61
Medic1
Re: To Admin - Spammer Targeting Xoops sites
  • 2007/7/3 21:40

  • Medic1

  • Just popping in

  • Posts: 44

  • Since: 2005/10/1


Where can I find Captcha?

My calender is getting hammered.

62
Medic1
Re: To Admin - Spammer Targeting Xoops sites
  • 2007/7/3 21:40

  • Medic1

  • Just popping in

  • Posts: 44

  • Since: 2005/10/1


Where can I find Captcha?

My calender is getting hammered.

63
Gredenko
Re: To Admin - Spammer Targeting Xoops sites
  • 2007/7/4 1:39

  • Gredenko

  • Just popping in

  • Posts: 25

  • Since: 2007/3/15


In my website he,she doesn't matter use this
"randon" ip

Quote:
127.0.0.1|59.93.213.93|24.252.205.207|
24.252.205.207|72.45.63.183|74.34.204.161|
125.129.17.113|66.75.202.49|24.252.205.207|
64.28.177.138|142.68.67.11|70.48.235.68|
69.225.117.15|80.81.34.29|65.189.234.113|
24.141.230.233|80.81.34.29|61.232.61.43|
142.68.67.11|

64
draj
Re: To Admin - Spammer Targeting Xoops sites
  • 2007/7/4 5:20

  • draj

  • Quite a regular

  • Posts: 271

  • Since: 2005/6/23


Quote:

Gredenko wrote:
In my website he,she doesn't matter use this
"randon" ip
127.0.0.1|59.93.213.93|


It would not be very effective.

Better is the following:

59.93.213.$|,59.93.213.$|,

In the above, there is a dollar sign in the last IP Block to that that Block is entirely deactivated obtaining access.

If you use a Normal 1-IP address, then the spammer would still be able to get in because the old ip was mostlikely a dynamic one from a DHCP server.

Hence the entire block mean that even the next time, his ip address from that pool could be captured.

Mind you, many big providers have a very large pool of ip address so even deactivating of the last block may not be effective. If you want to really deactivate the entire block of that provider, then you must use an utility for figure out the blocks of ip addresses that he owns and deactivate them.

65
draj
Re: To Admin - Spammer Targeting Xoops sites
  • 2007/7/4 5:42

  • draj

  • Quite a regular

  • Posts: 271

  • Since: 2005/6/23


Hi,
Quote:

Medic1 wrote:
My calender is getting hammered.


Did you try changing names of the scripts like I mentioned in my message @ SF.net? You can do the following:

signup.php >> 2063456254.php

etc. and then give correct links everywhere. Then the bots or automated scripts used will not be able to find the signup.php!

Kinda hide and seek game.

66
peterr
Re: To Admin - Spammer Targeting Xoops sites
  • 2007/7/4 6:24

  • peterr

  • Just can't stay away

  • Posts: 518

  • Since: 2004/8/5 9


Considering that Google gave me 12,500 hits on 'george-walker-bush.info' , then it has to be some sort of automatted tool doing the registration (bot/crawler).

I read not so long ago, that even with a 'captcha', there are some people who have worked out how to determine the 'string' within the image file, so they can even get around that.
NO to the Microsoft Office format as an ISO standard.
Sign the petition

67
peterr
Re: To Admin - Spammer Targeting Xoops sites
  • 2007/7/4 6:49

  • peterr

  • Just can't stay away

  • Posts: 518

  • Since: 2004/8/5 9


The domain ' ' doesn't resolve to an IP address, however the 2 name servers for that domain are ns1.agnitumhost.net and ns2.agnitumhost.net , some results ...

=====================

Searching for ns1.agnitumhost.net NS record at l.root-servers.net [198.32.64.12]: Got referral to g.gtld-servers.net. (zone: net.) [took 34 ms]
Searching for ns1.agnitumhost.net NS record at g.gtld-servers.net. [192.42.93.30]: Got referral to ns2.agnitumhost.net. (zone: agnitumhost.net.) [took 49 ms]
Searching for ns1.agnitumhost.net NS record at ns2.agnitumhost.net. [203.174.83.110]: Timed out. Trying again.
Searching for ns1.agnitumhost.net NS record at ns1.agnitumhost.net. [203.174.83.109]: Timed out. Trying again.
Searching for ns1.agnitumhost.net NS record at ns1.agnitumhost.net. [203.174.83.109]: Timed out. Trying again.
Searching for ns1.agnitumhost.net NS record at ns2.agnitumhost.net. [203.174.83.110]: Timed out. Trying again.
Searching for ns1.agnitumhost.net NS record at ns2.agnitumhost.net. [203.174.83.110]: Timed out. Trying again.
Searching for ns1.agnitumhost.net NS record at ns1.agnitumhost.net. [203.174.83.109]: Timed out. Trying again.

=====================================

If you do a domain dossier an the company that has that IP block, they are in Singapore, and there is an email address for spam, abuse, etc.

Might be worth sending them an email ??

Also the company that has the domain registered is "EstDomains" (http://estdomains.com ), and they have a 'contact us' and 'report abuse' functions on their website.

I realise the domain 'george-walker-bush.info' is not hosted, only registered, but it may help to contact the registrar, if no help there, it may be a metter for ICANN ??
NO to the Microsoft Office format as an ISO standard.
Sign the petition

68
peterr
Re: To Admin - Spammer Targeting Xoops sites
  • 2007/7/4 7:04

  • peterr

  • Just can't stay away

  • Posts: 518

  • Since: 2004/8/5 9


Quote:

Medic1 wrote:
Where can I find Captcha?

My calender is getting hammered.


See the post at https://xoops.org/modules/newbb/viewtopic.php?topic_id=59159&viewmode=flat&order=ASC&start=50#forumpost264873 by "nachenko".

The download for the DuGris SecurityImage is here
NO to the Microsoft Office format as an ISO standard.
Sign the petition

69
Medic1
Re: To Admin - Spammer Targeting Xoops sites
  • 2007/7/4 9:34

  • Medic1

  • Just popping in

  • Posts: 44

  • Since: 2005/10/1


Did you try changing names of the scripts like I mentioned in my message @ SF.net? You can do the following:

signup.php >> 2063456254.php

etc. and then give correct links everywhere. Then the bots or automated scripts used will not be able to find the signup.php!

Kinda hide and seek game.


No I did not. where can I find this post?

70
BDW
Re: To Admin - Spammer Targeting Xoops sites
  • 2007/7/4 10:51

  • BDW

  • Quite a regular

  • Posts: 280

  • Since: 2002/9/28


Actually, the most commen factor has been the website address (in the signature on the profile) and the IP address in the "New Registered User" email you get when they signed on.

The first IP address was 72.36.233.67 which other people had stated on here.

The abuser is now using another IP address to sign up.

82.208.60.42

And as far as i can see none of these IP addresses have been entered into the posts.

So im gathering that these are the origin IP's

Login

Who's Online

186 user(s) are online (118 user(s) are browsing Support Forums)


Members: 0


Guests: 186


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Jun 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits