Recent Topics
  1. b2evolution CMS Support Forums
  2. b2evolution Support
  3. Plugins & Extensions
  4. Fighting spam!
  5. Show me all spam from one IP

Show me all spam from one IP

1 Sep 29, 2005 21:25    

This a hack on top of a hack. I have modified [url=http://forums.b2evolution.net/viewtopic.php?t=5489]EdB's stupendous b2antispam.php[/url] file to add a couple of tiny features. So this requires that you're already using EdB's hack for b2evolution 0.9.1 Complete that hack, including the changes to other core files, then replace his b2antispam.php file with mine:

http://www.brendoman.com/b2e/admin/b2antispam.php.txt

Here's what's new. When you see some spam on your stats page, click the Ban icon and you're taken to a list of hits from that site just like normal. But wait, look at the IP address. It's a link now! Click on it and you'll be shown a list of all hits from this IP address. Now you've got a ban icon for each domain, so you can ban other keywords if the spammer is hitting you with several domains from one IP.

Once you're done with that, you can click 'Delete' to drop all remaining hit log hits from that IP.

But wait, there's more! Look at the top of the b2antispam.php source code. Change the $append_htaccess to a 1, put in the correct path to your .htaccess file, and make sure the file is writable, and when you delete hits from an IP address, you also add that IP address to your .htaccess file and deny all traffic from it. This is disabled by default because you'll get errors unless you have the file writable (and you may not even want to do that, for security reasons).

This really only comes in handy for that rare spammer that hits you with 20 different domains, but he's using the same IP for all of them. This helps you track down all the others once you find one of them. I was doing manual MySQL queries to find spam, so I thought I would just add this function to the file. If you have ideas for improving this, let's hear them.

While I was playing around with this I noticed something interesting. I was able to see all reflog hits from the spammer, including the first time they found my site. They came from a search engine and I was able to see what search terms they used to find me. And, in conclusion, spammers, I hope you die a slow, painful death and rats gnaw your eyeballs out and your grandma unkowingly eats your large intestine on an episode of Bulgarian Fear Factor.

Back to top

2 Sep 30, 2005 04:51

This is cool! After a buncha WinMerge work I upgraded to v91b and wanted to pop this in to see how it worked. Thanks! Got me thinking maybe my ban-by-ip hack can have a new life after all...

Back to top

3 Sep 30, 2005 16:09

personman wrote:

While I was playing around with this I noticed something interesting. I was able to see all reflog hits from the spammer, including the first time they found my site. They came from a search engine and I was able to see what search terms they used to find me.

I like the idea of tracking spammers. When reporting to a centralized spammer list, it could be possible to track them through several sites!

The [url=http://www.projecthoneypot.org/]Project Honey Pot[/url] appears to be very interesting, even if it tracks e-mail harvesting and not blog spam.

Back to top

4 Oct 17, 2005 14:32

If you need a list of sites for a blacklist, here is my collaboration...

The following domains/IPs created a VERY high load in my mysql server
almost dropping all the box

r11-n37.esthost.com
69.50.170.34-reverse.atrivo.com
13.137.226.200.in-addr.arpa.ig.com.br
10.137.226.200.in-addr.arpa.ig.com.br
200.118.2.214
12.137.226.200.in-addr.arpa.ig.com.br
61.50.187.136
9.137.226.200.in-addr.arpa.ig.com.br
11.137.226.200.in-addr.arpa.ig.com.br

Back to top


Form is loading...