Quantcast Spammer Dedication Thread (i.e. Sites to Avoid, Things NOT to Buy!) - digitalFAQ.com Support Forum
Go Back   digitalFAQ.com Support Forum > Forum Features > General Discussion

Reply
 
LinkBack Thread Tools
  #1  
11-18-2010, 05:30 AM
admin's Avatar
admin admin is offline
Site Staff / Media Consultant
 
Join Date: Oct 2003
Posts: 4,278
Thanks: 127
Thanked 483 Times in 401 Posts
Note: The list of spammers is in the second section, after the About section.


About This Post

Starting today, this post will be dedicated to all the sites, services and products that attempt to spam this forum. This post shall serve as a warning to all members and readers of this site, as well as anybody that may stumble across it due to a Google search. This post is a list of sites that probably should NOT be used, scammy/spammy services that should be AVOIDED, and items that probably should NOT be bought.

Legitimate companies do not need to spam forums, period!

Most spammers tend to be after little more than your money. And no, I don't mean by way of selling you whatever wares (or more often, warez) that they purport to be selling or offering. No! In many (most?! all?!) cases, these "companies" -- who are often nothing more than shady individuals -- are far more interested in the credit card or debit card details that you'll be providing to them.

Other times, it's merely stupidity and poor choice as a "marketing" method. In my opinion, that simply means these people have no idea how to run a business, so it's still really not a good excuse.

These various sites, businesses, and companies can pose the following risks and dangers to customers:
  • Steals your credit card information -- either to sell to other credit thieves, or to use themselves. In the cases of debit cards, they could drain your entire bank account!
  • Steals your personal information, like your mailing address, to sell to mail spammers and identity thieves, or to use for their own identity theft operations.
  • Steals your email address and sells it to other spammers.
  • Steals your money, by way of not sending/emailing the goods, or of providing the promised services.
  • Provides illegal and/or non-functioning (non-working) products or software.
  • Provides dangerous fakes or knockoffs -- for example, products that could harm your computer (i.e., give you a computer virus, give you malware, turn over control of your computer to hackers and spammers, etc). Or worse, as a harm to your health! (i.e., vitamins, non-OTC drugs, etc)
  • Does not support the item (software, hardware or other product), assuming they actually carry through with the transaction. In other words, bad tech support, bad phone support, no email support, etc. They have your money, they're done with you.
  • Resells free software or information that you could have otherwise acquired for $0 cost, and without providing personal/financial information. In the case of software, many times a new GUI has been created, so that it looks unique when it really is not.
  • Makes promises that are not kept, such as offering "professional" quality (a largely meaningless, overused and abused term), providing "unlimited" support, or even guaranteeing your "money back" if dissatisifed.
  • Offers to sell you things they do not own, such as expiring domain names. The scammers will buy something before you can do so, since they know you're interested, and then offer to sell it at an extorted price.
Beyond all of this, realize that most of these spammers (and the various companies, business, services that they represent or purport to represent) are located in fairly lawless or semi-lawless parts of the world: China, Russia, India, Pakistan, Romania, Vietnam, Korea, Indonesia, Nigeria, etc. So don't expect to easily "file a complaint" or some such naive non-sense. Once you give spammers your personal and financial details, consider yourself screwed.


