Ban list in .htaccess

[draggar]

I've been monitoring spam IP addresses that attempt to sign up on my forum and I've been blocking the offenders in the .htaccess file (plus IP addresses that load up the same page hundreds of times in an hour).

As you can imagine this list is getting very long (right now 197 IP addresses and ranges in the list).

I'm assuming this will have an effect on the speed of the site but the question is - how much will it affect at my level and in the future (assume adding 10-20 a week).

Also, what's the risk of just adding an entire range - I have 13 offending IP addresses in the 178.xxx.xxx.xxx range, (4 in the 178.125.xxx.xxx). I see the risk of potentially blocking millions of people but of a large number of spam attempts are coming in there (I also know the more precise the ban is, I'll block fewer people).

I have a couple of packages installed in SMF and I get the spam IP addresses from there - plus ones that are obviously spam (email addresses that look like someone just punched a keyboard, several from the same IP address, plus look at high repeat reloaders as mentioned above), etc..

I also know spammers change IP addresses like we change our socks so banning many of them won't have much of an effect but I'm tired of going through the forums every day and deleting dozens of signups and having my traffic suffer when a spammer is reloading my page over and over.

Thoughts on better ways to battle spammers?

[katherine]

The IP addresses should be unbanned after some time, because most of the time they are dynamic anyway.
So by doing rotation you limit the number of banned IP addresses at any given time.
This should be able to be automated. Doesn't your forum software supply plugins for that purpose ?

[draggar]

I can check - I've been using SMF but nothing (ban-wise) is automatic. The plugins I'm using only flag the IP addresses - you have to manually ban them.

BTW - I have good captcha (one where you have to line up the pictures).

Edit: I've added new anti-spam measures for one of my sites and deleted the entire block list - let's see how it goes.

[radioz]

For Simple Machines Forum (SMF), I STRONGLY recommend the httpBL package to stop SPAM. This package utilizes free ProjectHoneypot.org spam and bot catching software. I STRONGLY recommend that software as well! It does involve some work for either SMF or regular websites. I use it on two SMF forums as well as 73.biz, an AppThemes 'ClassiPress' Wordpress (WP) site (using the 'Bad Behavior' WP plug in), and VintageRadio.com, an HTML/PHP site using a Geodesic Solutions script. For SMF, it completely eliminate SPAM. The two forums that I built with that software are not SPAMmed; period. I built a couple of others without this protection and they were completely destroyed by it. For the Wordpress and HTML site, it reduces SPAM dramatically although some does occur (especially with Wordpress). The two (unused but unSPAMmed too) forums are AntiqueRadio.net and Transistorized.com.

To install the 'Honeypot' software, you need to download a piece of software, put it in you sites root directory, and activate it. You will also want to 'plant' 'honeypots' with terms that spammers look for on various pages of your site. For SMF. the httpBL main site gives detailed instructions.

'Bad Behavior' is the Wordpress plug-in to implement 'Project Honeypot'. I notice that SMF now has a MOD with the same name. It is likely similar to the httpBL MOD. I really do recommend that httpBL MOD though. I also have the 'Stop Spammer' MOD enabled which may be a useful adjuct and certain it causes no problems. I would also implement this MOD for SMF.

Good Luck!

[draggar]

I've implemented some of those - the basic honeypot as well as some new Captcha and another logger which flags known or suspected spammers and puts them in a "manual approval" status.

[JuniperPark]

I ran my own server until a few weeks ago, and I can tell you that you're all just wasting your time.

In the mid 2000's I wrote a lot of software and processes to deal with what you're discussing here. My server was frequently overwhelmed with spammers/content stealers/email harvesters etc. It worked well at first, auto-banning any IP that was not Google or Yahoo and attempted more than 100 pagereads per minute. By 2010 I had banned over 10,000 IPs, some in the same subnet, some not. Also, some were faking http headers pretending to be Googlebot or one of the others.

And that's just full-on pagereads... there were suspicious packets/probes/pings every 5 seconds on average, from all over the world. You simply will not be able to deal with this manually.