Block Obsessive Spam Bots by Redirecting their IP address

//

I had a major problem on two forums with obsessive spam attacks. These are the aggressive spambots which repeatedly attack every two minutes, clogging the forum logs with error messages.

Kaptcha was in place for sign ups, but sometimes human spammers sign up then add the details (login + password)  to a spambot script.

1. You add a ban trigger which stops them from posting – They continually try to post spam

2. You add a ban trigger which stops them from logging in – They continually try to login

3. You delete the account and ban the IP, Email address, User name – They come back with different details

I was at my wit’s end so I decided to try and use an htaccess file with a rewrite permanent redirect.

I Googled and found these two sites: HERE and HERE.

This is the result:

RewriteEngine On
RewriteBase /
RewriteCond %{REMOTE_ADDR} ^94\.23\.216\.104$ [OR]
RewriteCond %{REMOTE_ADDR} ^94\.23\.216\.103$ [OR]
RewriteCond %{REMOTE_ADDR} ^62\.60\.136\.28$ [OR]
RewriteCond %{REMOTE_ADDR} ^94\.23\.207\.161$ [OR]
RewriteCond %{REMOTE_ADDR} ^61\.145\.121\.124$ [OR]
RewriteCond %{REMOTE_ADDR} ^94\.23\.216\.105$ [OR]
RewriteCond %{REMOTE_ADDR} ^94\.23\.216\.106$ [OR]
RewriteCond %{REMOTE_ADDR} ^212\.117\.162\.244$ [OR]
RewriteCond %{REMOTE_ADDR} ^216\.224\.124\.124$ [OR]
RewriteCond %{REMOTE_ADDR} ^212\.117\.164\.65$ [OR]
RewriteCond %{REMOTE_ADDR} ^91\.121\.109\.65$
RewriteRule .* http://www.usdoj.gov/criminal/cybercrime/cyberstalking.htm [R,L]

My domains are hosted at ICDsoft on Linux servers and have the mod rewrite engine turned off by default. So that had to be enabled. Below that are the Rewrite Conditions which basically tell the server to redirect the incoming IP addresses to the Cyberstalking page of usdoj.gov, which is very apt site for the bastards (spambots) to end up.

I basically have a clean error log directory now, and if a new spambot gets through, I just add its IP to htaccess, and redirect it well away from my forums.

Many people who use Linux have Linux forums, mine are Smf hosted at ICDsoft, and I thought that this info may help some of you fight back the ever increasing spam attacks.

Incidentally, the support at ICDsoft is awesome, I have 4 servers and many sites hosted with them and can do nothing but recommend the quality:

Advertisements

2 thoughts on “Block Obsessive Spam Bots by Redirecting their IP address

  1. And the the … ah, gentlemen … change their ip.

    I know some people who block by country of origin, but I hate to lock out legitimate folks.

    What I do is an exponential aggressive approach. I have typical spam filters that look for stop words, excessive links and all that, but sometimes they can get by that, so my commenting code keeps track of when you posted and how many times you've posted. So – your first comment, whether seen as spam or not, sets your ip to “1”. You won't be allowed to post again for 30 seconds. If you do happen to make a second post, you can't make a third post for 240 seconds (2^3 * 30). You have to wait a lot longer for the fourth: 3^3 * 30 seconds and even longer for the fifth: 4^3 * 30. I reset the stats at midnight.

    Legitimate people seldom make more than 2 posts per day and if they do, they are far enough apart that they never get bitten by this. Spammers want to flood the site, but the best they get is one post (which may get filtered anyway).

    If I do keep seeing the same IP for spam or too many attempted posts, I put it in .htaccess for a week and then take it out. Sometimes it goes right back in the next day, but it's all automated so I don't care.

  2. I am lucky with Kismet on this WordPress blog, and in any case, I personally allow all comments, so nothing gets posted here without my interaction.
    A forum however is a different matter, as I posted above. Then when you Admin two or three, you can have your work cut out for you.
    I was seriously thinking about blocking China completely, but as you said, that means you block out legitimate users as well.
    We also had a problem with Russian spammers at Dreamlinux Forums, but of course, no complete block was possible there either due to the fact we have a Russian support board.

    So far, the IP redirect on htaccess is doing it's job, and as I have said, it's far less work to add a rogue IP to htaccess than to keep cleaning out error logs.

    I fear that the worst is still to come, as spammers get more and more cunning. The worst are the human spammers who spend hours signing up on forums with the same uname and pwd, then passing the details to spammers. You just have to bevigilant. Luckily at Dreamlinux forums and the Linux Hardcore we have a great team of Mods.

    rich

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s