The List of Spammers
  • wholesale-dress.net - China - 12/2009
  • moyea.com - China - 1/2010
  • saleexplorer.com - Philippines - 3/2010
  • extend-partition.com - China - 7/2010
  • mage-world.com - Vietnam - 8/2010
  • flvassistant.com - China - 10/2010
  • ellamour.com - China - 11/2010
  • swiftprosys.com - India - 11/2010
  • oxfordshireweddingphotographers.com - India - 11/2010
  • umacos.com - China - 11/2010
  • shahpolymers.com - India - 11/2010
  • gpsbuyer.co.uk - India - 11/2010
  • encode-video.com - France - 12/2010
  • sellmyfile.com - Bulgaria - 12/2010
  • dvd-to-ipad-mac.net - China - 1/2011
  • dvdipad.org - China - 1/2011
  • macvideoconverter.org - China - 1/2011
  • ipadtomactransfer.org - China - 2/2011
  • dvdtoipodtouch.org - China - 2/2011
  • dvdshop88.com - China - 3/2011
  • scarygames247.com - India - 3/2011
  • chinazrh.com - China - 3/2011
  • chinazrh.com - China - 4/2011
  • starzmart.com - China - 4/2011
  • earnfromphotos.com - USA (Dallas) - 4/2011
  • easydvdburning.com - Philippines - 4/2011
  • watch-ghost-whisperer-online.com - India - 4/2011
  • watch-six-feet-under-online.com - India - 4/2011
  • kenwoodplc.co.uk - Sri Lanka - 4/2011
  • bestwebmconverter.com - China - 5/2011
  • pandamimi.com - India - 5/2011
  • iteba.com - Pakistan - 5/2011
  • solprint.co.uk - Pakistan - 5/2011
  • goldenwebdesign.com - Pakistan - 6/2011
  • aclickahead.co.uk - Pakistan - 6/2011
  • propadesign.co.uk - Pakistan - 6/2011
  • 24loseweight.com - USA (Dallas) - 6/2011
  • krishnakantsharma.com - China - 7/2011
  • royal.net - Hungary - 7/2011
  • za.com - Lebanon - 7/2011
  • i4infomania.com - China - 7/2011
  • uusher.com - China - 7/2011
  • technihost.com - USA (Ohio) - 7/2011
  • touchdown-marketing.com - China - 7/2011
  • ps3wirelesscontroller.org - China - 8/2011
  • novadisc.net - Philippines - 8/2011
  • rsdis4s.com - China - 8/2011
  • pacifichost.com - UK - 8/2011
  • myfreecashmachine.com - USA (Nashville) - 8/2011
  • seicn.com - USA (Georgia) - 8/2011
  • softwarebbs.com - China - 9/2011
  • hioxindia.com - India - 10/2011
  • hostingcompanieslist.com - India - 10/2011 - Hiox India shill
  • letsbuycoupons.in - India - 10/2011
  • joe118nuggets.com - Philippines - 10/2011
  • aiseesoft.com - South Korea - 11/2011
  • bestcamerareview.us - Bangladesh - 11/2011
  • intopicmedia.com - India - 11/2011
  • bidcandy.com - USA (California) - 11/2011
  • slogant.com - Ukraine - 11/2011
  • griser.com - USA (Colorado) - 11/2011 - InTrust Domains scam
  • teamglobalvision.com - USA (Colorado) - 11/2011 - InTrust Domains scam
  • scenestorm.com - USA (Colorado) - 12/2011 - InTrust Domains scam
  • goldmillion.com - USA (Colorado) - 12/2011 - InTrust Domains scam
  • grupakrwi.com - USA (Colorado) - 12/2011 - InTrust Domains scam
  • marscompanies.com - USA (Colorado) - 12/2011 - InTrust Domains scam
  • epik.com - USA (Colorado) - 12/2011 - InTrust Domains scam
  • dnidomainmarket.com - USA (Colorado) - 12/2011 - InTrust Domains scam
  • intrustdomains - USA (Colorado) - 12/2011 - InTrust Domains scam
  • intrustdomainsstore.com - USA (Colorado) - 12/2011 - InTrust Domains scam
  • domainmatchmakers.com - USA (Colorado) - 12/2011 - InTrust Domains scam
  • remosoftware.com - India - 12/2011
  • olacabs.com - China - 12/2011
  • chinadistributionbox.com - China - 12/2011
  • pairdress.com - China - 12/2011
  • ditla.com - China - 12/2011
  • cheapsportjerseys4sale.com - China - 12/2011
  • bestonlinecabinets.com - China - 12/2011
  • everbuying.com - China - 12/2011
  • rfsupplier.com - China - 12/2011
  • booklet-printing.co.uk - China - 12/2011
  • ahappydeal.com - China - 12/2011
  • honeysbridal.com - China - 12/2011
  • dvdburnerformac.net - China - 12/2011
  • lansia.com - USA (Colorado) - 12/2011 - InTrust Domains scam
  • acorninteriors.com - USA (Colorado) - 12/2011 - InTrust Domains scam
  • newmagazinecity.com - USA (Colorado) - 12/2011 - InTrust Domains scam
  • windowsfilerecovery.net - India - 12/2011
  • remosoftware.com - India - 12/2011
  • kvisoft.com - China - 12/2011
  • hotdvdcollection.com - China - 12/2011
  • slimmingpoint.com - Vietnam - 1/2012
  • ronyasoft.com - Moldova - 1/2012
  • dvdcopymac.net - China - 1/2012
  • swftoaviconverter.net - China - 2/2012
  • daviplastics.com - Vietnam - 2/2012
  • buenojoe.com - Vietnam - 2/2012
  • diyinchina.com - China - 2/2012
  • bizcn.com - China - 2/2012
  • xstudio.biz - China - 2/2012
