Jump to content

Message board spam

Klem

By Klem
in PHP Coding Help

 Share

Recommended Posts

requinix Prolific Member

requinix

Posted
Posted

:psychic:

What board?
"Built" as in you made it yourself?
How old?
Where is the spam happening?
What type of spam is it?
How much?
Are there any existing anti-spam measures that aren't catching them for some reason?
Do you require user registrations?
How are you handling account validation?
Tried using CAPTCHAs?
Tried IP bans?
Email address domain name bans?

  • Like 1
Link to comment
Share on other sites
Klem Newbie

Klem

Posted
  • Author
Posted

I made it myself about 15 years ago.  Just started, looks like ads for something or other, a lot of the same one over and over again.  It's a simple site for 12 family members so I've never used any kind of registrations etc.  No other anti-spam measures, never needed them till now.

 

Link to comment
Share on other sites
JacobSeated Member

JacobSeated

Posted
Posted

I really would not block traffic from specific IP addresses or regions, but you can do it using Maxmind free GEO-location databases; the problem is you need to update the database occasionally. I wrote a script to do that automatically, and I do actually need it for a cookie consent mechanism. Another option is to compile your own databases, because the data is made available, it is just a bit difficult if you are not used to working with that stuff.

Just a few ideas:

  • Check the database for previous spam messages posted by an IP, and reject new messages by known spammers; that would be messages that has been hidden or blocked. You don't just delete the spam, because you might want to analyze it.
  • Check the database for exact match- and variations of messages that has been blocked. If something has been blocked before, there is no reason to allow someone to post it again.
  • Rate-limit your incoming HTTP POST requests on certain URLs

I am not sure, but I think fail2ban should be able to do rate limiting. I am only using it for e-mail servers though, since my CMS already has build-in rate-limiting.

If you made this 15 years ago, then I would recommend looking into moving it to a custom Wordpress solution. There are plugins to help with rate limiting and other stuff..

Link to comment
Share on other sites
Barand Prolific Member

Barand

Posted
Posted
24 minutes ago, Klem said:

All the spam is coming from the UK.  Is there a way to block UK sites from getting in?

According to my IP lookup table there are around 250,000 ranges of ip addresses for the UK so you could block if it is one of those. 

mysql> SELECT COUNT(*) FROM ip_lookup WHERE country = 'United Kingdom';
+----------+
| COUNT(*) |
+----------+
|   257455 |
+----------+

Alternatively you could check if the ip address is that of one of your 12 friend/family members and allow if it is.

Link to comment
Share on other sites
Klem Newbie

Klem

Posted
  • Author
Posted

Well I'm getting hundreds of these every day now and it would be impossible to block them all individually.  They all have different URLs depending on what they're selling, but all from co.uk.   And I know no one from the UK.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.