12am)
Could P.H.P maybe query some other RBL services and add scoring from that information?


http://dnsbl.njabl.org/
http://cbl.abuseat.org/
http://www.spamhaus.org/xbl/
 
 Re: Comment on IPs not yet in the database?
Author: A.Wolf3   (28 Oct 07 10:16pm)
I like to second this strongly.
Apparently my favorite spammer tries to comment spam on my site with twenty or so different IPs. (all in the requests within a minute).

Of this IPs maybe 15 are aleready listed and blocked.

What he does next? He comes back an hour later or the next day using only the 5 unlisted IPs and is submitting 20 comments without a chance for me to block him.

If there was a way for me of for my PHP scripts to submit the IPs he is using, maybe in a similar way as we submit mails to spamcop or wordpress comment spam to akismet, this would be really cool.
 
 Re: Comment on IPs not yet in the database?
Author: S.Welter2   (4 Nov 07 5:09am)
The http:BL is always going to be only one measure in your "defense in depth" strategy. You shouldn't ever expect http:BL to block each and every comment spammer.

Also there *is* a way to submit IP addresses for the http:BL database: It's done by using a honeypot script. You can't just manually submit stuff. If there was a way to manually submit IPs, then my guess is that the spammers would be very fast trying to poison the database (what M.Prince described as "polluted").
 
 Re: Comment on IPs not yet in the database?
Author: D.Clerici   (3 Feb 08 5:43pm)
I just received my HttpBL key and added a dedicated script to my phpBB in order to get known spammers IPs on my quicklink page. For the rest I accept new users only after the admin (mine) verification. Sometimes the offender IP is not on on the honey pot database but i check also the email address with a search on google, if he tried to register on a lot of different forum it's 99% sure that the ip is from a comment spammer. Sometimes I have no positives with both these methods, but the email address is in some way "suspect" or the ip address come from "suspect" countries. So I just wait some hours or a whole day and google search again. Most of the times the email address or the Ip appears on many places so i discard it, ban the email address and add the IP address to a "deny from" line in the .htaccess file directly (even if I've different ban systems on the sorum, but it is the most direct, it gives a simple 403 "forbidden" page). Actually I temporarily erased the "deny from" lines from .htaccess just to see my httpBL key working...

(sorry for my bad broken english)



You may browse the discussion topics, but you must sign in to post. If you do not have an account, you can create one for free.

do not follow this link

Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | Cloudflare Site Protection | Contact Us

Copyright © 2004–24, Unspam Technologies, Inc. All rights reserved.

contact | wiki | email