List of Forum Hacker/Spammers

[mike]

Our forum gets assailed on a daily basis by various sundry script kiddies, hackers, spammers and miscellaneous riffraff. Each and every day I add to the list of domains and IP addresses that I ban from our forum/servers/network.

Today it occured to me that I should also just go ahead and publish the info I'm banning so that any of you operating a blog, forum, or some other spammer/hacker/delinquent magnet type of site could have a heads up.

Now, I'm not advocating, directing, calling for or promoting that anybody else should ban the following domains/IPs from their network, I'm just letting everybody know that I have.

Not really wanting to dig thru old stuff (because there is so much of it) I will just start from today's round of miscreants and move forward from there, updating this post as necessary.

Starting with:

@intop101.com
@intop10.com

86.124.42.39
210.150.125.195
65.98.55.242
212.50.16.107
82.239.233.10
201.44.205.48
81.214.127.3
83.21.0.60
61.11.35.155
210.167.189.57
84.16.137.234
218.47.185.133
58.148.4.89
200.31.150.131
219.2.128.59
124.104.35.158
218.128.224.112
201.17.170.149
201.20.108.47
70.84.235.18
61.238.105.199
200.90.88.104
218.28.226.117

Examples of the URL's they're creating links to in sig lines:

auto-repair.intop10.com
claritin.intop10.com

Created many many accounts -all under different IPs too. But there they are.



Any email address at

@betroyalpoker.com

[greeneagle]

applause!

Ken

[nerdbyte]

I thought IPs were too easy to spoof. What is the point? What about people (like me) who go through a shared IP on most occasions because I'm behind a satellite network?

[mike]

Well, its not ideal, no. But it's the best I can do.

[mike]

219.94.108.234 - pornspam
125.252.0.10 - pornspam
58.121.5.186 - pornspam
62.7.244.103 - pornspam
62.183.50.164 - pornspam
58.227.180.203 - pornspam
66.246.246.164 - pharmspam
62.140.23.20 - mortgagespam
60.191.251.9 - pornspam
125.190.42.23 - pornspam
218.232.87.30 - pornspam

[mike]

222.110.5.166 - spam
61.98.14.155 - spam
211.107.212.250 - spam
222.236.34.90 - spam
207.195.240.33 - spam
211.87.214.100 - spam
211.200.198.182 - spam
219.240.12.173 - spam

[dharrison]

I have a feeling this thread is going to get very long in size over the next few weeks.

Still well done for publishing it. ;)

[mike]

Actually, I'm expecting a sharp decrease. I found a way to stomp (most of) these guys at the front door.

Tomorrow, spamming my profiles is going to become inifinitely more challenging.

Bwahahahaaaa!

[greeneagle]

Mike:

Quote:

Actually, I'm expecting a sharp decrease. I found a way to stomp (most of) these guys at the front door.

Thanks, It's been somewhat unpleasent for a while.

When I come back, for some time now, it's dealing with spammers first and then carrying on...Not to mention "issues" between members...

Ken

[Easywebdev]

What I do on any phpBB boards I have under my control is to only submit the username, email and passwords in the registration process. Only make the profile available to those users who actually complete the registration by clicking the activation link. I add a little message to the activation email saying the first thing they should do after logging in is to complete their details in their profile.

Also I know if I get a registration with a non null website then its a bot and I just exit(); at that point.

If they complete the registration process and then spam well I have a valid email to block rather than ip blocking.

Cuts way down on profile website/sig spamming.

[dharrison]

Quote:

Originally Posted by mike

Actually, I'm expecting a sharp decrease. I found a way to stomp (most of) these guys at the front door.

Tomorrow, spamming my profiles is going to become inifinitely more challenging.

Bwahahahaaaa!

Errr, good luck!?! ;)

[mike]

Mission accomplished.

Profile bots have been eliminated (a BUNCH of them) and they will find a surprise or two waiting for them when they return.

I daresay we're profile bot-proof now.

[bj]

If for any reason this fails you should consider speaking with Michael Hampton, the genius behind WordPress Bad Behavior. He may have already ported Bad Behavior to phpbb. I know he's already done Expression Engine and MediaWiki.

Bad Behavior

My blog comment spam went from a few hundred a day to a few a day, and I haven't yet upgraded to the most recently released version. I expect it'll drop off further after I get around to upgrading.

[aprentice_hacker]

please can can you give me some advice on hacking through a basic login

thanks

[wige]

Quote:

Originally Posted by aprentice_hacker

please can can you give me some advice on hacking through a basic login

thanks

Sure.

Don't do it.

Your welcome.

Note: I apologize for the snarky tone, but a post in a year old thread about securing login registrations on a webmaster forum asking how to attack web sites? Really? Seriously?

[AVC]

You have seen nothing yet Mike, look at this list.

http://www.forumpostersunion.com/sho...?t=1112&page=6

You will see the inside of how forum hackers work.

[aprentice_hacker]

Quote:

Originally Posted by wige

Sure.

Don't do it.

Your welcome.

Note: I apologize for the snarky tone, but a post in a year old thread about securing login registrations on a webmaster forum asking how to attack web sites? Really? Seriously?

hu i only want to see if my login script is hacker proof

[aprentice_hacker]

Quote:

Originally Posted by wige

Sure.

Don't do it.

Your welcome.

Note: I apologize for the snarky tone, but a post in a year old thread about securing login registrations on a webmaster forum asking how to attack web sites? Really? Seriously?

hu i only want to see if my login script is hacker proof