|
|
Posted by Allodoxaphobia on 05/24/07 15:53
On Thu, 24 May 2007 12:58:42 +0200, Schraalhans Keukenmeester wrote:
>
> (So I'm still interested in alternatives)
Don't even let them get that far. Using .htacces in your messageboard's
directory, block the bastards before they even get to fetch a page. I
put my messageboard(s) one directory *lower* than their higher-level web
pages -- just to reduce the overhead for that .htaccess DENY processing
for all other 'normal' browsing.
I also put a
Disallow: /xxxxx/yyyyy/msgboard
in robots.txt to keep the
messageboard(s) directory out of the search engines. Believe me: That
really helps. My first couple of messageboards were *not* implemented
that-a-way, and I had Big Problems with them. After I learned this
trick, subsequent messageboards I put up have had *NO* spammer postings.
After all, why post spam on a messageboard that Google will never offer
up? Too, I believe that the spammers use software _to find_ the
messageboards _using_ the search engines.
My message boards are all US-centric, so I can
exert some heavy-handed blocking. Here's an extract from my .htacces:
-------------------------------------------------------------------------
# 403 Forbidden for (lots of) the spammers' trojanned botnet machines
order allow,deny
allow from all
# Handle rDNS nets -- if available.
deny from .bbtec.net
deny from .bezeqint.net
deny from .sagonet.net
# 058/8 APNIC (whois.apnic.net)
# 059/8 APNIC (whois.apnic.net)
deny from 58.0.0.0/8
deny from 59.0.0.0/8
# 61/8 APNIC (whois.apnic.net)
# 62/8 RIPE NCC (whois.ripe.net)
deny from 61.0.0.0/8
deny from 62.0.0.0/8
# OrgName: Sago Networks
# inetnum: 65.110.32.0 - 65.110.63.255
deny from 65.110.32.0/19
# Specific machines in ARIN / LACNIC
#!!! !!!! 67.190.x.x IS PROBABLY ME!
deny from 64.246.44.4
deny from 65.165.10.1
deny from 66.139.76.245
deny from 66.165.172.163
deny from 66.192.59.18
deny from 66.228.143.9
deny from 67.128.15.151
deny from 67.128.15.151
deny from 68.250.254.137
deny from 68.81.240.5
deny from 69.119.234.228
deny from 70.234.81.185
deny from 71.145.191.48
deny from 72.232.39.162
deny from 72.32.59.213
deny from 72.36.252.178
deny from 128.121.50.31
deny from 201.28.107.230
deny from 201.34.32.42
deny from 201.36.161.104
deny from 201.38.194.188
deny from 201.57.112.148
deny from 201.80.46.24
deny from 206.222.15.114
deny from 209.6.158.223
deny from 209.51.221.58
deny from 209.147.47.74
deny from 209.190.6.194
deny from 209.190.9.26
deny from 209.190.23.50
deny from 209.190.38.42
deny from 209.190.39.210
deny from 216.144.234.2
deny from 216.144.235.139
deny from 216.27.182.198
# 080/8 RIPE NCC (whois.ripe.net)
# 081/8 RIPE NCC (whois.ripe.net)
# 082/8 RIPE NCC (whois.ripe.net)
# 083/8 RIPE NCC (whois.ripe.net)
# 084/8 RIPE NCC (whois.ripe.net)
# 085/8 RIPE NCC (whois.ripe.net)
# 086/8 RIPE NCC (whois.ripe.net)
# 087/8 RIPE NCC (whois.ripe.net)
# 088/8 RIPE NCC (whois.ripe.net)
# 089/8 RIPE NCC (whois.ripe.net)
# 090/8 RIPE NCC (whois.ripe.net)
# 091/8 RIPE NCC (whois.ripe.net)
deny from 80.0.0.0/8