  • aussiedvdstore.com - China - 2/2012
  • spacespeaks.com - India - 2/2012
  • truckgames27.us - Romania - 2/2012
  • contentcurrent.com - USA (NY) - 3/2012
  • unoeuro.com - India - 3/2012
  • pnpphotography.com - India - 3/2012
  • xdimax.com - Ukraine - 3/2012 - Grex device
  • ritalinworld.com - USA - 4/2012
  • scenicrimcoleyvillelodge.com - Philippines - 4/2012
  • idealdvdcopy.com - USA (proxy) - 4/2012
  • xdimax.com - Ukraine - 4/2012 - Grex device
  • inkelephant.com.au - India - 4/2012
  • pjsqualitybacklinks.com - Philippines - 4/2012
  • paintedsouvenirs.com - Pakistan - 4/2012
  • acupressure-vastu-pyramids.com - China - 5/2012
  • az-streamingserver.com - Egypt - 5/2012
  • az-network.com - Egypt - 5/2012
  • thetrendystyle.com - Pakistan - 5/2012
  • inspiredbc.com - India - 5/2012
  • happinesssale.com - India - 5/2012
  • buytheprice.com - India - 5/2012
  • rediff.com - India - 5/2012
  • masticart.com - India - 5/2012
  • silversunmedia.net - USA (New York) - 5/2012
  • hotdvdcollection.com - China - 5/2012
  • esparkinfo.com - India - 6/2012
  • saraphar.com - Vietnam - 6/2012
  • socialkik.com - Vietnam - 6/2012
  • hotdvdcollection.com - China - 6/2012
  • dvdrippingsoftwares.org - USA (proxy) - 6/2012 - via Hurricane Electric
  • lazada.com.ph - Philippines - 6/2012
  • cheapsneakerspace.com - India - 6/2012
  • yesmybride.com - India - 6/2012
  • superdry-uk-sale.co.uk - China - 6/2012
  • zenninder.com - China - 6/2012
  • 51pp.org - China - 6/2012
  • clickztrax.com - Israel - 6/2012
  • shopbychoice.com - India - 6/2012
  • impactintegration.com - India - 6/2012
  • novadisc.net - Philippines - 6/2012
  • earnmoney.pk - Pakistan - 7/2012
  • dailybargainshop.com - China - 7/2012
  • hd-digital-camera-converter.com - China - 7/2012
  • redbricksmedia.com - Philippines - 7/2012
  • groupondvd.com - China - 7/2012
  • istarusa.com - India - 7/2012
  • infibeam.com - India - 7/2012
  • infibeam.net - India - 7/2012
  • webmoviemaker.com - Denmark - 7/2012
  • top10cloudstorage.com - USA (San Diego) - 7/2012
  • groundforcetraining.com - India - 7/2012
  • watch-internet.tv - Vietnam - 8/2012
  • freeffs.com - Saudi Arabia - 8/2012
  • promotionalvideos.us - Philippines - 8/2012
  • sequd.com - India - 8/2012
  • pcprivacymaster.com - Philippines - 8/2012
  • ezcouponsearch.com - Pakistan - 8/2012
  • videoexplainers.com - Pakistan - 8/2012
  • cardprinting.us - Philippines - 8/2012
  • auqoe.com - Kenya - 8/2012
  • appareldeals.com - India - 8/2012
  • redbricksmedia.com - Philippines - 8/2012
  • redbricksmedia.com - Philippines - 9/2012
  • endicia.com - China - 9/2012
  • epublish4me.com - India - 9/2012
  • shopbychoice.com - India - 10/2012
  • webhostingbreak.com - Bangladesh - 10/2012
  • datalux.com - India - 10/2012
  • nutrihealthsource.com - China - 10/2012
  • esparkinfo.com - India - 10/2012
  • sitewired.net - India - 10/2012
  • socialmediamanagementservices.com - USA (proxy) - 10/2012
  • nandipl.com - India - 10/2012
  • tinydeals.com - USA (proxy) - 10/2012
  • high5store.com - India - 10/2012
  • alladsclassified.com - India - 11/2012
  • stevesims.com - India - 11/2012
  • dekhona.com - India - 11/2012
  • seriesgate.tv - India - 11/2012
  • kiemdinhvn.com - Vietnam - 12/2012
  • tietkiemthoigian.vn - Vietnam - 12/2012
  • qhoster.com - USA (proxy) - 12/2012
  • doadisc.com - Sri Lanka - 1/2013
  • leasededi.com - USA (proxy) - 2/2013
  • high5store.com - India - 2/2013
  • vpshosting.com.hk - India - 3/2013
  • couponswift.com - USA (proxy) - 3/2013
  • superdvdoutlet.ca - China - 4/2013
  • ihsystem.com - India - 4/2013
  • dvdplayer.com.cn - China - 4/2013
  • alladsclassified.com - India - 5/2013
  • clubvps.com - Israel - 5/2013
  • cheapdomainnamesdot.com - Israel - 5/2013
  • womencostume.co.uk - UK (proxy) - 6/2013
  • alladsclassified.com - India - 6/2013
  • homestoreproductsonline.com - USA (California) - 7/2013
  • mmnets.com - USA (California) - 7/2013
  • alladsclassified.com - India - 8/2013
  • clicktale.com - India - 8/2013
  • raymat.co.uk - Pakistan - 9/2013
  • prodatadoctor.net - India - 10/2013
  • idealshare.net - USA (proxy) - 10/2013 - via NLayer
  • firecoresoft.com - UK (proxy) - 10/2013 - via RedStation
  • onlinebingo3.co.uk - India - 10/2013
  • oshopit.com - Canada - 11/2013
  • alladsclassified.com - India - 11/2013
  • macxdvd.com - USA (proxy) - 3/2014
  • freem2tsconverter.com - China - 3/2014


