PDA

View Full Version : Spammers' IPs - Time to Fight Back



Moonbat
03-16-2007, 12:11 AM
This thread will be constantly updated, so check back every once in a while.

Here is a list of the IPs of many (if not all) of all the spammers of our forums. By spammers, I mean the people who use just post a whole bunch of links, or some stuff not related to anything to do with computers/technology.

Feel free to try/do what you want with these IPs. I think these spammers deserve a bit of their own medicine, or worse. I'm not too sure that we can really do anything with these IPs, but who cares, we might as well try. Without further ado, here is the spammers' IP list (and their hostnames). I would give more information, but that would take a loooong while.

----------------------------------------
The IP Address is: **5.2.**4.2. The host name is: livani-ap.livani.net.microlink.lv.
The IP Address is: 62.*4*.52.248. The host name is: ns.km2**57-04.keymachine.de.
The IP Address is: 65.2*.56.246. The host name is: CPE-65-2*-56-246.wi.res.rr.com.
The IP Address is: 68.*78.207.*2*. The host name is: ip-68-*78-207-*2*.ip.secureserver.net.
The IP Address is: 58.65.2*7.*6*. The host name is: 58-65-2*7-*6*.myrdns.com.
The IP Address is: 2**.*77.*2*.**. The host name is: pix*-nat-vlan*0.mts-nn.ru.
The IP Address is: 67.85.*2*.5. The host name is: ool-4*558*05.dyn.optonline.net.
The IP Address is: **.*24.*7.*22. The host name is: *22-*7-*24-**.pool.ukrtel.net.
The IP Address is: 8*.207.2*6.240. The host name is: point.lealta.ru.
----------------------------------------

Alright, I'm out for the night, this is pretty tiresome. But don't worry, this thread will constantly be updated.

Moonbat
03-16-2007, 12:11 AM
Reserving for future use

Ezekiel
03-16-2007, 01:44 PM
These IP addresses are mostly going to be in use by new ISP accounts now, so I think a good idea would be to put the spammer's username, IP address and time of spam on each row instead of just scanning and attempting to exploit/DoS attack them (or whatever anyone plans to do with them). This way we prevent people doing anything to IP addresses that have long since been re-assigned, and we keep a record of which IP address was tied to which username at a certain time.

I strongly disagree with those that contact police over forum postings (the Internet isn't for anyone to regulate and free speech should remain), but if the spam was pertaining to criminal activities (e.g. ****** card fraud), the forum would then have a record of the perpetrators' actions and IP address.

Make
03-16-2007, 03:10 PM
Good luck with fight back but i'm not sure of it will help at all.

Mostly of them use proxy servers, they never take a look into any forums because they use automatic submission software that allow them to submit post to *000 forums using weakness of forums (phpBB, vbuletin, Invision Power ***rd etc...).
The best thing is to install some mods that will fight against it.
Because i run phpBB can not help a lot with vbulletin but they have for sure some mods that will help fight back.

Moonbat
03-16-2007, 05:21 PM
Well, the web****** hasn't gotten on in a long while, so I doubt our vBulletin run forums will get any new mods anytime soon.

mike, would posting the hostname of the spammer help? Posting each username is tiresome, and especially with the amount of spam we get, I'd hate to be the one to undertake it, but I guess I can if it'll help stop the spam.

Ezekiel
03-16-2007, 07:00 PM
Well, the web****** hasn't gotten on in a long while, so I doubt our vBulletin run forums will get any new mods anytime soon.

Isn't D. Parker the web******? Even if he's not, I'm sure vBulletin would have an automated way of installing mods.


mike, would posting the hostname of the spammer help? Posting each username is tiresome

The hostname is still usually changed along with the IP address, so unless it uniquely identifies an ISP subscriber, it wouldn't really help.


and especially with the amount of spam we get, I'd hate to be the one to undertake it, but I guess I can if it'll help stop the spam.

I suppose truthfully this forum needs 4-5 moderators to do tasks like this, but if they installed certain mods we would at least lose the bot-spam.

Moonbat
03-16-2007, 07:32 PM
D.Parker is a forum admin, but not the web******. According to him, the web****** isn't registered on the forums.

