Welcome to Geeklog, Anonymous Thursday, December 26 2024 @ 08:02 am EST
Geeklog Forums
Block spambots from creating fake user accounts
Status: offline
ChuckMunson
Forum User
Newbie
Registered: 01/27/10
Posts: 4
I've been running a popular news site (http://news.infoshop.org/) using Geeklog for many years. We are really happy with Geeklog and think that it is one of the most elegant CMSes for running a high traffic news site.
That being said, we've been struggling with some spambot problems for many months, if not the past year.
We don't have very few problems with comment spam and get several fake story submissions every day, but our main headache is a spambot or bots that knock the site offline every day. I usually have to fix the problem by restarting MySQL and Apache. I'm tired of doing this and want our site to have 99% uptime.
I would like to find a way to prevent spambots from ever touching the MySQL database for our site, which is evidently how their activities are bring down the site. Would like to prevent them at the server level from accessing the MySQL database. Or should we install a CAPTCHA to screen new user registrations?
It appears that the spambot that take down our MySQL is the one that creates fake email accounts with .ru, gawab.com, and ukr.net domains, among others. Recently the spambot has been creating more fake registrations with Gmail accounts. The MySQL database appears to go down whenever this spambot is the most active. I've been able to combat it better lately by using the "Batch Admin" feature under "Users" admin, where I just delete new accounts where the "user" hasn't logged in.
Also, we have legitimate users who complain that their story submissions are rejected as spam. Does anybody know how to tweak the relevant spam filter to allow legit stories?
Thanks!
Chuck
That being said, we've been struggling with some spambot problems for many months, if not the past year.
We don't have very few problems with comment spam and get several fake story submissions every day, but our main headache is a spambot or bots that knock the site offline every day. I usually have to fix the problem by restarting MySQL and Apache. I'm tired of doing this and want our site to have 99% uptime.
I would like to find a way to prevent spambots from ever touching the MySQL database for our site, which is evidently how their activities are bring down the site. Would like to prevent them at the server level from accessing the MySQL database. Or should we install a CAPTCHA to screen new user registrations?
It appears that the spambot that take down our MySQL is the one that creates fake email accounts with .ru, gawab.com, and ukr.net domains, among others. Recently the spambot has been creating more fake registrations with Gmail accounts. The MySQL database appears to go down whenever this spambot is the most active. I've been able to combat it better lately by using the "Batch Admin" feature under "Users" admin, where I just delete new accounts where the "user" hasn't logged in.
Also, we have legitimate users who complain that their story submissions are rejected as spam. Does anybody know how to tweak the relevant spam filter to allow legit stories?
Thanks!
Chuck
13
13
Quote
Status: offline
Dirk
Site Admin
Admin
Registered: 01/12/02
Posts: 13073
Location:Stuttgart, Germany
CAPTCHA, as you said, would be one option. Bad Behavior is another.
There's also a config option to blacklist email addresses
Configuration > Geeklog > Users and Submissions > User Submission > Automatic Disallow Domains
If you get hit really hard, you should look through your webserver's logfiles and see if you can identify and block IP addresses or IP ranges that the bots are coming from.
As for the submissions being rejected as spam: Check the Spam-X log for the reason. If it's because of SLV, add the URLs to the SLV whitelist.
bye, Dirk
There's also a config option to blacklist email addresses
Configuration > Geeklog > Users and Submissions > User Submission > Automatic Disallow Domains
If you get hit really hard, you should look through your webserver's logfiles and see if you can identify and block IP addresses or IP ranges that the bots are coming from.
As for the submissions being rejected as spam: Check the Spam-X log for the reason. If it's because of SLV, add the URLs to the SLV whitelist.
bye, Dirk
12
13
Quote
Status: offline
ChuckMunson
Forum User
Newbie
Registered: 01/27/10
Posts: 4
Thanks, Dirk, for the advice.
I blocked more IP addresses at the server level using IPs from the Spam-X log file. Was amused to find duplicate entries, so perhaps the spambots are kind of lazy when it comes to generating fake return IPs.
I know that one of the spambots that hits our server relies on IP addresses of open proxies in Europe, Asia and South America. Not sure if that one is still active or if they are using more random IPs.
The one spambot is definitely creating fake registrations using Gmail email acounts.
Chuck
I blocked more IP addresses at the server level using IPs from the Spam-X log file. Was amused to find duplicate entries, so perhaps the spambots are kind of lazy when it comes to generating fake return IPs.
I know that one of the spambots that hits our server relies on IP addresses of open proxies in Europe, Asia and South America. Not sure if that one is still active or if they are using more random IPs.
The one spambot is definitely creating fake registrations using Gmail email acounts.
Chuck
14
11
Quote
All times are EST. The time is now 08:02 am.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content