Why Make A List?

The sad truth is that spam only exists because it works. Passively deleting spam, blocking IP ranges, and reporting spam to anti-spam groups like www.StopForumSpam.com is simply not enough to make it go away. Spam will only stop if it ceases to function as an income stream for those that use it. The best way to do this is by suggesting potential buyers shop elsewhere!

Many people will, at very least, run a Google search when they are unsure on whether something is a good buy or a legitimate company, business or service, and hopefully they will find this post. However, if everybody deletes the spam, then Google has nothing to return for those searches!

When somebody searches Google for queries like...
  • Is ___ a legitimate / illegitimate company?
  • Is ___ a scam?
  • Is ___ legal?
  • Is ___ providing illegal software?
  • Is ___ harmful?
  • Does ___ steal credit card information?
  • Identity theft?
  • Does ___ offer good support? Offers no support?
  • ___ does not answer the phone.
  • ___ does not reply to emails.
  • ___ took/stole my money.
  • Is ___ good quality?
  • Is ___ fraud? Shysters? Hucksters? Shills? Fakes?
  • ___ sucks?
  • ___ problems?
  • ___ reviews?
... I want this post to be front and center, on page 1, so they can either see (1) The folly of their ways, or (2) A warning if they're doing pre-sales research! A similar post about bootleg DVD sellers has saved many people on a sister entertainment site.


Disclaimer

This page is not saying that all businesses, services, vendors, individuals, etc -- as found on the list above -- are in any way stealing anything or otherwise engaging in illegal activities. Rather, this post works to do two things (1) List spammers that have put their unsolicited crap on our sites, and (2) List the potential dangers that come with dealing with unknown persons or organizations online whom commonly choose to solicit themselves via "black hat" marketing techniques.

Spammers who wish to be removed from this list will likely have their request ignored -- after all, you wanted your URL posted here, so wish granted! Removal is at my discretion, and mine alone. Note that we may also include non-automated spammy solicitations sent to us through email, including ridiculous takedown notices or threats.

I only wish I'd have thought of this several years ago. The list would probably be 100's of entries long by now!


If you hate spam, too, click the THANKS button!

- Did this site help you? Then upgrade to Premium Member and show your support!
- Also: Like Us on Facebook for special DVD/Blu-ray news and deals!
Reply With Quote
The following users thank admin for this useful post: christiwilsonc (01-01-2012), kcmom (07-04-2012), Kereellis (12-04-2010), kpmedia (11-18-2010), linda deyo (09-21-2011), lordsmurf (11-18-2010), Miketiger (01-18-2011), mlongue1 (11-21-2010), naripeddi (12-01-2011), STEEDA (01-25-2011), Tuco (04-21-2011)
Someday, 12:01 PM
admin's Avatar
Site Staff / Ad Manager
 
Join Date: Dec 2002
Posts: 42
Thanks: ∞
Thanked 42 Times in 42 Posts
  #2  
01-19-2011, 09:26 AM
kpmedia's Avatar
kpmedia kpmedia is offline
Site Staff / Owner
 
Join Date: Oct 2009
Posts: 2,958
Thanks: 195
Thanked 255 Times in 244 Posts
And here's some spammer IP addresses, from identifiable servers that have sent us crap via email. It's interesting how some of the same hosts appear to be listed over and over again (OVH, EIG brands, etc). Note that these are only IPs that have gotten around our existing anti-spam policies -- DNSBL, SpamAssassin, Barracuda, etc.

Spammer IPCountryCity or StateHost / NetworkDomain
46.105.122.125France OVH 
67.192.77.39USASan AntonioHostIreland 
67.222.54.6USAUtahBluehost 
64.34.162.237USASan FranciscoServerbeachmailinator
64.150.160.185USAPhoenixIpower 
69.89.24.6USA BlueHost 
69.89.22.20USA BlueHost 
67.23.166.231USAAshevilleLeapswitch 
74.209.214.9Singapore Vodahost 
78.46.38.85Germany Hetzner 
91.121.154.143France OVH 
94.23.206.71France OVH 
159.25.16.175Germany  10minutemail
178.63.16.253Germany Hetzner 
184.173.0.151USAHoustonpowdevhost.com 
188.165.201.91France OVH 
190.194.96.40Argentina Prima S.A. 
208.90.224.226USA Aeprio Networks 
213.171.216.60UK Fasthosts.co.uk 
216.119.133.2USAHoustonA2 Hosting 
     

These hosts need to be more aggressive about their anti-spam output.