Make
03-17-2007, 07:06 AM
Web****** need to wake up and to install probably a couple mods that will fight against spamming.
Captcha by registering, captcha by first post for new member, disabling of posting links until you have 5 post, extra simple question (required to answer) by registering etc... are just for example that will reduce spamming this ***rd for **&#*7;.
It is for sure seriously problem and i know that web****** of some ***rd decided to close their ***rd because they feel helpless against spam.

btw

Posting ip address or hostnames will not help against spamming.As i told you they even do not look into ***rds and do not care because they use automated forum posting tools.That's are so advanced tools that they can read captcha and do many other things but web****** still can do a lot to prevent spamming.

Ezekiel
03-17-2007, 07:37 AM
Web****** need to wake up and to install probably a couple mods that will fight against spamming.
Captcha by registering, captcha by first post for new member, disabling of posting links until you have 5 post, extra simple question (required to answer) by registering etc... are just for example that will reduce spamming this ***rd for **%.

Not really; most CAPTCHAs have weaknesses which make them useless in preventing automated activity. If I remember correctly, the vBulletin CAPTCHA can be beaten *00% of the time. PHPBB is similarly vulnerable.

In the same place I read about this, the research showed that only a few online services had CAPTCHAs that worked. Here's the link:

http://sam.zoy.org/pwntcha/

softbaked
03-17-2007, 11:26 AM
Not really; most CAPTCHAs have weaknesses which make them useless in preventing automated activity.

Don't knock it until you have tried it personally. I manage many websites with forums and used to have trouble with spammers, after I installed a decent CAPTCHA my automated spam posting was completely eliminated, the trick is to not use the default CAPTCHA's that come with the software, the spammers have cracked those and will continue to crack them because they know most people will use the default CAPTCHA.

It's sad that the owners of www.all-nettools.com have giving up fighting the spam in their forums, it really does reflect on their business image, I hope they take charge and eliminate this spam problem here because I really like and use this site alot and I know alot of other people do too. It will take some time and effort to clean up and eliminate the spammers here but it can be done.

Another point is the forums here will need more than a good CAPTCHA to fight and win this battle, there are a couple other things they need to do (of which I will not go into here because the spammers will be reading this) that will eliminate **.**&#*7; of the problems. The last .0*% will be the spammers who get aggravated and do the dirty work by hand but if your on the ball and delete those post as fast as they post them they will soon give up because its not worth their time.

Yes, you too can stop being the spammers bitch, if you just fight back for a little while. Anything worth keeping is worth fighting for.

EDIT:
Those IP addresses that Moonbat posted are a good start, but the smart thing to do with them is to look up the entire IP range assigned to each address and then block those IP ranges from even having access to this site, its very easy to do by adding that info to a .htaccess file or even editing the web servers httpd.conf file.

Moonbat
03-17-2007, 12:09 PM
Some of the IP addresses here (and in other spam) don't look like proxies, but actual assigned IPs. If we block those ranges, some real visitors might not be able to access the forums.

softbaked
03-17-2007, 12:29 PM
Some of the IP addresses here (and in other spam) don't look like proxies, but actual assigned IPs. If we block those ranges, some real visitors might not be able to access the forums.

True but the majority of those IP ranges are from countries like Russia, blocking those are a no brainier, the ones that map back to USA are obviously compromised pc's (i.e. zombies for the spammers, your doing everybody a favor by reporting this). What you do with those is report that IP address with a date and time to the ISP noting that the user is promoting drugs and pornography illegally (with links to the crime). I've had great success with this method, with a little leg work and some smarts you can beat this.

Also if someone is using a proxy server to post or register here they should be blocked (another easy thing to do). You should let people read the forums or surf the site with a proxy if they want but this forum is innocent and there should be no reason to hide who you are if your posting or registering unless.... you do have something to hide..... like mayby the fact you are a scumbag spammer.

Proactive steps like this will not effect your legitimate users and will be transparent to them, the only people who will feel the pinch will be the bad ones.

