Jump to content

  • Log in with Facebook Log in with Twitter Log In with Google      Sign In   
  • Create Account

Subscribe to HRA Now!

 



Are you a Google Analytics enthusiast?

Share and download Custom Google Analytics Reports, dashboards and advanced segments--for FREE! 

 



 

 www.CustomReportSharing.com 

From the folks who brought you High Rankings!



Photo

Chinese Spammers?


  • Please log in to reply
9 replies to this topic

#1 petri

petri

    HR 3

  • Active Members
  • PipPipPip
  • 78 posts

Posted 18 April 2010 - 04:05 AM

I tried to make it hard for spammers to access my forum but it didn't work. Whatever I tried the SPAM kept coming in, so finally I decided to take the forum off line. Immediately after I started to get hits to the main page (a web page with a link to the forum) from China. All referrals comes from the same place but the IP-addresses and locations are all different. The web page and the forum were all in Swedish, so I'm a bit suspicious about this sudden interest from China. The SPAM I used to find on the forum pages were mostly in Russian or with Russian addresses.

What could all this mean?

#2 Jill

Jill

    Recovering SEO

  • Admin
  • 32,882 posts

Posted 18 April 2010 - 07:52 AM

You can block all the ips at the server level through an .htaccess file if you'd like. There are lists online you can use to add to your .htaccess.

#3 Randy

Randy

    Convert Me!

  • Moderator
  • 17,540 posts

Posted 18 April 2010 - 11:55 AM

It means there are a lot of hacked PC's from those two places. Most of the time the PC owner doesn't even know their PC has become owned and controlled by someone else --whom may be down the block and on the same cable loop, or halfway around the world.

If the forum were still active, most of those come with built in spam protection that would allow you to restrict access to users by their IP number or IP range. And as she said, there are lists out there you can use to seed your blocking rules. As a general rule you can usually mass block entire IP ranges if you want to block off certain countries.

Or you may also want to look into what your server does when a user hits a page that doesn't exist. It's entirely possible that it's configured to send Not Found requests to your home page automatically. Which could be why you're seeing the traffic show up there now. This would also be evident if you were to look through your raw log files and traced back the original hits from those IP numbers.

If that's the case, you could tweak your 404 Not Found error handling to silently drop the connections from these IP ranges. Or simply put up a single page that says the forum is gone and redirect all requests for forum pages to this new page.

Or if you control the entire server you could also set up some block rules at the firewall itself. Though that's probably overkill if they're not actively trying to hack your site.

Lots of ways one can deal with this sort of thing.

FWIW, most people would be amazed at the number of hacked PC's out there. It's a huge number. I see it more in how I have my mail servers set up, because most of those hacked machine are set up to be mail spam bots but don't use an legitimate mail server when trying to send their spam. A significant amount of mail sent to me never makes it to me because it is being sent by these hacked PC's.

#4 petri

petri

    HR 3

  • Active Members
  • PipPipPip
  • 78 posts

Posted 18 April 2010 - 01:30 PM

Thanks for the answers.

I tried to understand all the different possibilities I had as an admin, and tested everything I thought might help. There was an option to use black lists and I tried it. I tried to put reasonable obstacles to user registration and finally I closed the possibility to register altogether. But the spam kept coming in. Finally I thought I would erase all the users, but I didn't know how to do it. The forum wasn't very active and I didn't want to be a part in spreading spam, so I erased all the files from the server.

I probably shouldn't assume that only because I'm working on a Mac I'm almost immune to viruses? Maybe I could google for free checking services, but then again, how can I know it's not some kind of dirty site that installs malware instead of removing it? Any suggestions where to go?

All the technicalities of computer security is past my knowledge, as you might have guest. I still (wrongly?) trust my Mac notworthy.gif

#5 Randy

Randy

    Convert Me!

  • Moderator
  • 17,540 posts

Posted 19 April 2010 - 09:48 AM

Not sure what the Mac part has to do with your forum getting hacked and/or spammed. You're not saying your server was a Mac are you? If that's the case it would be an extremely unusual situation. Not because Mac's are bad computers, but because the things Macs really excel at are not the same things servers need to excel at.

That said I'll tell you plainly that any computer that doesn't have anti-virus and spyware protection is going to get hacked. It's just a matter of time. And I don't care what make, model, type or anything else it is.

#6 petri

petri

    HR 3

  • Active Members
  • PipPipPip
  • 78 posts

Posted 19 April 2010 - 12:25 PM

QUOTE(Randy @ Apr 19 2010, 04:48 PM) View Post
Not sure what the Mac part has to do with your forum getting hacked and/or spammed.


It was a comment to "FWIW, most people would be amazed at the number of hacked PC's out there. It's a huge number."

#7 Scottie

Scottie

    Psycho Mom

  • Admin
  • 6,294 posts
  • Location:Columbia, SC

Posted 20 April 2010 - 01:49 PM

The hacked PC's refer to PC zombies that are being used to distribute hacks and spam and other malware unbeknownst to their owners, not to your preference of personal computer! Those are what are potentially attacking your server and you need to be aware of them, even if you personally use a Mac. smile.gif

#8 Mooro

Mooro

    HR 4

  • Active Members
  • PipPipPipPip
  • 157 posts
  • Location:Loughborough, Leicestershire

Posted 20 June 2010 - 05:51 AM

QUOTE(Jill @ Apr 18 2010, 01:52 PM) View Post
You can block all the ips at the server level through an .htaccess file if you'd like. There are lists online you can use to add to your .htaccess.

That is not an optimal option, each line in htaccess takes resources, a firewall level ban would be better.

#9 Michael Martinez

Michael Martinez

    HR 10

  • Active Members
  • PipPipPipPipPipPipPipPipPipPip
  • 5,038 posts
  • Location:Georgia

Posted 20 June 2010 - 02:28 PM

QUOTE(Mooro @ Jun 20 2010, 03:51 AM) View Post
That is not an optimal option, each line in htaccess takes resources, a firewall level ban would be better.


And not everyone has that option, unfortunately. But a Swedish forum with little to no appeal to Chinese visitors can easily block IP addresses by "A" or "B" blocks.

I have resorted to doing that with my VBulletin forum. It has cut down on spam registrations significantly, although not completely. There are still a few hand jobs coming in but we can easily moderate or delete those.


#10 chrishirst

chrishirst

    A not so moderate moderator.

  • Moderator
  • 6,722 posts
  • Location:Blackpool UK

Posted 21 June 2010 - 06:35 AM

"hand jobs" being a fairly accurate way to describe forum spammers as well!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

SPAM FREE FORUM!
 
If you are just registering to spam,
don't bother. You will be wasting your
time as your spam will never see the
light of day!