• Howdy! Welcome to our community of more than 130.000 members devoted to web hosting. This is a great place to get special offers from web hosts and post your own requests or ads. To start posting sign up here. Cheers! /Peo, FreeWebSpace.net
managed wordpress hosting

Any suggestions for dealing with phpBB Spam Posts originating from ChinaNet?

deanhills

Active Member
We are presently experiencing a serious flood of spam posts that originate from ChinaNet in Mainland China. It started as a trickle two weeks ago, then more and more and we now are dealing with a flood of them on a daily basis. Most of the posts are from IPs that are hosted by ChinaNet. Anyone else who has had a problem like this? I Googled the problem but have not found much in current information. So will be grateful of any suggestions. Thanks.

Here is the info that typically comes up when I click on one of the IP numbers. Maybe some of the experts at FWS could recognize something in it that may be helpful for working on a solution, i.e. the range number. Is there a recipe for blocking this range?
% [whois.apnic.net node-5]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

inetnum: 218.85.0.0 - 218.86.127.255
netname: CHINANET-FJ
descr: CHINANET Fujian province network
descr: Data Communication Division
descr: China Telecom
country: CN
admin-c: CH93-AP
tech-c: CA67-AP
mnt-by: MAINT-CHINANET
mnt-lower: MAINT-CHINANET-FJ
changed: hostmaster@ns.chinanet.cn.net 20020422
status: ALLOCATED NON-PORTABLE
source: APNIC

person: Chinanet Hostmaster
nic-hdl: CH93-AP
e-mail: anti-spam@ns.chinanet.cn.net
address: No.31 ,jingrong street,beijing
address: 100032
phone: +86-10-58501724
fax-no: +86-10-58501724
country: CN
changed: dingsy@cndata.com 20070416
mnt-by: MAINT-CHINANET
source: APNIC
 
I believe there is a plugin for that, I use it on one of my private forums.

If you have automod installed:
- Anti-Spam ACP
- Advanced Block Mod

Those two work amazing. I haven't had any bots sign up in weeks. Anti-spam checks the signup information and IP across spam databases. I love it.
 
What are you using right now to prevent spam sign-ups? On my forums, the only ones who ever get through are the ones who get registered by real people.
 
I believe there is a plugin for that, I use it on one of my private forums.

If you have automod installed:
- Anti-Spam ACP
- Advanced Block Mod

Those two work amazing. I haven't had any bots sign up in weeks. Anti-spam checks the signup information and IP across spam databases. I love it.
Awesome thanks Schmarvin. Exactly what was needed. :cool2:

What are you using right now to prevent spam sign-ups? On my forums, the only ones who ever get through are the ones who get registered by real people.
We have just implemented Schmarvin's suggestion. And presently are working our way through the member list to ban the ones that have already registered as it is quite easy to identify these spammers. I'm curious, how do you get it that those who register are only real people? Without captcha? Or are you using captcha? :)
 
I just use the simple image captcha (not the 3D crap...I couldn't read it, and wouldn't expect my visitors to either, LOL!) and then ask a question or two on a hidden custom profile field. Math problems have been solved by bots, so I use something like "List the biggest number" or "Type the 4th number", etc. After that I require email validation, where the user needs to click the link in the email to register.

If a bot happens to guess the right answer to the custom profile fields (never happens...they might get one, but not both), then the email link still needs to be clicked. Accordingly, the only "bots" we have ever had are real people who register and post their spam. We get one of those every 2 or 3 months.

On my vBulletin forums, I use the same method, but with re-captcha. Went from getting 45-50 bot sign-ups a day when I first set up that forum, to absolutely 0 over the past 3 months.

Never used a plug-in.
 
the problem with captcha is it's quite easy to solve.

there are automated captca breaking services (where a human does the breaking)
there are also a type of OCR captcha breaking system where the image is converted into text (this one is completely automatic)

and the simple 1+2 = can also be simply broken with the right bot's

joe

I just use the simple image captcha (not the 3D crap...I couldn't read it, and wouldn't expect my visitors to either, LOL!) and then ask a question or two on a hidden custom profile field. Math problems have been solved by bots, so I use something like "List the biggest number" or "Type the 4th number", etc. After that I require email validation, where the user needs to click the link in the email to register.

If a bot happens to guess the right answer to the custom profile fields (never happens...they might get one, but not both), then the email link still needs to be clicked. Accordingly, the only "bots" we have ever had are real people who register and post their spam. We get one of those every 2 or 3 months.

On my vBulletin forums, I use the same method, but with re-captcha. Went from getting 45-50 bot sign-ups a day when I first set up that forum, to absolutely 0 over the past 3 months.

Never used a plug-in.
 
the problem with captcha is it's quite easy to solve.

there are automated captca breaking services (where a human does the breaking)
there are also a type of OCR captcha breaking system where the image is converted into text (this one is completely automatic)

and the simple 1+2 = can also be simply broken with the right bot's

joe



Did you actually read my post? I specifically said not to use math problems because they can be solved by bots. You also never want to use just captcha alone. Hence, I recommended using a form of captcha and questions that are not normally solvable by bots. In fact, I recommended using two questions, since the odds of a bot guessing correctly at both is highly unlikely.
 
Yes i did read your post.

i should have added a bit more to make it easier to stand.

you need a multi-layered approach (which can't usually all be solved by the same bot) one on it's own is going to be easy to solve, but you also have to remember that they also need to be solvable by real people.

joe
 
Back
Top