Moonbat
03-17-2007, 12:31 PM
Well, those are all good s***estions, but the fact of the matter is, I'm just a mod, I don't have any power over blocking IPs, installing mods, etc.

I'll contact the admin, who'll contact the web******.

Make
03-17-2007, 01:42 PM
Not really; most CAPTCHAs have weaknesses which make them useless in preventing automated activity. If I remember correctly, the vBulletin CAPTCHA can be beaten *00% of the time. PHPBB is similarly vulnerable.

In the same place I read about this, the research showed that only a few online services had CAPTCHAs that worked. Here's the link:

http://sam.zoy.org/pwntcha/

I have mention a couple things that will make spammers life harder. Not only captcha. If you make combos of all of them it will reduce spamming to *% on this ***rd.

Ezekiel
03-17-2007, 02:38 PM
Don't knock it until you have tried it personally. I manage many websites with forums and used to have trouble with spammers, after I installed a decent CAPTCHA my automated spam posting was completely eliminated, the trick is to not use the default CAPTCHA's that come with the software, the spammers have cracked those and will continue to crack them because they know most people will use the default CAPTCHA.

I've run several forums and what I found is most CAPTCHAs can be programatically defeated, but when you don't use the default settings, you tend to lose the spammers (unless the mod is well-known). They write their spamming software for the default forum settings. So most of the time it's not the CAPTCHA that prevents spam, but the variation from the widely-deployed settings. One change to the login system of a forum can be enough to lock out spammers until this change becomes used widely enough for it to be worthwhile for them to build support for these changes into their programs. So pretty much what you said :).


It's sad that the owners of www.all-nettools.com have giving up fighting the spam in their forums, it really does reflect on their business image, I hope they take charge and eliminate this spam problem here because I really like and use this site alot and I know alot of other people do too. It will take some time and effort to clean up and eliminate the spammers here but it can be done.

One of the admins recently has re-appeared and has pledged to fight the spam; I haven't seen much change as of yet though.


EDIT:
Those IP addresses that Moonbat posted are a good start, but the smart thing to do with them is to look up the entire IP range assigned to each address and then block those IP ranges from even having access to this site, its very easy to do by adding that info to a .htaccess file or even editing the web servers httpd.conf file.

It would work in theory, but rejecting a whole block of ISP ********s based on one (potentially unwilling zombie) spammer could be something the admins object to.


noting that the user is promoting drugs and pornography illegally (with links to the crime)

There's nothing illegal about promoting porn or drugs, and I don't think we can really call spam a crime. At least on this scale.

I suppose the ISP of a user would probably cancel a user's account because of this though, and that's what we want.

softbaked
03-17-2007, 04:23 PM
One change to the login system of a forum can be enough to lock out spammers.


Hi Mike, yes as I posted above (see my quote below) a CAPTCHA is not the final solution for spam defense but a good CAPTCHA will stop *0% of it.



Another point is the forums here will need more than a good CAPTCHA to fight and win this battle, there are a couple other things they need to do (of which I will not go into here because the spammers will be reading this) that will eliminate **.**% of the problems.




One of the admins recently has re-appeared and has pledged to fight the spam; I haven't seen much change as of yet though.


I hope they follow through, I estimate it will take less than 4 hours to clean everything up and put the proper things in place to keep it out. (* hour a day for four days is all it would take)



It would work in theory, but rejecting a whole block of ISP ********s based on one (potentially unwilling zombie) spammer could be something the admins object to.


I would never block an entire block an entire IP range from any country(s) that many of my users come from as my post above explains, the work around I mentioned does work.



What you do with those is report that IP address with a date and time to the ISP noting that the user is promoting drugs and pornography illegally (with links to the crime).


If you do or say nothing the answer is no.



There's nothing illegal about promoting porn or drugs, and I don't think we can really call spam a crime. At least on this scale.


Yes it is illegal to sell pharmaceutical drugs on the internet without a license, I'm sure every drug link from this sites points to somebody who is not licensed, (i.e. any legitimate seller of pharmaceutical is not going to spam your site). As for the porn, the law requires a warning to minors before they are shown any nudity, I do not see any warnings here or in any of the porn posts and in fact if a minor were exposed to porn from a link on this forum his/her parents could sue Nettools, if you don't believe that I'll post links of proof.


