b2evolution doesn't have an easy way to block specific ip addresses. Most abuse comes through proxy servers, so blocking ips can get to be useless or even counterproductive. A well made .htaccess file is the best way to deny traffic from specific ips. It's stops the abuse before it even reaches the scripts and begins taxing your server and eating up bandwidth. There are some good tips for fighting spam, including .htaccess code in [url=http://forums.b2evolution.net/viewtopic.php?t=3764]this thread[/url].

This is worth reading about blocking undesired IP adresses:

• [url=http://wonderwinds.com/hackblog.php/2005/08/24/yaash_banning_ips_in_your_back_office]YAASH - banning IPs in your back office[/url]

[*][url=http://forums.b2evolution.net/viewtopic.php?p=23293#23293]BlockUntrustedVisitors()[/url][/list:u]

@ KWA

this is the most useful hack at the moment. I got over 2000 spam attacks from one IP.

two clicks and everything was deleteted!!! WOW gerat hack :p

Anyway, I will continue my fight against spam!

Thanx KWA

kwa wrote:

This is worth reading about blocking undesired IP adresses:

• [url=http://wonderwinds.com/hackblog.php/2005/08/24/yaash_banning_ips_in_your_back_office]YAASH - banning IPs in your back office[/url]

• [url=http://forums.b2evolution.net/viewtopic.php?p=23293#23293]BlockUntrustedVisitors()[/url][/list:u][/quote]

What's the main difference between both hacks ?

kwa may have a different view, but to me the key difference is that YAASH hack is reactive to your specific blog and BlockUntrustedVisitor uses some external resources to block theoretical spammers up front. In other words YAASH requires that you get spam to know which IPs to block. Having once been banned from a site that relied on a dsbl type of thing I decided they weren't a good way to go - false positives are too probable. That's just me though.

You're right, EdB, using DNSBLs creates some false positives, especially on dynamically allowed IPs with users' computers hijacked by some trojans. However (and you're right we disagree on that point), I believe the false positive (legitime visitors) are few enough compared to the true positives (real spammers) to still using DNSBLs on my site.

In fact, I do not know any anti-spam technique garanteed 100% perfect. Either you agree to have some false positives (and some legitime visitors cannot access to your site), either you agree to have some spam.

Anyway, I use external resources like the one implemented in [url=http://forums.b2evolution.net/viewtopic.php?p=23228#23228]BlockUntrustedVisitors()[/url] to block spam in order to reduce the cost of the anti-spam battle. I really cannot afford spending my time continuously updating antispam blacklists... So I trust others to do so.

That's a great way to sum it up: false positives or positive spam.

I will disagree vehemently on one point though: being blocked by a list has NOTHING to do with a compromised computer!!! Given that IPs are, for the most part, shared all you have to do is get an IP from your ISP that was once used by a spammer and happened to be reported to the third party and ended up on their 'bad IP' list. It has NOTHING to do with a hijacked PC! In my case I used a major-mongo dialup ISP in the US. I shared my IP with a billion other dialup losers, and we all would have been banned from a site that asked for help in these forums.

I'm on a cable connection now, but still suffer a similar fate on a site I like to download videos from. The site owner thinks IP = individual user, and therefore allows X megs per IP. I have to visit at 3am local time to be the first in line for the daily limit. The US market is such that everyone in my area on cable has my ISP, which means they're probably on the same IP that I get. Such is life eh?

For me I've started over with the antispam keyword list. I tweaked a file to allow keywords with 4 characters so I can ban .to/ and .cn/ for example. Am I blocking good guys as well as bad? YUP!!! Is that another version of false positive? YUP!!! Guess I decided those FPs are okay :roll:

My sister's computer has been hijacked by a trojan program and its IP has been blacklisted by several DNSBLs. I believe there are more unprotected zombie computers than spammers on the Net.

I was using b2evolution's standard blacklist and another referrers blacklist in a .htaccess file as well, and a few other antispam solutions. After my host complained about my site's CPU usage, I discovered all my antispam solutions took about 80% of the server's CPU time when displaying a web page. I tried to externalize my antispam protection since then...