About ads spam

Started by BenYeeHua, July 19, 2014, 07:37:22 PM

Previous topic - Next topic

BenYeeHua

Look like they has a similar IP address, if they keep spamming, you may wanna add the IP range into the Ban list Temporary.

And, remember to choose"Ban will expire after: x day(s)" as the IP should be dynamic IP, except you believe that it is Static IP, or that guy rarely disconnect his modem. :)
For how many days it should be, I think 3 days should be enough, if the same IP address keep showing up again, then ban the IP a week, then a month, not recommend ban the IP address more than 1 month.
Except you believe it is a Static IP, then the expires should be 3 days, a week, a month, a year.
PS:You can also just ban it a week, it should not be a issues.

If you wanna share or say something about ads spam, just reply here. ;)

BenYeeHua

I has added 2 ban trigger, which is:
1.*+*@gmail.com
2.*.*.*@gmail.com

If you believe this will affect normal user, please:
1.Disable it
2.Make the trigger better

And inform me. :)
---
And yup, don't add *.*@gmail.com, or our Jeremy(jeremy.collake) will not allowed to login. ::)
---
As the + is Regular expression, and less spam will use this, so I removed it.
---
Changed it to *.*.*.*@gmail.com, as it look like not much people will only add 1-2 dots to bypass the trigger or filter.

BenYeeHua

As you may know, I has start banning many server bot(and some of them are mostly VPN, and I named it as VPN), but because of my mistake, some of the IP range is not banning completely.
So if you found it, you can just fix the IP range directly, or tell me, and I will fix it later. :)
----
And ya, if you having some free time, please check some server IP range, and disable+report to me if it is used for VPN/Normal user.

Jeremy Collake

I appreciate your efforts!

Honestly, I don't have time to keep track of forum registrations. I've got so much else to do.

If you even *think* any bans may be a problem with regular users, I recommend not using them - better to be safe than sorry. Bans are rarely effective against spam bots and human spammers, but often hit regular users.
Software Engineer. Bitsum LLC.

BenYeeHua

Quote from: support on August 03, 2014, 04:04:15 PM
I appreciate your efforts!

Honestly, I don't have time to keep track of forum registrations. I've got so much else to do.

If you even *think* any bans may be a problem with regular users, I recommend not using them - better to be safe than sorry. Bans are rarely effective against spam bots and human spammers, but often hit regular users.
Ya, I had check some IP address to see did there is normal user or not, or even spam bot.
If it is, then I will just disable the ban, or just split it to VPN user and hosting server bot if I has the time.

And ya, I mark it as rare/normal/high active etc., so if there is at least a VPN user reporting about the ban, and it is not high active(so far only colocrossing is on the list), then just disable it. :)
-----
Anyways, if any admins wanna start ban the server IP address, here is the tools.
http://tools.whois.net/whoisbyip/
http://bgp.he.net/
https://www.cidrcalculator.com/ipv4/cidr-to-ip-range-bulk/?cy=USD

Check the whois of the IP first, then you will found the keywords.
Then find at the BGP, you will get the list of the keywords, better not using the IP that is showing inside the ASXXXXX, as it is not complete IP range, but you can use it as a compare, as some of them might not under the company name now.
Last, just copy the list, use notepad++ etc to remove the words like country and company name, then you can start find the IP range and ban it, most of the time it is split to a few part, so you can just find the min and max range, and write it as xx.xx-xx.* :)

Of cause, I will suggest you to check the IP, except the IP range is too much, normally it should has time to check for it.

BenYeeHua

And ya, funny facts, they still log-in to their old account even it is banned. ;D
For example.
https://bitsum.com/forum/index.php?action=profile;u=7882

BenYeeHua

This is some part of IP range from Nobis, some bots hosting there as they has a huge list of IP address.
I only ban large part of the IP range like x.*.*.*, if you found there are more bot spam with x.x.*.* which is small IP range, you can just take from here, and ban it. :)
23.19.*.*
23.83.0-207.*
23.104-110.*.*
23.111.249-251.*
23.224-225.*.*
23.226.48-63.*
23.235.128-255.*
64.120.1-127.*
67.201.0-7.*
67.201.48-49.*
69.31.107.*
69.147.224-255.*
69.174.60-63.*
70.32.32-47.*
72.37.204.*
72.37.221.*
72.37.222-223.*
72.37.224-231.*
72.37.237.*
72.37.242-243.*
72.37.246-247.*
74.113.144.*
108.62.0-254.*
108.171.33-63.*
108.177.128-255.*
108.187.*.*
142.91.*.*
142.234.*.*
147.255.*.*
162.209.128-232.*
162.209.234*
162.209.237*
162.209.238*
162.222.68-71.*
162.246.185.*
162.246.186.*
167.160.116.*
172.240.*.*
172.241.*.*
172.247.*.*
172.255.*.*
173.208.0-127.*
173.234.*.*
174.34.128-190.*
192.151.236-239.*
192.161.80-95.*
192.163.160-191.*
192.229.64-127.*
192.238.128-255.*
192.253.242-.246.*
196.45.112-115.*
198.48.96-99.*
198.48.100-115.*
216.6.224-239.*

edkiefer

whatever your doing seems to be working .
much less spamming lately .
Bitsum QA Engineer

BenYeeHua

Yup, but I hope I don't ban the wrong server, and make sure I don't ban the ISP for normal user.

And I still has 1 way to reduce the wrong ban, which is allow the register/only disallow post, so if they register, I can check the account and see did it is having ads on their account or not, then I will know it is normal user or not.
But I think I will only do that if it is largely a VPN server IP range.

BenYeeHua

Just check awhile for Ban log and the email to see did there is any normal user, look like OVH Hosting is having most stupid bot ever, which try to register again and again and again and again, and sadly he can only spam the Ban log. ;)
----
Reminder for myself, not ban completely yet, some bot still register from the server, and only ban TOT public company limited.
http://bgp.he.net/AS50915#_prefixes
http://bgp.he.net/AS21479#_prefixes
http://bgp.he.net/AS6876#_prefixes
http://bgp.he.net/AS20860#_prefixes
http://bgp.he.net/AS53889#_prefixes
http://bgp.he.net/AS23699#_prefixes

http://bgp.he.net/AS9737#_prefixes

MS, only ban this when has time.
http://bgp.he.net/AS8075#_prefixes