Welcome to Geeklog, Anonymous Saturday, November 30 2024 @ 03:57 pm EST
Geeklog Forums
Limit access by country; The Bridge of Death
Status: offline
jalmada
Forum User
Newbie
Registered: 07/23/03
Posts: 12
Location:Northern California
Recently, I downloaded the Bad Behavior plug in and immediately saw great benefit in using it to outwit many a comment spammer. On analyzing the numbers of requests coming into my site and which were caught by Bad Behavior, we came to the following conclusions:
1. Most of our comment spam and referrer spam was coming from China, Russia, Bulgaria, Taiwan, Vietnam, parts of Indonesia and Brazil. Not unique, but definitely surprising because when it is *your* site getting hit and probed, it *is* personal and frankly, angering to see these folks take such liberties with your site and your files/content.
2. We noticed that a large percentage of the requests were for fiscal, insurance and health care scams. Nearly ALL of these, at least in my case, were foreign/offshore domains.
3. The bandwidth being used to service bot and spam requests (with Bad Behavior), while minimal, was still enough that I wondered if there was a better way to handle things by simply locking out the main offenders by group/location. My conclusion was that there were cultures and groups in entire regions that had no valid reason for visiting my sites. The only possible reason was to litter or destroy my hard work with useless trash. The entire world does not need to see your site and it is really your right and prerogative to control what regions can see your web according to your needs.
So, I researched the problem and built an interceptor mechanism that used the following design criteria:
1. The script must use a database that checks an IP address for it's point of origin.
2. A simple query and decision process to decide what region gets access to the site had to be fast and reliable.
3. The script had to not negatively affect the performance of Geeklog.
4. The error-out mechanism for countries on the blacklist has to be simple and save bandwidth. In other words, what the offending country user gets back is a single line "no service" message or similar. With Bad Behavior, there is still the presentation of an entire page and frankly, I figured that I didn't want to reward certain users with anything other than a short and terse "No".
5. The database must be easy to update from reliable sources.
6. The script had to decrease my dependence on .htaccess in a dramatic way.
This problem has been addressed before in other postings on the web and I did find some rather useful information to help us actually write a prototype and to get it working. A potential plug in for Geeklog users will give credit were it is due and would, of course, be freely given to those who are interested in using this tool.
This week, we went ahead and added the script into Geeklog and promptly noted a huge decrease in hacking and spam posting attempts on the site. The remaining hits were all from U.S. spammers and presented a lot less in terms of overhead processing. Additionally, it meant that the spammers would need to use open proxies to hit us and this definitely complicated their lives. With the impending release of the Bad Behavior black-hole project by the author of Bad Behavior, this will add another nice capability to close this hole and will further frustrate those who chose to hack and spam.
We named this package "The Bridge of Death" and perhaps may come up with a more appropriate name, but it is certainly applicable for many reasons.
Without going into exactly how we did it, I can say it was a fun project and the benefit of combining this test along with Bad Behavior, allows for absolute control and a tangible savings of bandwidth and effort on our part while providing the satisfaction of having yet another weapon of mass spam destruction in my arsenal.
So, I'm looking at how to formally write this thing into being a much more capable tool and plug in and wondered if anyone was interested in perhaps discussing the approach and how best to perhaps write this as a plug in for Geeklog? The goal is to make it a freely available plug in and to improve on the method I used. Would anyone find such a tool useful?
Sincerely,
Jon
Jon F. Almada
1. Most of our comment spam and referrer spam was coming from China, Russia, Bulgaria, Taiwan, Vietnam, parts of Indonesia and Brazil. Not unique, but definitely surprising because when it is *your* site getting hit and probed, it *is* personal and frankly, angering to see these folks take such liberties with your site and your files/content.
2. We noticed that a large percentage of the requests were for fiscal, insurance and health care scams. Nearly ALL of these, at least in my case, were foreign/offshore domains.
3. The bandwidth being used to service bot and spam requests (with Bad Behavior), while minimal, was still enough that I wondered if there was a better way to handle things by simply locking out the main offenders by group/location. My conclusion was that there were cultures and groups in entire regions that had no valid reason for visiting my sites. The only possible reason was to litter or destroy my hard work with useless trash. The entire world does not need to see your site and it is really your right and prerogative to control what regions can see your web according to your needs.
So, I researched the problem and built an interceptor mechanism that used the following design criteria:
1. The script must use a database that checks an IP address for it's point of origin.
2. A simple query and decision process to decide what region gets access to the site had to be fast and reliable.
3. The script had to not negatively affect the performance of Geeklog.
4. The error-out mechanism for countries on the blacklist has to be simple and save bandwidth. In other words, what the offending country user gets back is a single line "no service" message or similar. With Bad Behavior, there is still the presentation of an entire page and frankly, I figured that I didn't want to reward certain users with anything other than a short and terse "No".
5. The database must be easy to update from reliable sources.
6. The script had to decrease my dependence on .htaccess in a dramatic way.
This problem has been addressed before in other postings on the web and I did find some rather useful information to help us actually write a prototype and to get it working. A potential plug in for Geeklog users will give credit were it is due and would, of course, be freely given to those who are interested in using this tool.
This week, we went ahead and added the script into Geeklog and promptly noted a huge decrease in hacking and spam posting attempts on the site. The remaining hits were all from U.S. spammers and presented a lot less in terms of overhead processing. Additionally, it meant that the spammers would need to use open proxies to hit us and this definitely complicated their lives. With the impending release of the Bad Behavior black-hole project by the author of Bad Behavior, this will add another nice capability to close this hole and will further frustrate those who chose to hack and spam.
We named this package "The Bridge of Death" and perhaps may come up with a more appropriate name, but it is certainly applicable for many reasons.
Without going into exactly how we did it, I can say it was a fun project and the benefit of combining this test along with Bad Behavior, allows for absolute control and a tangible savings of bandwidth and effort on our part while providing the satisfaction of having yet another weapon of mass spam destruction in my arsenal.
So, I'm looking at how to formally write this thing into being a much more capable tool and plug in and wondered if anyone was interested in perhaps discussing the approach and how best to perhaps write this as a plug in for Geeklog? The goal is to make it a freely available plug in and to improve on the method I used. Would anyone find such a tool useful?
Sincerely,
Jon
Jon F. Almada
10
13
Quote
ironmax
Anonymous
This could be of interest. Send in a report to the devs at http://lists.geeklog.net/mailman/listinfo/geeklog-spam and see if they would be interested in picking this up. You may want to gather all your files involved and what version it is currently working on and get it ready to send to them when that ask for it to see where you are at. Just my :twocents: worth.
Michael
Michael
11
11
Quote
All times are EST. The time is now 03:57 pm.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content