Fasthosts.co.uk via 213.171.216.60 is a multiple repeat offender throughout 2010-2012, and should be ashamed of itself. I've blacklisted the IP locally. It's even worse than OVH is, and OVH is known as the source for a lot of shady activity, due to their extremely low pricing on servers.

- Did my advice help you? Then become a Premium Member and support this site.
- Please Like Us on Facebook | Follow Us on Twitter

- Need a good web host? Ask me for help! Get the shared, VPS, semi-dedicated, cloud, or reseller you need.

Last edited by kpmedia; 09-30-2012 at 10:40 PM. Reason: Updated, sorted. -KP
Reply With Quote
The following users thank kpmedia for this useful post: christiwilsonc (01-01-2012), thirdman2002 (01-24-2011)
  #3  
04-18-2011, 09:23 AM
admin's Avatar
admin admin is offline
Site Staff / Media Consultant
 
Join Date: Oct 2003
Posts: 4,278
Thanks: 127
Thanked 483 Times in 401 Posts
Firewalled:
  • 82.99.30.0 - bad bot / Munax spider (Sweden)
  • 202.72.242.242 - suspicious vBulletin activity (Mongolia)
None of the traffic appears to be legitimate. Bottlenecks the site for no reason.
Suggested firewalling to all admins.

- Did this site help you? Then upgrade to Premium Member and show your support!
- Also: Like Us on Facebook for special DVD/Blu-ray news and deals!
Reply With Quote
  #4  
08-01-2011, 08:42 AM
admin's Avatar
admin admin is offline
Site Staff / Media Consultant
 
Join Date: Oct 2003
Posts: 4,278
Thanks: 127
Thanked 483 Times in 401 Posts
July has been a busy month for spamming, both on this site and on others. Here most spam is blocked by various anti-spam systems. It takes a dedicated nuisance to get far enough to post something -- an actual person, not a piece of spambot software. Of course, it's deleted within minutes (or within hours if done during off hours), so I don't know why the manual spammers bother. It's quite obvious, by looking around the forum, that there are no junk posts, meaning that spam is deleted when found.

Again, companies that spam forums are usually scams or selling junk. Buyer beware.

- Did this site help you? Then upgrade to Premium Member and show your support!
- Also: Like Us on Facebook for special DVD/Blu-ray news and deals!
Reply With Quote
  #5  
10-05-2012, 04:08 PM
admin's Avatar
admin admin is offline
Site Staff / Media Consultant
 
Join Date: Oct 2003
Posts: 4,278
Thanks: 127
Thanked 483 Times in 401 Posts
Within the past 10 days, I noticed the forum sometimes going a tad slower than normal. Not much -- maybe 0.3s (300ms) -- but enough to get my attention. For whatever reason, spam bots have been attempting to register at a rate that I've never encountered to date. The failures database table went from having about 80,000 entries to about 525,000 entries within 10 days! Tens of thousands of attempts per hour. One IP address racked up 30,000+ plus failed attempts within a mere hour or two.

So today I crawled through the database -- because we log failed signups -- and came up with a list of IP addresses that (1) Had zero legitimate sign-ups, and (2) Had at least 1,000 failed attempts in a single grouping. Virtually every one of the IP addresses comes out of China. The IP range for Chinese domain 126.com (120.33.241.0/24) was completely blocked in the main firewall because it had the most malicious DoS-like behavior. Yes, the activity was coming from 126.com itself -- not users using 126.com.

Forum owners reading this should consider adding these ranges to their own sites, to cut down on the stats noise and traffic abuse.

Spammers-only IP block/ban list:
  • 27.159.207.
  • 27.159.217.
  • 27.159.238.
  • 27.159.239.
  • 31.192.105.
  • 36.248.179.
  • 36.248.191.
  • 36.249.164.
  • 46.17.96.
  • 46.17.97.
  • 46.17.98.
  • 46.17.99.
  • 46.17.100.
  • 46.17.102.
  • 58.23.142.
  • 59.58.136.
  • 59.58.137.
  • 59.58.139.
  • 59.58.157.
  • 59.58.158.
  • 59.60.113.
  • 88.190.241.
  • 88.190.244.
  • 91.201.66.
  • 101.85.50.
  • 110.45.138.
  • 110.85.106.
  • 110.86.186.
  • 112.111.164.
  • 112.111.185.
  • 112.111.191.
  • 114.27.0.
  • 115.141.144.
  • 116.238.109.
  • 117.25.148.
  • 117.26.116.
  • 117.26.200.
  • 117.26.201.
  • 117.26.203.
  • 120.37.210.
  • 120.40.148.
  • 120.40.149.
  • 120.40.150.
  • 120.43.4.
  • 121.205.241.
  • 140.224.104.
  • 175.42.81.
  • 175.44.2.
  • 175.44.15.
  • 175.44.27.
  • 175.44.29.
  • 175.44.60.
  • 175.44.61.
  • 184.22.233.
  • 218.66.249.
  • 218.66.253.
  • 218.85.50.
  • 218.86.49.
  • 218.86.51.
  • 218.93.127.
  • 219.133.35.
  • 220.161.150.
  • 222.186.24.
-- Update! Moved to this post:
-- Stop Forum Spam and Blog Spam! - A Free IP Address Block List [DOWNLOAD]

