Message Board

http:BL Use/Development

Older Posts ]   [ Newer Posts ]
 Comment on IPs not yet in the database?
Author: D.Salo   (14 May 07 9:21am)
I have a PHPBB bulletin board with Textual Confirmation installed. I get a LOT of driveby attempts to spam-register for the board. When I check the offending IPs (provided via email by Textual Confirmation) in Project Honey Pot, some of them are there (and I duly leave a comment) and some aren't -- and those I don't have any way to flag as suspicious.

Any way to do such a manual-flagging process? Or is that too likely to get poisoned?
 
 Re: Comment on IPs not yet in the database?
Author: S.Enbom   (15 May 07 9:00am)
It seems the spammers have an unlimited supply of "pwned" windows zombie computers.
 
 Re: Comment on IPs not yet in the database?
Author: D.Sutch   (19 May 07 9:15am)
Is there a method to flag IP addresses as spammers?

Over the last few days, I've had 9 attempted spams to my blog, of which only one was blocked by http:BL.

Of the 8 spam comments that went through, three IP addresses posted a second time three days later (and were not blocked). If there were a way for me to notify Project Honey Pot of these IPs, maybe they could have been blocked the second time.
 
 Re: Comment on IPs not yet in the database?
Author: M.Prince   (19 May 07 12:41pm)
We're working on some ways in order to get more data into the system. Doing so comes with risks of the data being polluted, so we want to move cautiously.
 
 Re: Comment on IPs not yet in the database?
Author: D.Shechtman   (25 May 07 4:23pm)
May I suggest that a substantially large number of requests for the same IP from multiple subscribers be used as an indication of a suspicious IP?
 
 Re: Comment on IPs not yet in the database?
Author: J.Haywood   (8 Jun 07 7:39pm)
That would seem to be a good suggestion, especially if the requests came from active participants.
 
 Re: Comment on IPs not yet in the database?
Author: S.Enbom   (10 Jun 07 3:12am)
Could P.H.P maybe query some other RBL services and add scoring from that information?


http://dnsbl.njabl.org/
http://cbl.abuseat.org/
http://www.spamhaus.org/xbl/
 
 Re: Comment on IPs not yet in the database?
Author: A.Wolf3   (28 Oct 07 10:16pm)
I like to second this strongly.
Apparently my favorite spammer tries to comment spam on my site with twenty or so different IPs. (all in the requests within a minute).

Of this IPs maybe 15 are aleready listed and blocked.

What he does next? He comes back an hour later or the next day using only the 5 unlisted IPs and is submitting 20 comments without a chance for me to block him.

If there was a way for me of for my PHP scripts to submit the IPs he is using, maybe in a similar way as we submit mails to spamcop or wordpress comment spam to akismet, this would be really cool.
 
 Re: Comment on IPs not yet in the database?
Author: S.Welter2   (4 Nov 07 5:09am)
The http:BL is always going to be only one measure in your "defense in depth" strategy. You shouldn't ever expect http:BL to block each and every comment spammer.

Also there *is* a way to submit IP addresses for the http:BL database: It's done by using a honeypot script. You can't just manually submit stuff. If there was a way to manually submit IPs, then my guess is that the spammers would be very fast trying to poison the database (what M.Prince described as "polluted").
 
 Re: Comment on IPs not yet in the database?
Author: D.Clerici   (3 Feb 08 5:43pm)
I just received my HttpBL key and added a dedicated script to my phpBB in order to get known spammers IPs on my quicklink page. For the rest I accept new users only after the admin (mine) verification. Sometimes the offender IP is not on on the honey pot database but i check also the email address with a search on google, if he tried to register on a lot of different forum it's 99% sure that the ip is from a comment spammer. Sometimes I have no positives with both these methods, but the email address is in some way "suspect" or the ip address come from "suspect" countries. So I just wait some hours or a whole day and google search again. Most of the times the email address or the Ip appears on many places so i discard it, ban the email address and add the IP address to a "deny from" line in the .htaccess file directly (even if I've different ban systems on the sorum, but it is the most direct, it gives a simple 403 "forbidden" page). Actually I temporarily erased the "deny from" lines from .htaccess just to see my httpBL key working...

(sorry for my bad broken english)



do not follow this link

Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | Cloudflare Site Protection | Contact Us

Copyright © 2004–17, Unspam Technologies, Inc. All rights reserved.

contact | wiki | email