The stupidest blacklist
Moderator: Forum Moderators
The stupidest blacklist
Sometimes, when I want to post a message to the forum, I receive the error message like this: "Your IP 83.237.253.114 has been blocked because it is blacklisted. For details please see http://www.spamhaus.org/query/bl?ip=83.237.253.114. Well, I switch my router off, then switch it on, wait until it connects to ISP and receives a new IP...
But -- do you really think that this way you are fighting with spam? These are dynamical IPs, anyone could use it. A user is not responsible that someone somewhere maybe used this IP for spam. Or just (as this spamhouse says) "this IP range doesn't meeting their policy for IPs". I don't care about stupid spamhouse and their stupid policy! I do not send spam, why must I receive these messages? And only on this forum, I haven encountered this problem on other forums...
But -- do you really think that this way you are fighting with spam? These are dynamical IPs, anyone could use it. A user is not responsible that someone somewhere maybe used this IP for spam. Or just (as this spamhouse says) "this IP range doesn't meeting their policy for IPs". I don't care about stupid spamhouse and their stupid policy! I do not send spam, why must I receive these messages? And only on this forum, I haven encountered this problem on other forums...
Re: The stupidest blacklist
You are barking at the wrong tree; the administrators of this forum are not responsible for the IP blacklisting policies of ISPs, nor for the route the packets take from *your* computer to the server.
Re: The stupidest blacklist
I understand. But why they use it? If we'd post anonymously, it could be understood yet. But we are posting from our accounts, so are responsible for our postings anyway. Why, then, use these irrelevant blacklists?kodama wrote:You are barking at the wrong tree; the administrators of this forum are not responsible for the IP blacklisting policies of ISPs, nor for the route the packets take from *your* computer to the server.
Re: The stupidest blacklist
Because they are not irrelevant. There is a high number of spambots able to register and activate themselves on any phpBB scripts, without blacklisting the IP ranges they usualy come from we'd be drowning in spam (we used to ban/remove roughly one bot per day on old forums before the move).
You've got my deepest symapthy because of this, but I'll not remove the blacklisting and I can help the fact that most of this kind of spam activity comes from Russia.
You've got my deepest symapthy because of this, but I'll not remove the blacklisting and I can help the fact that most of this kind of spam activity comes from Russia.
Somewhere, between the sacred silence and sleep.
Disorder.
Disorder.
Re: The stupidest blacklist
They get through the confirmation code in the registration phase?Mist wrote:Because they are not irrelevant. There is a high number of spambots able to register and activate themselves on any phpBB scripts, without blacklisting the IP ranges they usualy come from we'd be drowning in spam (we used to ban/remove roughly one bot per day on old forums before the move).
Re: The stupidest blacklist
Some of them did. The one that did not were still displayed on the user list with links to porn/pharma sites.
Somewhere, between the sacred silence and sleep.
Disorder.
Disorder.
Re: The stupidest blacklist
OCR works pretty well, and even if you only have a 10% successrate, you can just try and try again.
Re: The stupidest blacklist
With phpBB 3 the amount of spambots that get through seems to have been greatly decreased. Before this, if you had a popular forum, and did not take some sort of protective measure. You could count on over ten spambots a day. I suggest you complain to your ISP they should give you a static IP. And if that is not possible, switch to another ISP. I'm not fully aware of spamhouse policy, but it's very well possible they block the ranges because of lack of action from your ISP.
Re: The stupidest blacklist
I recently read s.th. about that*. The Bot takes the image, some fake site displays them and send the Code back or s.th. like that.zookeeper wrote:They get through the confirmation code in the registration phase?Mist wrote:Because they are not irrelevant. There is a high number of spambots able to register and activate themselves on any phpBB scripts, without blacklisting the IP ranges they usualy come from we'd be drowning in spam (we used to ban/remove roughly one bot per day on old forums before the move).
* C't a computer magazine. English site of the Publisher.
~ I'll heal you by 4 hp if you post next to me ~
Have a look at the Era of Strife, featuring Eltireans, Eventide, Minotaurs, Saurians and Triththa
Have a look at the Era of Strife, featuring Eltireans, Eventide, Minotaurs, Saurians and Triththa
Re: The stupidest blacklist
Well, even if so, but if a user has written, say, 50 messages (or even 10 would be sufficient), can't you tell that he is not spammer? Why filter all users, not only the very new ones?Mist wrote:You've got my deepest symapthy because of this, but I'll not remove the blacklisting and I can help the fact that most of this kind of spam activity comes from Russia.