deny from 81.0.0.0/8
deny from 82.0.0.0/8
deny from 83.0.0.0/8
deny from 84.0.0.0/8
deny from 85.0.0.0/8
deny from 86.0.0.0/8
deny from 87.0.0.0/8
deny from 88.0.0.0/8
deny from 89.0.0.0/8
deny from 90.0.0.0/8
deny from 91.0.0.0/8
# 121/8 APNIC (whois.apnic.net)
# 125/8 APNIC (whois.apnic.net)
deny from 121.0.0.0/8
deny from 125.0.0.0/8
# inetnum: 134.157.0.0 - 134.157.255.255
# descr: 4 Place Jussieu, 75252 Paris CEDEX 05, France
deny from 134.157.0.0/16
# inetnum: 138.195.0.0 - 138.195.255.255
# descr: Ecole Centrale Paris
deny from 138.195.0.0/16
# inetnum: 148.233/16
# address: 01900 - Ciudad de México - DF
deny from 148.233.0.0/16
# 193/8 RIPE NCC (whois.ripe.net)
# 194/8 RIPE NCC (whois.ripe.net)
# 195/8 RIPE NCC (whois.ripe.net)
deny from 193.0.0.0/8
deny from 194.0.0.0/8
deny from 195.0.0.0/8
# inetnum: 200.37/16
# owner: Telefonica del Peru S.A.A.
deny from 200.37.0.0/16
# inetnum: 200.55.96/19
# address: C1214ADG - Buenos Aires -
deny from 200.55.96.0/19
# inetnum: 200.64/15
# address: 01900 - Ciudad de México - DF
deny from 200.64.0.0/15
# inetnum: 200.67.30/24
# address: 01900 - Mexico DF - DF
deny from 200.67.30.0/24
# inetnum: 200.71.60/22
# address: 0 - Bogotá - DC
deny from 200.71.60.0/22
# inetnum: 200.80.128/19
# address: C1063AB - Buenos Aires
deny from 200.80.128.0/19
# inetnum: 200.90.188.72/29
# address: 02 - santiago -
deny from 200.90.188.72/29
# inetnum: 200.185.224/19
# address: 05425-902 - São Paulo - SP
deny from 200.185.224.0/19
# inetnum: 200.223.210.200/29
# address: 48110-000 - Catu - BA
deny from 200.223.210.200/29
# inetnum: 201.10/16
# owner: Brasil Telecom S/A - Filial Distrito Federal
deny from 201.10.0.0/16
# 202/8 APNIC (whois.apnic.net)
# 203/8 APNIC (whois.apnic.net)
deny from 202.0.0.0/8
deny from 203.0.0.0/8
# 210/8 APNIC (whois.apnic.net)
# 211/8 APNIC (whois.apnic.net)
deny from 210.0.0.0/8
deny from 211.0.0.0/8
# 213/8 RIPE NCC (whois.ripe.net)
deny from 213.0.0.0/8
# 217/8 RIPE NCC (whois.ripe.net)
# 218/8 APNIC (whois.apnic.net)
# 219/8 APNIC (whois.apnic.net)
# 220/8 APNIC (whois.apnic.net)
# 221/8 APNIC (whois.apnic.net)
# 222/8 APNIC (whois.apnic.net)
deny from 217.0.0.0/8
deny from 218.0.0.0/8
deny from 219.0.0.0/8
deny from 220.0.0.0/8
deny from 221.0.0.0/8
deny from 222.0.0.0/8
--------------------------------------------------------------
In my messageboard logic, I log (among a few other things) the ip
address of the poster. I then cross-check these ip's against assignments
here:
http://www.iana.org/assignments/ipv4-address-space
Using cli whois on an ip, you should be able to cobble up netblock
ranges for certain ranges that have no business in your message board.
HTH
Jonesy
--
Marvin L Jones | jonz | W3DHJ | linux
38.24N 104.55W | @ config.com | Jonesy | OS/2
*** Killfiling google posts: <http://jonz.net/ng.htm>
Navigation:
[Reply to this message]
|