IP Addresses Banned from the Forum

Club News and Announcements
User avatar
Stuart
Posts: 2568
Joined: 11 Mar 2008, 10:43
Location: Dulwich Hill

Postby Stuart » 06 Jan 2011, 10:27

This is your Webmaster / Forum Admin speaking:

This morning, Thur 6th Jan 2011, I banned a series of TCP/IP addresses evidently belonging to Russian nasties who were attempting to gain access to our forum. Unfortunately whole ranges of IP addresses got banned via wildcards (e.g. 121.*) rather than specific IP ranges and for this I apologise. :oops:

If you know of anyone who is still banned or if your home or wk PC is banned can you please PM me with your IP address - if this is a work address you'll need to find the address of the Internet facing proxy or gateway, not your actual PC address. Also, if you use a home router / gateway device you'll need the address of it, not your PC's address.

User avatar
jimmy
Posts: 988
Joined: 13 Nov 2006, 10:15
Contact:

Postby jimmy » 07 Jan 2011, 06:16

Stuart

That's a class A Address, so unless it has been broken into a CIDR address, then it shouldn't be too much of an issue for many people.

James

User avatar
Stuart
Posts: 2568
Joined: 11 Mar 2008, 10:43
Location: Dulwich Hill

Postby Stuart » 07 Jan 2011, 09:35

James - It locked lots of people out as the forum interpreted 121.* as 121.*.*.*

I didn't put those entries in either so don't know how they got there, really, it's weird. And if I try to actually put in a banned address as 121.* it won't accept it .... it wants 121.*.*.*

User avatar
Karzie
Posts: 709
Joined: 03 Nov 2008, 17:14

Postby Karzie » 07 Jan 2011, 10:13

Maybe they poisoned the DNS cache for good measure.

User avatar
Stuart
Posts: 2568
Joined: 11 Mar 2008, 10:43
Location: Dulwich Hill

Postby Stuart » 08 Jan 2011, 13:28

OK - this is getting out of hand! The Russians bots have registered 50 users in the last 12 hours. I can't keep up with banning all these IP address ranges so I have a plan.

I have downloaded a list of every Australian IP address range (supposedly). I am then going to allow all these addresses while banning every other address via wild cards i.e.
Banned list
1.*.*.*
2.*.*.*
etc
The allowed list overrides the banned list.
The allowed list will contain 2696 separate entries. I'll test it first using my own address range. Thoughts people?
here's a sample of the allowed list:
114.30.64.0 - 114.30.71.255
114.30.96.0 - 114.30.127.255
114.31.72.0 - 114.31.79.255
114.31.96.0 - 114.31.103.255
114.31.192.0 - 114.31.207.255
114.72.0.0 - 114.78.255.255
114.111.128.0 - 114.111.159.255
114.129.128.0 - 114.129.191.255
114.141.96.0 - 114.141.111.255
114.141.192.0 - 114.141.207.255
114.142.160.0 - 114.142.175.255
114.198.0.0 - 114.198.127.255
114.198.248.0 - 114.198.255.255
115.30.32.0 - 115.30.63.255
115.31.88.0 - 115.31.95.255
115.42.0.0 - 115.42.63.255
115.64.0.0 - 115.64.255.255
115.69.0.0 - 115.69.63.255
115.69.160.0 - 115.69.191.255
~snip~

User avatar
weiyun
Posts: 4173
Joined: 17 Nov 2006, 22:32
Location: Birchgrove
Contact:

Postby weiyun » 08 Jan 2011, 13:43

We do have members on O/S trips, going through corporate networks that's located O/Ss, and then there are international visitors. With such a ban rule, this forum is going to opt out of the "Internet" as we know it.

Question is, why are we being targeted? Is there something particularly vulnerable in our forum setup?

User avatar
jimmy
Posts: 988
Joined: 13 Nov 2006, 10:15
Contact:

Postby jimmy » 08 Jan 2011, 13:50


User avatar
Karzie
Posts: 709
Joined: 03 Nov 2008, 17:14

Postby Karzie » 08 Jan 2011, 22:21

Might be worth having a talk to whoever does security for the ISP. They've been dealing with this sort of crap for years.

