The stupidest blacklist

[vicza]

Sometimes, when I want to post a message to the forum, I receive the error message like this: "Your IP 83.237.253.114 has been blocked because it is blacklisted. For details please see http://www.spamhaus.org/query/bl?ip=83.237.253.114. Well, I switch my router off, then switch it on, wait until it connects to ISP and receives a new IP...
But -- do you really think that this way you are fighting with spam? These are dynamical IPs, anyone could use it. A user is not responsible that someone somewhere maybe used this IP for spam. Or just (as this spamhouse says) "this IP range doesn't meeting their policy for IPs". I don't care about stupid spamhouse and their stupid policy! I do not send spam, why must I receive these messages? And only on this forum, I haven encountered this problem on other forums...

[kodama]

You are barking at the wrong tree; the administrators of this forum are not responsible for the IP blacklisting policies of ISPs, nor for the route the packets take from *your* computer to the server.

[vicza]

You are barking at the wrong tree; the administrators of this forum are not responsible for the IP blacklisting policies of ISPs, nor for the route the packets take from *your* computer to the server.

I understand. But why they use it? If we'd post anonymously, it could be understood yet. But we are posting from our accounts, so are responsible for our postings anyway. Why, then, use these irrelevant blacklists?

[Mist]

Because they are not irrelevant. There is a high number of spambots able to register and activate themselves on any phpBB scripts, without blacklisting the IP ranges they usualy come from we'd be drowning in spam (we used to ban/remove roughly one bot per day on old forums before the move).

You've got my deepest symapthy because of this, but I'll not remove the blacklisting and I can help the fact that most of this kind of spam activity comes from Russia.

[zookeeper]

Because they are not irrelevant. There is a high number of spambots able to register and activate themselves on any phpBB scripts, without blacklisting the IP ranges they usualy come from we'd be drowning in spam (we used to ban/remove roughly one bot per day on old forums before the move).

They get through the confirmation code in the registration phase?

[Mist]

Some of them did. The one that did not were still displayed on the user list with links to porn/pharma sites.

[AI]

OCR works pretty well, and even if you only have a 10% successrate, you can just try and try again.

[nataS]

With phpBB 3 the amount of spambots that get through seems to have been greatly decreased. Before this, if you had a popular forum, and did not take some sort of protective measure. You could count on over ten spambots a day. I suggest you complain to your ISP they should give you a static IP. And if that is not possible, switch to another ISP. I'm not fully aware of spamhouse policy, but it's very well possible they block the ranges because of lack of action from your ISP.

[Lizard]

Because they are not irrelevant. There is a high number of spambots able to register and activate themselves on any phpBB scripts, without blacklisting the IP ranges they usualy come from we'd be drowning in spam (we used to ban/remove roughly one bot per day on old forums before the move).

They get through the confirmation code in the registration phase?

I recently read s.th. about that*. The Bot takes the image, some fake site displays them and send the Code back or s.th. like that.

* C't a computer magazine. English site of the Publisher.

[vicza]

You've got my deepest symapthy because of this, but I'll not remove the blacklisting and I can help the fact that most of this kind of spam activity comes from Russia.

Well, even if so, but if a user has written, say, 50 messages (or even 10 would be sufficient), can't you tell that he is not spammer? Why filter all users, not only the very new ones?

[Mist]

Blacklist filtering happens *before* any sort of forum authorisation, there is no possbility to plug exception into these rules. The IP is checked as a first thing, if that check fails there is no further authorisation or user recognition.

[Aethaeryn]

Blacklist filtering happens *before* any sort of forum authorisation, there is no possbility to plug exception into these rules. The IP is checked as a first thing, if that check fails there is no further authorisation or user recognition.

Isn't it then a big flaw in phpBB design to have a blacklist and no whitelist?

[Mist]

Eh? And what has that to do with anything?

The blacklists we talk about are external resources, checking against them has one sole purpose - to prevent sources known to have bad history ANY activity on a site, puting holes in blacklist checking mechanism defeats the whole point. Basicaly if you know there is a lot of spam coming from an IP range why on earth would you want to allow any activity form that range?
Yes, you could in theory put a check later. But. It would mean checking each possible link click/http querry against both white and blacklists. Or introducing very expensive sesion managment schemes. The bottom line is that other possible solutions are either resource expensive or mean huge performance drop.

[-stf-]

I have an idea how to solve this without strict banning of IP address and neither performance drop.

I suppose that after IP address is on blacklist, any attempt to write in forum produces error 403 - access denied.
My suggestion is to extent this error to form with question i.e. to solve any aritmetic operation or so. As this:

(hidden)id=vuruvtre84c7v8dv
125 + x - 15 = 27
Write correctly x: (______)
(continue)

Spambot should identify this as normal 403 error, but user can answer the question correctly to get further. Proper x can be stored on the server together with hidden random identification code and time for this request and compared after user clicks (continue). This should not do more server load than normal page from forum. Unused codes can be deleted after timeout i.e. 5 minutes by cron. 99% of people should be able to answer without problem.

[irrevenant]

99% of people should be able to answer without problem.

I think you overestimate the average user's math skills. I'd guess the number at more like 75%.

It'd help if you flipped the order of the question around (125 - 15 - 27 = ??), and made the question a lot easier ("What is 7 + 10 ?").

It should further confuse bots if you use text rather than numbers. eg. "What is seven plus ten?". (Accept either "seventeen" or "17" as an answer).