There is not one single silver bullet solution that will fix the spam problem on its own, it's the combination of road blocks you put up that make it too time consuming (i.e. not profitable) for the spammer(s) to continue, I know this from experience because I'm a security consultant, I get paid to fix problems like this and believe me this is a minor one here that would take very little time to correct. The only reason I posted is because I have used this site in the past to gather information about the spammers and hackers I battle every day and I just wanted to return the favor.

On a side note once this place is cleaned up and proper protection is in place the forum admins will still have to delete some spam posts themselves because the spammers will be testing the system and looking for holes by hand, experience has shown me that this is short lived because it is simply not profitable for them if it takes too much time to post and then it gets deleted in a matter of hours along with their account.

Good luck with all this.

Halla
03-18-2007, 03:58 PM
If anyone attacks those IPs its going to result in some poor stupid user that has some malware on their machine getting attacked and saying "OMG@random hacker attacks!**!"

The best defense against forum spam bots is to delete them and NOT to visit the addresses they link to. Ignoring and removing them is the ideal approach because even spam costs ***** and if nothing is gained by spamming (site traffic/rankings/sales) then spamming will become a waste of ***** and therefore stop.

Thats my opinion on the matter. All you need are a few good trusted mods with topic deletion or at least profile edit ability... but being these forums are no longer regulated Id call it a lost cause overall for these forums at least.

edit:
As far as the parents sueing for minors being exposed to porn I hate to tell you this but its not the sites responsibility for user based content and that lawsuit would fail... and fail miserably. If that were the case I could use my kids as lawsuit machines and go post a pic of some boobs on a yahoo profile then sue yahoo cause my kids saw it, and do the same with AOL, MSN, myspace, facebook, every free hosting service on the net, every paid hosting service on the net... come to think of it anywhere anyone can post anything, including avatars, photbucket, imageshack and anything else.

As far as the pharmaceuticals go, as long as people BUY them they will find loopholes to SELL them.

***** talks. the more you have the louder it talks.
thats just the way it is.

Make
03-18-2007, 04:09 PM
It is worth of time to check this article but since administrator of this ***rd have disappeared for unknown time nothing will help. I hope that he still care about this site and ***rd:

http://www.nedbatchelder.com/text/stopbots.html

Ezekiel
03-18-2007, 06:49 PM
The best defense against forum spam bots is to delete them and NOT to visit the addresses they link to. Ignoring and removing them is the ideal approach because even spam costs ***** and if nothing is gained by spamming (site traffic/rankings/sales) then spamming will become a waste of ***** and therefore stop.

Most of the bot-spammers actually prefer it if you don't visit their site -- they are posting to increase their search engine ranking for certain keywords, not to draw in visitors from the forum. They prefer forum users not to visit because the forum people are likely to be annoyed at the spam and contact their hosting service to get them shut down, whereas people Googling for a related phrase are more likely to buy whatever crap they have on their website. Well, that's my guess anyway -- I don't know any spammers :).


Thats my opinion on the matter. All you need are a few good trusted mods with topic deletion or at least profile edit ability... but being these forums are no longer regulated Id call it a lost cause overall for these forums at least.

Yeah, mods are the answer. In fact one admin has recently come back, but he has disappeared since yesterday.


It is worth of time to check this article but since administrator of this ***rd have disappeared for unknown time nothing will help. I hope that he still care about this site and ***rd:

http://www.nedbatchelder.com/text/stopbots.html

A very informative article. Perhaps something this forum's web******(s) should read.

D.Parker
03-20-2007, 12:45 PM
Thanks for all your feedbacks. We've already fixed several issues on the forum, and surely will continue to make it better and more convenient. Currently we're focused on fighting spam and now are looking for solutions that would really work against spambots. If you have any - feel free to PM me, I'd kindly appreciate it.

Ezekiel
03-20-2007, 01:52 PM
Thanks for all your feedbacks. We've already fixed several issues on the forum, and surely will continue to make it better and more convenient. Currently we're focused on fighting spam and now are looking for solutions that would really work against spambots. If you have any - feel free to PM me, I'd kindly appreciate it.