Note that the 4th octet is not required for the firewall I'm using, and is why the IP is only 3 octets long.

- Did this site help you? Then upgrade to Premium Member and show your support!
- Also: Like Us on Facebook for special DVD/Blu-ray news and deals!
Reply With Quote
  #6  
10-10-2012, 08:15 AM
thecoalman thecoalman is offline
Premium Member
 
Join Date: Jan 2005
Location: United States
Posts: 67
Thanks: 0
Thanked 9 Times in 9 Posts
I've used stopforumspam's database with great success, the last 7 days IP list is downloaded automatically every couple of days and I check against that list if they try to load the registration page. If no match is found then the registration proceeds and I directly query the stopforumspam database upon submission. If there is a match the registration appears to go through but the script just exits in reality.

I've been meaning to get around to firewalling the worst offenders at the door but just haven't got to it yet.
Reply With Quote
  #7  
10-10-2012, 09:42 AM
admin's Avatar
admin admin is offline
Site Staff / Media Consultant
 
Join Date: Oct 2003
Posts: 4,278
Thanks: 127
Thanked 483 Times in 401 Posts
Hmmm.... so a double-check against the SFS data?
- A would-be registrar first hits a locally cached weekly IP database, that determines if he can even get to the registration page?
- And then the remote SFS database serves as the second line of defense?

Please... tell me more.

We already do the second one. What I'm curious about is the local caching.

Also: After a person passes the SFS, then he/she must proceed to answer a human verification question that trips most spam bots.
So that serves as a 3rd line of defense, currently our 2nd.


The biggest problem with the built-in vBulletin "user banning" (application firewall) is that it bans not just registrations, but ability to view threads and posts. You have to leverage .htaccess or web.config webserver firewalling against the register.php file, to only block sign-up and not viewing. For convenience, our most recent blocks were in the vB firewall, but I'll be migrating it only hit against the register.php in the near future.

I don't really care all that much about the IPs entered most recently -- all are from China, and this site neither targets nor benefits from Chinese traffic anyway. But I will look at banning Pakistan, Russia, and some other countries in the future; however, I don't want to ban their ability to read, just the ability to register and post crap. We can manually register the infrequent legitimate user manually, by way of an alternate manual sign-up form that is moderated. It would be helpful to know more about your SFS pre-blocks here, too, because that could be leveraged against access to the moderated sign-up forms.

- Did this site help you? Then upgrade to Premium Member and show your support!
- Also: Like Us on Facebook for special DVD/Blu-ray news and deals!
Reply With Quote
  #8  
10-10-2012, 07:59 PM
thecoalman thecoalman is offline
Premium Member
 
Join Date: Jan 2005
Location: United States
Posts: 67
Thanks: 0
Thanked 9 Times in 9 Posts
The downloads are here: http://www.stopforumspam.com/downloads/

Just set up a cron job to download whatever fits your needs, from there you can do whatever and I know nothing about VB so couldn't even begin to tell you. When they load the registration page I'm just checking their IP against the list from SFS. One of the reasons I've done this is because SFS has gone offline at least twice since I've been using them, if their server is down at least I have some protection.

Another thing I have considered doing is just using the 24 hour list list for 24 hour bans but that is more resources checking all those IP's.

I don't want some giant bloated IP ban list whether it's the firewall, htaccess or through the script. That's a lot of resources and as long as you're keeping on top of the most active ones that is what is important.
Reply With Quote
  #9  
10-13-2012, 04:00 PM
admin's Avatar
admin admin is offline
Site Staff / Media Consultant
 
Join Date: Oct 2003
Posts: 4,278
Thanks: 127
Thanked 483 Times in 401 Posts
Quote:
Originally Posted by thecoalman View Post
When they load the registration page I'm just checking their IP against the list from SFS.
I'd like to see the code on that. Is it PHP?