Re: The stupidest blacklist
Blacklist filtering happens *before* any sort of forum authorisation, there is no possbility to plug exception into these rules. The IP is checked as a first thing, if that check fails there is no further authorisation or user recognition.
Somewhere, between the sacred silence and sleep.
Disorder.
Disorder.
- Aethaeryn
- Translator
- Posts: 1554
- Joined: September 15th, 2007, 10:21 pm
- Location: Baltimore, Maryland, USA
Re: The stupidest blacklist
Isn't it then a big flaw in phpBB design to have a blacklist and no whitelist?Mist wrote:Blacklist filtering happens *before* any sort of forum authorisation, there is no possbility to plug exception into these rules. The IP is checked as a first thing, if that check fails there is no further authorisation or user recognition.
Aethaeryn (User Page)
Wiki Moderator (wiki)
Latin Translator [wiki=Latin Translation](wiki)[/wiki]
Maintainer of Thunderstone Era (wiki) and Aethaeryn's Maps [wiki=Aethaeryn's Maps](wiki)[/wiki]
Wiki Moderator (wiki)
Latin Translator [wiki=Latin Translation](wiki)[/wiki]
Maintainer of Thunderstone Era (wiki) and Aethaeryn's Maps [wiki=Aethaeryn's Maps](wiki)[/wiki]
Re: The stupidest blacklist
Eh? And what has that to do with anything?
The blacklists we talk about are external resources, checking against them has one sole purpose - to prevent sources known to have bad history ANY activity on a site, puting holes in blacklist checking mechanism defeats the whole point. Basicaly if you know there is a lot of spam coming from an IP range why on earth would you want to allow any activity form that range?
Yes, you could in theory put a check later. But. It would mean checking each possible link click/http querry against both white and blacklists. Or introducing very expensive sesion managment schemes. The bottom line is that other possible solutions are either resource expensive or mean huge performance drop.
The blacklists we talk about are external resources, checking against them has one sole purpose - to prevent sources known to have bad history ANY activity on a site, puting holes in blacklist checking mechanism defeats the whole point. Basicaly if you know there is a lot of spam coming from an IP range why on earth would you want to allow any activity form that range?
Yes, you could in theory put a check later. But. It would mean checking each possible link click/http querry against both white and blacklists. Or introducing very expensive sesion managment schemes. The bottom line is that other possible solutions are either resource expensive or mean huge performance drop.
Somewhere, between the sacred silence and sleep.
Disorder.
Disorder.
Re: The stupidest blacklist
I have an idea how to solve this without strict banning of IP address and neither performance drop.
I suppose that after IP address is on blacklist, any attempt to write in forum produces error 403 - access denied.
My suggestion is to extent this error to form with question i.e. to solve any aritmetic operation or so. As this:
(hidden)id=vuruvtre84c7v8dv
125 + x - 15 = 27
Write correctly x: (______)
(continue)
Spambot should identify this as normal 403 error, but user can answer the question correctly to get further. Proper x can be stored on the server together with hidden random identification code and time for this request and compared after user clicks (continue). This should not do more server load than normal page from forum. Unused codes can be deleted after timeout i.e. 5 minutes by cron. 99% of people should be able to answer without problem.
I suppose that after IP address is on blacklist, any attempt to write in forum produces error 403 - access denied.
My suggestion is to extent this error to form with question i.e. to solve any aritmetic operation or so. As this:
(hidden)id=vuruvtre84c7v8dv
125 + x - 15 = 27
Write correctly x: (______)
(continue)
Spambot should identify this as normal 403 error, but user can answer the question correctly to get further. Proper x can be stored on the server together with hidden random identification code and time for this request and compared after user clicks (continue). This should not do more server load than normal page from forum. Unused codes can be deleted after timeout i.e. 5 minutes by cron. 99% of people should be able to answer without problem.
- irrevenant
- Moderator Emeritus
- Posts: 3692
- Joined: August 15th, 2005, 7:57 am
- Location: I'm all around you.
Re: The stupidest blacklist
I think you overestimate the average user's math skills. I'd guess the number at more like 75%.-stf- wrote:99% of people should be able to answer without problem.
It'd help if you flipped the order of the question around (125 - 15 - 27 = ??), and made the question a lot easier ("What is 7 + 10 ?").
It should further confuse bots if you use text rather than numbers. eg. "What is seven plus ten?". (Accept either "seventeen" or "17" as an answer).
Want to post a Wesnoth idea? Great! Read these:
Frequently Posted Ideas Thread
Giving your idea the best chance of acceptance
Frequently Posted Ideas Thread
Giving your idea the best chance of acceptance