I don't know if it's been s***ested in this thread yet, but 'textual confirmation' mods work really well against spammers. I've installed one on my forum and I get about 5 emails per day informing me of spam accounts that this mod has caught and blocked.

Basically, you install the mod and you specify questions only answerable by humans. An example: "What is the capital of Australia?". If these are not answered on registration, the account is not created.

I've only done this on PHPBB, but there's probably something similar for vBulletin.

Moonbat
03-20-2007, 07:43 PM
mike*5*??
o_O

Ezekiel
03-21-2007, 02:00 PM
mike*5*??
o_O

Yeah, I asked for a small username change.

I also became a moderator, but I thought it would be a bit egocentric to make a whole thread about it.

Troll
03-22-2007, 09:24 AM
Yeah, I asked for a small username change.

I also became a moderator, but I thought it would be a bit egocentric to make a whole thread about it.

I thought you wrote your last post on this forum a couple of weeks ago? :P

The only way to fight spam is by have some active adminstrators which can delete spam posts as soon as they are posted... or install mods..

There lots of mods which can help stop spam (human validation, filter out spammy words such as "porn" and "drugs", etc..), but the best way is to have active admininstrators in my opinion..

Make
03-22-2007, 10:58 AM
I still see a lot spam bots posting everyday on this ***rd.
I'm Admin on popular proxy phpBB forum and i have installed a couple antispam mods and since then we never get any spam post. Actually the last *2 months not any spambot has bypassed ***rd protection.
The posts from spambot on our ***rd is 0&#*7;.

Spambots are coded to use well known weakness by popular ***rd but if you install combos of a couple antispam mods you will reduced spam to 0%.

Ezekiel
03-22-2007, 02:05 PM
I thought you wrote your last post on this forum a couple of weeks ago? :P

Yeah, I decided to come back.


The only way to fight spam is by have some active adminstrators which can delete spam posts as soon as they are posted... or install mods..

The moderators can delete spam as well as the administrators, so with three of us it should be easier. A forum modification would be better though, as you said.


I still see a lot spam bots posting everyday on this ***rd.
I'm Admin on popular proxy phpBB forum and i have installed a couple antispam mods and since then we never get any spam post. Actually the last *2 months not any spambot has bypassed ***rd protection.
The posts from spambot on our ***rd is 0&#*7;.

I can vouch for that. After installing textual confirmation on my forum, I get several emails per day telling me that a bot has been blocked from registering. Just shows how many spammers are crawling the Internet.

cadamd123
05-04-2007, 02:24 PM
I am new here, but to answer the question, yes I agree, give them a taste of their own medicine. Fight bots with a B0tNet. I will see what is feasible with given IP's, this seems to be a very informative and intuitive site, so I will do what I can to help it.

Moonbat
05-04-2007, 05:52 PM
Actually, our forum installed an anti-spam measure a few days ago, and it's lowered the spam down a good number.

But we're still getting some. And I'll still update the list:D

shahzadmasih
07-06-2007, 01:18 PM
Hi, this post is very informative; however I would like some specific information. If someone can help me then please send me a private message. Best Regards,

<mod edit>

forums2@imzeeconsulting.com
forums2@imzeeconsulting.com
forums2@imzeeconsulting.com
forums2@imzeeconsulting.com

202.*42.*7*.2*2
202.*42.*7*.2*2
202.*42.*7*.2*2
202.*42.*7*.2*2

SPAM ME!

</mod edit>

Ezekiel
07-06-2007, 01:21 PM
Hi, this post is very informative; however I would like some specific information. If someone can help me then please send me a private message. Best Regards,

Just die, spammer. Right now.

Your businesses are doomed to fail if you have to use spam to attract ********s. Successful businesses offer either a unique product or service, or a product or service at much cheaper price than others. Word of mouth should be enough if you are such a business.

Edit: god damn it, I just realised my post count moved off ***7 :(.