This is what now runs inside the registration page itself:
PHP Code:
// array of banned IP addresses
$banIP = array(
"^27.159.*.*",
"^222.186.*.*"
);
if(
in_array($_SERVER['REMOTE_ADDR'],$banIP)) {
     
// this is for exact matches of IP address in array
     
header("Location: http://www.digitalfaq.com/banned.htm");
     exit();
} else {
     
// this is for wild card matches
     
foreach($banIP as $theip) {
          if(
eregi($theip,$_SERVER['REMOTE_ADDR'])) {
               
header("Location: http://www.digitalfaq.com/banned.htm");
               exit();
          }
     }

... but it would be nice to be able to set up an automated include from the 7-day SFS list. If you don't mind sharing your code, I could probably use it as inspiration to write my own vBulletin plugin. Either that, or to expand the register.php page block list.

The way the above code works now, it throws banned IPs off the page, and redirects to a banned.htm page.

Can't fill out a form if you can't even load it.

For whatever reason, standard .htaccess IP allow/deny simply did not work as desired. There's something funky about the way the page is seen by the server, so embedding the block list into the page itself was the obvious workaround.

-- Update! Moved to this post:
-- Stop Forum Spam and Blog Spam! - A Free IP Address Block List [DOWNLOAD]

- Did this site help you? Then upgrade to Premium Member and show your support!
- Also: Like Us on Facebook for special DVD/Blu-ray news and deals!
Reply With Quote
  #10  
10-26-2012, 08:22 AM
jackkyjackson jackkyjackson is offline
Invalid Email / Banned / Spammer
 
Join Date: Oct 2012
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Admin Note: I find it hilarious how the spammer dedication thread was spammed by a spammer.

IP of this poster = 117.217.84.9 = Bangalore, India
And it wasn't just one spam reply, but two! (Which have been merged into this one post.)



Quote:
hiiiiiiiii
thanks for the information it was very useful.. have a good day
-- merged --
gr8 and very useful information
Reply With Quote
  #11  
10-26-2012, 09:00 AM
admin's Avatar
admin admin is offline
Site Staff / Media Consultant
 
Join Date: Oct 2003
Posts: 4,278
Thanks: 127
Thanked 483 Times in 401 Posts
-- Update! Moved to this post:
-- Stop Forum Spam and Blog Spam! - A Free IP Address Block List [DOWNLOAD]

_____________

For those who are following the IP list for their own sites:
PHP Code:
"^27.153.*.*","^27.154.*.*","^27.155.*.*","^27.156.*.*","^27.157.*.*","^27.158.*.*","^27.159.*.*",
"^31.192.105.*",
"^36.248.*.*",
"^37.59.*.*",
"^46.17.96.*","^46.17.97.*","^46.17.98.*","^46.17.99.*","^46.17.100.*","^46.17.101.*","^46.17.102.*",
"^58.22.*.*","^58.23.*.*","^58.250.*.*",
"^59.57.*.*","^59.58.*.*","^59.60.*.*",
"^61.135.*.*","^61.150.*.*",
"^67.198.24.*",
"^70.32.38.*",
"^87.98.166.*",
"^88.190.241.*","^88.190.244.*",
"^91.201.66.*","^91.236.74.*","^91.237.249.*",
"^101.6.*.*","^101.66.*.*","^101.85.*.*",
"^110.45.*.*","^110.84.*.*","^110.85.*.*","^110.86.*.*",
"^112.101.*.*","^112.111.*.*","^112.132.*.*",
"^113.72.*.*","^113.230.*.*","^113.231.*.*",
"^114.27.*.*","^114.91.*.*","^114.247.*.*",
"^115.141.*.*",
"^116.230.*.*","^116.238.*.*",
"^117.21.*.*","^117.25.*.*","^117.26.*.*",
"^119.139.*.*",
"^120.32.*.*","^120.37.*.*","^120.40.*.*","^120.43.*.*",
"^121.88.*.*","^121.205.*.*",
"^122.121.*.*",
"^123.93.*.*",
"^124.73.*.*","^124.160.*.*",
"^140.224.*.*",
"^173.236.*.*",
"^175.42.*.*","^175.43.*.*","^175.44.*.*",
"^178.163.*.*","^178.238.142.*",
"^182.112.*.*",
"^183.15.*.*","^183.26.*.*","^183.211.*.*",
"^184.22.233.*",
"^192.162.19.*",
"^195.190.13.*",
"^199.168.139.*",
"^209.141.55.*",
"^218.6.*.*","^218.28.*.*","^218.66.*.*","^218.85.*.*","^218.86.*.*","^218.93.*.*","^218.201.*.*",
"^219.133.*.*","^219.234.*.*",
"^220.161.*.*",
"^221.176.*.*","^221.234.*.*",
"^222.77.*.*","^222.122.*.*","^222.186.*.*","^222.209.*.*" 
It's cut down on log clutter quite a bit -- the 10's of thousands of repeated failed attempts are now gone.
Beyond log clutter, all of those failed attempts are still a bandwidth clogger and overall abuser of resources, when allowed to try/fail registration.

