Reducing SPAM registrations - ZBBLOCK
Edited by yazoo at 2013-2-16 10:51After installing a new runup of Discuz, I started getting a lot of spam registrations.My research found me a solution that has eliminated the problem.
There is a free service called stopforumspam.com that has over 43 million spam sources identified.The service is run by volunteers.
A php script is available that looks for suspicious behaviour and also looks up the ip at stopforumspam.com.It is available at http://www.spambotsecurity.com/zbblock.php
It is also free.
To install, expand the zbblock zip file in your www root.It will create its own subdirectory.Open setup.php in your web browser.The script analyzes your environment and offers 7 options.For me on a LAMP environment, the seventh choice was optimal.After choosing it, I was given a php tag to put at the beginning of any php file I wanted to protect on the server.
I put the tag at the very beginning of my member.php and watched as my bandwidth dropped and my fake registrations dropped to zero.I put it in front of some other php files as well, but haven't noticed them in the logs so they are probably not necessary.
You can configure logging in the ini file, here is an excerpt of what the killed_log looks like if you enable it.If you do enable it, check in and truncate it every so often as it will grow quite big.<font face="Arial" size="1">#: 16 @: Tue, 12 Feb 2013 15:31:37 -0800 Running: 0.4.10a1
Host: 137.7.207.91.unknown.steephost.net
IP: 91.207.7.137
Score: 1
Violation count: 1
Why blocked: No registrations, or logins, from hosts listed as hostile on http://www.stopforumspam.com/ (local).
Query: mod=register
Referer: http://strayingdogs.com/dx/member.php?mod=register
User Agent: Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.91 Safari/537.11
Reconstructed URL: http:// strayingdogs.com /dx/member.php?mod=register
#: 17 @: Tue, 12 Feb 2013 15:31:43 -0800 Running: 0.4.10a1
Host: 137.7.207.91.unknown.steephost.net
IP: 91.207.7.137
Score: 1
Violation count: 2
Why blocked: No registrations, or logins, from hosts listed as hostile on http://www.stopforumspam.com/ (local).
Query: mod=register
Referer: http://strayingdogs.com/dx/member.php?mod=register
User Agent: Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.91 Safari/537.11
Reconstructed URL: http:// strayingdogs.com /dx/member.php?mod=register
#: 18 @: Tue, 12 Feb 2013 15:31:49 -0800 Running: 0.4.10a1
Host: 137.7.207.91.unknown.steephost.net
IP: 91.207.7.137
Score: 1
Violation count: 3 BANNED
Why blocked: No registrations, or logins, from hosts listed as hostile on http://www.stopforumspam.com/ (local).
Query: mod=register
Referer: http://strayingdogs.com/dx/member.php?mod=register
User Agent: Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.11 (KHTML, like Gecko) Chrome/23.0.1271.91 Safari/537.11
Reconstructed URL: http:// strayingdogs.com /dx/member.php?mod=register
#: 19 @: Tue, 12 Feb 2013 16:23:48 -0800 Running: 0.4.10a1
Host: spider-199-21-99-82.yandex.com
IP: 199.21.99.82
Score: 2
Violation count: 1 INSTA-BANNED
Why blocked: Yandex is banned. INSTA-BAN (SPD-110). Yandex is banned. INSTA-BAN (HN-0110). You have been instantly banned due to extremely hazardous behavior!
Query: mod=redirect&tid=19&goto=lastpost
Referer:
User Agent: Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)
Reconstructed URL: http:// strayingdogs.com /dx/forum.php?mod=redirect&tid=19&goto=lastpost
</font> To install, expand the zbblock exe file in your www root.It will create its own subdirectory.Open setup.php in your web browser.The script analyzes your environment and offers 7 options.For me on a LAMP environment, the seventh choice was optimal.After choosing it, I was given a php tag to put at the beginning of any php file I wanted to protect on the server.
I put the tag at the very beginning of my members.php
Please verify and edit this text!
1) what means "expand the zbblock exe file"
2) what the subfolders will be created
3) what the 7 options
4) members.php does NOT exist
Edited by yazoo at 2013-2-19 10:38
Hi Vot.Sorry I was a little sloppy in my description.To answer your questions:
1.I should have said expand zbblock.zip. from your web root.
2.It will create just one subfolder zbblock
3. I'm not sure what all the 7 options are.They are explained in the manual, and are for systems with different configurations.I think option 3 works for Windows and 7 works for Linux.I've uploaded a copy of the manual.
4. Sorry not members.php but member.php.Here's what mine looked like after I edited it:<?php require('/home/straying/public_html/zbblock_0_4_10a1/zbblock.php'); ?><?php
/**
* (C)2001-2099 Comsenz Inc.
* This is NOT a freeware, use is subject to license terms
*
* $Id: member.php 20112 2011-02-15 07:10:53Z monkey $
*/
The first php require phrase is the text that I added.
Edit 02/18/2013.Noted some more spam hits, so added the php header to forum.php as well.That eliminated another source...#: 108 @: Mon, 18 Feb 2013 06:03:42 -0800 Running: 0.4.10a1
Host: 91.236.74.103
IP: 91.236.74.103
Score: 1
Violation count: 1
Why blocked: Suspected spamtool mail.ru agent (UA-0135).
Query:
Referer: http://strayingdogs.com/forum.php
User Agent: Opera/9.80 (Windows NT 5.1; U; MRA 5.10 (build 5310); ru) Presto/2.10.289 Version/12.00
Reconstructed URL: http:// strayingdogs.com /dx/forum.php To answer your questions:
Why NEW post???
Just EDIT the first post!
People want to see an instruction in a single post.
:)
Pages:
[1]