Moonbat
07-06-2007, 06:01 PM
Hmm.. which post was your *k post, I never saw it.

pekokope
07-07-2007, 11:33 AM
:) :) :) :) :) :) :) :) :)

deviant
08-15-2007, 06:07 AM
I have found that most of spammers IP's are fake.

We are fighting an endless battle at work at the moment with attached PDFs containing StockMarket info.
The weird thing is that they are named after the user i.e. username-invoice.pdf
I have stopped exchange server from relaying (i think) but it just gets worse.
TrendMicro can block attachments with certain names that you setup but it sends a email to the user everytime it blocks one. Its just as bad as the original spam message. I have disabled notification but they still get through (the messages) :mad:

mike952
09-03-2007, 02:31 PM
am in .. just tell me what to do .. ?

let's start the war

Ezekiel
09-03-2007, 04:10 PM
am in .. just tell me what to do .. ?

let's start the war

I have to say, I disapprove of your username. Are you trying to impersonate me?

I'll be forced to ban you in one day unless there's a non-malicious reason for choosing it.

Moonbat
09-03-2007, 04:13 PM
Mike, you should get an avvie like me and SyntaX already have. That way it'd be easier to tell you apart from fakes.

Ezekiel
09-03-2007, 06:42 PM
I can't think of any humorous or cool images I'd like to upload, so I'll just have to catch scammers for now.

It's weird to look how many people registered similar usernames to my old one, and my current one. I must have made a lot of people angry.

craig666
09-05-2007, 08:34 PM
I run a vb forum, most spam loonies used the same d.o.b, something + **80, usually untraceable ip & addy, so we blocked all newbies, kept em penned up in the top intro section, until someone verified them and they posted within a week, then delete :D
Did well on my members numbers though for a while.

Moonbat
09-05-2007, 09:10 PM
Seems like a good idea, I'll see what others (including D.Parker) think.

Ezekiel
09-06-2007, 05:51 AM
Seems like a good idea, I'll see what others (including D.Parker) think.

Have you messaged him?

I think this is a good idea. It would block all the accounts that are for spamming or scamming, or are never used.

I mean, why bother registering on a forum if you never intend to use the account?

gordo
09-06-2007, 07:39 AM
"I mean, why bother registering on a forum if you never intend to use the account?"
There are lurkers out there who don't want to post, but want to read and learn.

Moonbat
09-06-2007, 09:07 AM
You can read the forums without registering.

ibionika
06-24-2009, 03:39 AM
I tried this. When I tried to drag them back into outlook express, the eml files went into a New

Message. Any advice, anyone?

Thanks for replying Coop.

agunawanika
08-06-2009, 01:03 PM
I've just sign up here..still new..so I'll try to listen what kind of topic here..

Blereete73
10-30-2009, 01:09 PM
Only kidding. Ive obviously spent too much time with Squiffy, Rich, and * today. As soon as Squiffs finds the FAQs and learns how to moderate a ***rd...

ReverseInternet
04-06-2010, 03:59 AM
We’ve just lauched reverse Google Analytics ID lookup (http://reverseinternet.com/) service that allows you to find websites by the same owner based on Google affiliate IDs that they use. You can also do lookups based on IP address and nameservers

jeanlee411
04-25-2010, 01:52 PM
Some of the IP addresses here (and in other spam) don't look like proxies, but actual assigned IPs. If we block those ranges, some real visitors might not be able to access the forums.

akitodito
04-29-2010, 08:27 AM
So, presumably you have the updater installed?

Have you tried disabling the use of Internet Guide? This is covered in their documentation and in various posts here - Im happy to point you to the relevant information if you cant find it but please dont make multiple, identical, posts.

hewenxiu1234
05-17-2010, 04:58 AM
A very good post and certainly these are points really useful.

goldjothi
05-25-2010, 03:22 AM
There is not one single silver bullet solution that will fix the spam problem on its own, it's the combination of road blocks you put up that make it too time consuming (i.e. not profitable) for the spammer(s) to continue, I know this from experience because I'm a security consultant, I get paid to fix problems like this and believe me this is a minor one here that would take very little time to correct. The only reason I posted is because I have used this site in the past to gather information about the spammers and hackers I battle every day and I just wanted to return the favor.