Bots are bad:

Virtually all of those IPs are for China and cheap USA-based VPS/VPN services (used as proxy from China).

- Did this site help you? Then upgrade to Premium Member and show your support!
- Also: Like Us on Facebook for special DVD/Blu-ray news and deals!
Reply With Quote
  #12  
11-04-2012, 09:30 AM
johhnn12 johhnn12 is offline
Invalid Email / Banned / Spammer
 
Join Date: Nov 2012
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Admin Note: It takes a special kind of stupid to (again!) spam a thread dedicated to spam.
Like last time, this one was also from India.
IP = 115.251.188.131

Quote:
hi
This is the best site. Here you can get lots of information about various product.
i have read the question but i don't know the answer. sorry for that.
Reply With Quote
  #13  
03-18-2013, 10:58 PM
admin's Avatar
admin admin is offline
Site Staff / Media Consultant
 
Join Date: Oct 2003
Posts: 4,278
Thanks: 127
Thanked 483 Times in 401 Posts
We've released our spam block list.

We've put a lot of work into it, hundreds of hours minimum, so I hope it helps other forum owners.
Find it here: Stop Forum Spam and Blog Spam! - A Free IP Address Block List [DOWNLOAD]


Now go block some junk!

- Did this site help you? Then upgrade to Premium Member and show your support!
- Also: Like Us on Facebook for special DVD/Blu-ray news and deals!
Reply With Quote
  #14  
09-12-2013, 10:59 AM
thecoalman thecoalman is offline
Premium Member
 
Join Date: Jan 2005
Location: United States
Posts: 67
Thanks: 0
Thanked 9 Times in 9 Posts
Quote:
Originally Posted by admin View Post
I'd like to see the code on that. Is it PHP?
sorry I missed this, it's nothing spectacular. I have a cron job that executes separate script that downloads and extracts the list to a directory every 12 hours. In the registration script is this:

PHP Code:
                $spammerips file_get_contents($_SERVER['DOCUMENT_ROOT'] . '/your/path/to/listed_ip_30.txt');
                
                
                if (
$spammerips !== false)
                {
                    
$spammerips str_replace("\r\n""\n"$spammerips);

                    
$spammerips explode("\n"$spammerips);

                    foreach (
$spammerips as $line)
                    {
                        if (
$user->ip == $line)
                        {
                            
$message $user->lang['ACCOUNT_SPAMMER'];
                            
$message $message '<br /><br />' sprintf($user->lang['RETURN_INDEX'], '<a href="' append_sid("{$phpbb_root_path}index.$phpEx") . '">''</a>');
                            
trigger_error($message);
                        }
                    }
                    
                    unset(
$spammerips);
                } 

That of course is specific to phpBB, you'd have something like this for other application:

PHP Code:
                $spammerips file_get_contents($_SERVER['DOCUMENT_ROOT'] . '/your/path/to/listed_ip_30.txt');
                
                
                if (
$spammerips !== false)
                {
                    
$spammerips str_replace("\r\n""\n"$spammerips);

                    
$spammerips explode("\n"$spammerips);

                    foreach (
$spammerips as $line)
                    {
                        
//Set use your local variable for the user IP here
                        
if ($useripvariable == $line)
                        {
                            
// Do something for Spammer IP
                        
}
                    }
                    
                    unset(
$spammerips);
                } 
I don't think that is something you'll want to execute every page load, the 30 day list for example is about 3MB and has about 25K IP's so you're creating an array with 25K entries. Where I have the code it only executes after they submit registration.

Last edited by thecoalman; 09-12-2013 at 11:15 AM.
Reply With Quote
  #15  
12-21-2013, 12:37 AM
james79 james79 is offline
Invalid Email / Banned / Spammer
 
Join Date: Dec 2013
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Admin Note: I'm "truly astounded" that you're a dumbass that would spam a thread about spammers.
This one was from Pakistan. IP = 182.186.152.40

Quote:
I truly astounded by your publish regards. I really appreciate that you took all this time to try and help us.Your work is carry the information to the other people.
Reply With Quote
Reply




Similar Threads
Thread Thread Starter Forum Replies Last Post
On-site URL shorterning for WordPress sites - no more bit.ly/tinyurl/etc lordsmurf Website and Server Troubleshooting 0 10-01-2010 03:58 AM
Verbatim Dual layer - am i seeing things? manthing Blank Media 1 06-05-2008 12:24 AM
Looking for sites to download TV show episodes stoogedog Videography: Cameras, TVs and Players 7 10-03-2006 03:06 PM

Thread Tools



 
All times are GMT -5. The time now is 04:56 PM  —  vBulletin Copyright Jelsoft Enterprises Ltd  —  SEO by vBSEO