User avatar
Stuart
Posts: 2568
Joined: 11 Mar 2008, 10:43
Location: Dulwich Hill

Postby Stuart » 10 Jan 2011, 08:02

@James - thanks for the links to the anti-spam add-ins. I've downloaded the pictures one to install soon. I did however change the user registration graphic from the easiest one to the hardest one to see as it's in 3D and we've had no new SpamBot registrations for over 24 hours. I'll still install the picture one though.

@Weiyun - I hadn't even thought about when people are OS!

User avatar
Toff
Posts: 1215
Joined: 20 Sep 2007, 14:34
Location: Stanmore

Postby Toff » 12 Jan 2011, 19:30

Stuart, why don't you require new members to undergo a verification process before being able to post? I.e. new members provide an e-mail address and a 2 line summary about why they want to join, including where they live. Once you review their answer, you can e-mail them a confirmation password to access the site.

Involves a small amount of work every now and then to verify the legit members, but I'm sure it would involve less time than you are currently spending killing all the bots.

User avatar
mikesbytes
Posts: 6991
Joined: 13 Nov 2006, 13:48
Location: Tempe
Contact:

Postby mikesbytes » 12 Jan 2011, 22:18

Spammers are currently attacking usernames on various forums, applying generic passwords to try to highjack the username. Anyone with a simple password should upgrade it to something more difficult to crack

User avatar
Stuart
Posts: 2568
Joined: 11 Mar 2008, 10:43
Location: Dulwich Hill

Postby Stuart » 13 Jan 2011, 10:54

Stuart, why don't you require new members to undergo a verification process before being able to post? I.e. new members provide an e-mail address and a 2 line summary about why they want to join, including where they live. Once you review their answer, you can e-mail them a confirmation password to access the site. Involves a small amount of work every now and then to verify the legit members, but I'm sure it would involve less time than you are currently spending killing all the bots.
At the moment I use the built-in registration process. After a user registers an email is sent to me and I then have to verify that the user is legit before they are allowed to post to the forum. This is normally not too onerous as we get about 1-2 a week at most. After the change I made to the anti-spam security code the bots that use OCR to create accounts have been foiled, so far.

I will implement the photo based one but just don't the time at the moment.

User avatar
mikesbytes
Posts: 6991
Joined: 13 Nov 2006, 13:48
Location: Tempe
Contact:

Postby mikesbytes » 14 Jan 2011, 07:53

I can get you a list of 31,000 banned IP's if you want it

User avatar
jbcow
Posts: 293
Joined: 12 May 2009, 07:18
Location: Redfern
Contact:

Postby jbcow » 14 Jan 2011, 21:46

FWIW I was banned from the forums while travelling in India. But that could have been a transient state, I gave up trying. It now works back home.

User avatar
T-Bone
Posts: 1933
Joined: 21 Nov 2006, 22:50
Location: Up the Hill

Postby T-Bone » 16 Jan 2011, 12:12

Looks like the bots are at it again....

User avatar
Stuart
Posts: 2568
Joined: 11 Mar 2008, 10:43
Location: Dulwich Hill

Postby Stuart » 17 Jan 2011, 08:16

Looks like the bots are at it again....
Yes indeed they are back - I've changed the Anti-Bot graphic again to the hardest one. I deleted all the new registrations but didn't bother to ban the IP's.

Mike - can you mail me to my IBM address the list from the ACF as offered above? Thanks.

User avatar
Stuart
Posts: 2568
Joined: 11 Mar 2008, 10:43
Location: Dulwich Hill

Postby Stuart » 25 Feb 2011, 10:25

Update: I've now included a very simple anti-SPAM test for registration that appears to be working very well. Got the info from the phpBB forum.

It's a simple question that asks if you're a spambot or not with the default set to yes, which of course stops you being registered.

I have also deleted all the entries in the banned IP list via the mySQL DB as they were not working at all and stopped legitimate users from accessing the forum while overseas.


Return to “News and Announcements”

Who is online

Users browsing this forum: No registered users and 4 guests