Spammers....How to get rid of them easy?

Posted: Mon Nov 27, 2006 7:56 am

The Spammers have GOT my number for whatever reason. I am deleting 10 plus accounts a day from these fools.

My question is does anyone know where there is User Account MOD that I can delete the account and ban the IP in one stroke?

Here is what I am thinking. I use Ravens Info Block....when I hit "New Today" or "New Yesterday" I would like to get the list and at the end of the list, I would like the IP address and drop down that says....Delete....Delete and Ban IP. Once completed....I would like it to return to the same page.

Does this already exist somewhere or do I need to sit down and create it?

I can not be the only one putting up with these A kaching!

O's . Enough is enough already!

Dawg

Sells PC To Pay For Divorce Joined: Posts: 5661

no it doesnt exist....so you have sit down and create it.. Sad

but ms analysis pro lets you easely delete users.and it shows the ip easely...
could be a solution...

Posted: Mon Nov 27, 2006 3:42 pm

Well....

I tell ya what.....If You guys don't mind helping me along with it. I will do just that! I already know (I think) how to do the IP and the delete thing. What I don't know how to do is the ban IP thing.

If you happen to know where a chuck of code is for banning the IP and writing it to a htaccess file is (I know it is in Sentinal somewhere) I will sit down and tap this puppy out! Cause these A kaching!

O's have got to GO! OF coarse what ever I build will be detailed here and avaible GPL.

Thanks!

Dawg

Posted: Mon Nov 27, 2006 5:34 pm

Function admin_bann_ip($ip){
global $db, $prefix, $admin;

//block them through SQL
$sql='INSERT INTO '.$prefix.'_nsnst_blocked_ips VALUES(\''.$ip.'\',\'1\',\'\',\'\',\'\',\'Banned by ADMIN\',\'11\',\'\',\'\',\'\',\'\',\'\',\''.$ip.'\',\'\',\'\',0,\'\')';
$sql=stripslashes($sql);
$result=$db->sql_query($sql);

//Write them to .htaccess
if(file_exists('.htaccess')){
$fp = fopen (".htaccess", "a");
fwrite ($fp, "deny from $ip\n");
fclose ($fp);
}
}

Theres a function I just wrote for you, tested as well. This will write them to the database and to the .htaccess, now all you need to do is create a script that you put there ip in, somehow, perferably a $_post method, and then insert their ip into this function. Easy as pie now.

Posted: Mon Nov 27, 2006 6:38 pm

I had a couple recent attacks using news comments. I only allowed comments for registered users. So of course the idiots registered and spammed old articles where their spam might not be so apparent right away. Once I caught it I banned them and deleted their userids. However, in going thru the comments one thing I saw is that they used a different IP for every comment ... pretty much anyway. So banning IP's is not going to be the end of it.

One approach, which I've taken (at least temporarily) is to shut off comments for news articles. At least that way they can't hide them in old articles. A better YA modules, somewhat along the lines of Approve Membership but not requiring changes to core tables or code would be one step towards a longer term solution. There could also be some "artificial" intelligence put into comments filters so if someone starts adding a half dozen comments or more in a short period of time they at least get brought to an admin's attention, if not banned.

Posted: Mon Nov 27, 2006 6:56 pm

a captcha system would be a nice addition as well.

Posted: Mon Nov 27, 2006 9:58 pm

Dark,
Thank You for the code. I will be gone tomorrow all day but I will tinker with it over the next couple of days and see if I can piece it together.

Are they using scripts to register these accounts? I do not think so....but would not be suprized.

Banning their IP may not completly stop them...but it is someplace to start.

Dawg

Posted: Tue Nov 28, 2006 6:39 am

Dawg, check your access logs too and see if their referrer is blank or "-". If so, I stopped an unsophisticated spammer recently who was submitting tons of web links (stupid... how this person would think that I would approve them or let anyone post anything... he didn't get the "hint"). Each time was a new IP, so either using proxies, compromised servers, or ?????

Anyways, since a normal user would be clicking links from YOUR site to add comments (or in my case Web Links) as apposed to using some automated "bot", I used this to stop him:

#
# Try to stop Add Links from external sources
#
RewriteCond %{QUERY_STRING} ^(.*)name=Web_Links(.*)
RewriteCond %{HTTP_REFERER} ^$
RewriteRule ^.*$ [ Only registered users can see links on this board! Get registered or login! ] [R=301,L]

After I added this to my .htaccess, NO MORE of these !@#$%^ links to delete.

You may be able to adapt the concept to your situation.

Posted: Tue Nov 28, 2006 6:50 am

Perhaps this is something Guardian can incorporate in his SpamBlocker module?

Also his Comments module is useful for reviewing comments received, again maybe some of this could be incoporated in this?

Guardian?

Posted: Tue Nov 28, 2006 6:57 am

I have been contemplating that as well. The thing is, it might be difficult to generalize. I really want to limit the "submission" process to internal links only and I may still work on that, but then you have to realize that search engine's are also potentially caching those !@#$^& admin/submit type links... Something more to think about... hhhmmmmmm.....

Idea

Posted: Tue Nov 28, 2006 9:51 am

How bout a cookie check for the bots on the submittion??
If you block referrers from other pages, the hackers will use anther bot that goes through the site, but no bot I know of can except cookies, and if they try to submit something, use a cookie check and block them if cookie is not Generated, Just block them from submitting, I wouldnt block them completely.
Just a thought.

Posted: Tue Nov 28, 2006 3:46 pm

If the client isn't using an actual browser, rather a script, then a cookie won't do much.

Posted: Tue Nov 28, 2006 8:37 pm

Evaders, I was thinking that if the cookie Could not be found after trying to set it, kill the script, dont block so google and such can still get through, but make it so the script wont process if cookies are not turned on.

Posted: Tue Nov 28, 2006 9:41 pm

However, I could write a quick VB app that would use the IE APIs and essentially use IE's core to do whatever the heck I want in an automated fashion... (at least I think it would be possible...) I am seeing alot of "Mozilla" user agent entries in my access logs that I am suspicious about (just based on their "pattern of travel").

Not really sure if I'm barking up the wrong tree, or if I am really just needing a very long vacation...