GearHack

: : :

Add Comment | Related Links | TrackBack
Related Content

Fight Comment Spam, Ban IP's

Hey, just saw your interest in Akismet and IP addresses and there may be some linkup with the Worst Offenders plugin. See my first post about it and more recent release information here. The current version could quite easily subscribe to, and or publish/send IP spammer addresses with very little modification.

Rich Boakes
Fri, 05 Jan 2007 16:38:07 -0800

This does seem like an effecitve way to block spammers but having to search through 80000+ entries seems like it would bog down a high load system. What do you think?


dustinnoe.com

Dustin Noe
Tue, 16 Jan 2007 22:47:55 -0800

Implement it using MySQL. You won't notice any performance penalties.

Chieh Cheng
Wed, 17 Jan 2007 02:55:30 -0800

there are many duplicate entries in the list.

Mustafa Ulu
Sat, 31 Mar 2007 12:44:58 -0800

Thanks for letting me know. The problem is fixed. The duplicate entries will be eliminated in the next automated update.

Chieh Cheng
Sat, 31 Mar 2007 13:20:31 -0800

Hi

I am currently working on a solution to avoid spam on our forum and found your site. I would be very interested in downloading your spammer ip list. At the moment it doesn’t seem to be available for download. Is there any other way of getting this list or will it be back up for download soon?

Thanks

Tomas
Tue, 03 Apr 2007 09:20:49 -0700

Thanks for contacting me and notifying me that the list is unavailable. The list is distributed via the Coral Content Distribution Network.

It seems that Coral is down at this point. You might consider writing to Coral to inquire why their service is down. When their service is up, the list will be available again.

If you know of any other distribution networks, please let me know. And I can determine whether to change the distribution network. Thanks.

Chieh Cheng
Tue, 03 Apr 2007 09:39:43 -0700

Hi there!
I'm running a small phpbb forum, and am using anti-spam mod.
I think I can make good use of your ip list, but I don't know an efficient way of using it.
On my hosting service there's the Ip deny service within cPanel 10, but I'd have to enter them one by one.
Could you tell me how can I block a whole list of IPs in a quicker way please?

Thank you!

Josh
Sat, 21 Apr 2007 01:27:58 -0700

Hi,
Any way of providing the list with commas (but no spaces) between each IP address? I'd love to make use of your very long list think it would take hours to change it to the formatting I can copy and paste in to my forum ban settings (freeforums.org). I know this sounds lazy but I think it might help a lot of people to provide it in this format from the start.
Thanks,
Alex

Alex
Sat, 13 Oct 2007 17:26:52 +0000

Alex, that's pretty easy to do with an UNIX script. I wrote one pretty quickly just now for you to easily convert the new line delimited list to a comma separated list. Take a look at EOLtoCSV.sh (GPL).

Chieh Cheng
Tue, 16 Oct 2007 01:03:03 +0000

You have IPs listed that already changed owners 2 years ago,
and IPs that don't even parse correctly, like the ones
starting with 2269. 2270. etc.
:-/
Sorry, I'm gonna have to skip your list.
It's way too large too. Doesn't seem well maintained.

Julius
Thu, 15 Nov 2007 16:40:30 +0000

Hey, Julius. Thanks for pointing out the invalid IP's. That was a problem I fixed a long long time ago, which means there is a deeper problem that has developed. After looking at the logs, it appears that one of the extraction script hasn't ran after moving everything to the new host provider. That means the list that everyone has been downloading was like three months old.

I just fixed the problem and the list is now fresh. Except you probably won't seen any changes for another 12 to 24 hours, because the list is distributed via Coral Content Distribution Network. I appreciate you pointing out the issue to me. Otherwise, it might be another few months before I realize what's happening.

As for "You have IPs listed that already changed owners 2 years ago". I don't understand how that is relevant. If I just got a fresh spam from it recently, why does it matter if it changed owner 2 years ago? Please explain the issue to me. I'd love to solve any problem, if there is one.

Chieh Cheng
Thu, 15 Nov 2007 18:32:20 +0000

hey there, thanks so much for this!!! you are a life saver really. Have a little trouble opening/using your script for converting the new line delimited list to a comma separated list, but wordpad is allready working on that by replacing them cubes fer comma's.

now if only I could think of a way to faster copy page all this into my ban-list on the forum...

Jurn
Sat, 12 Jan 2008 23:36:06 +0000

Hi there,

just what I was looking for, I myself maintain a world countries IP blocklist in peerguardian format (so you can pick one and block the whole country), is your list able to be converted to this format? I like the online converter of bluetack (B.I.S.S. - Blocklist Converter)

keep up the good work!

Alex
Wed, 13 Feb 2008 09:53:43 +0000

Could you possibly show how to implement this list into MySQL? I'm having difficulty figuring that out. Thanks!

Michael
Thu, 12 Jul 2012 12:02:41 +0400

Wonderful list

Would you mind if I offered it as a JSON web service where people can query an IP and get a response back to let others know if the IP is a spammer or not?

Thanks in advance

Alex

Alex
Mon, 11 Mar 2013 16:25:50 +0300

Sure thing, Alex. Just let us know when the service is up so we can all use it.

Chieh Cheng
Mon, 11 Mar 2013 23:06:38 +0300

Sorry for the delay - been rather busy with other things.

Here is the API for checks

http://www.nodex.co.uk/blacklist?ip=[IP-HERE]

for example

http://www.nodex.co.uk/blacklist?ip=1.2.3.4

A response is returned in json like the following

{"blacklisted":true,"error":false}

or for a non blacklisted IP

{"blacklisted":false,"error":false}

Please note that the "ip" parameter is required else you get a response like ...

{"error":"IPV4 Missing"}

.....

The is no usage limits currently but if it gets abused then I may well impose a mandatory limit and enforce people to register for a key to use the service.

In the future I will permit updates to the database also.

Hope this helps people and stops more spam.

Have fun

Alex

Alex
Wed, 13 Mar 2013 15:57:58 +0300

That's great, Alex. I'm sure it will be very useful to many folks. Looking forward to trying it out myself.

Chieh Cheng
Fri, 15 Mar 2013 09:41:47 +0300

hi,

thanks a lot for posting the ip spamlist. Is the daily diff file working? It seams to be empty most days. one other question, what time period are the records in the main file kept. there appear to be 30 million or so records

thanks again
mark

mark ramella
Wed, 10 Apr 2013 02:30:33 +0400

The current list (9th June) contains some borked addresses, such as 1.0.1.511. I wonder if your list preparation software is misbehaving.

dylan harris
Sun, 09 Jun 2013 23:03:22 +0400

Thanks for notifying me. I'll have to look into it. Some of the IP's are scraped from proxy lists, so it's very possible that the system has scrapped invalid IP's that's on a proxy list.

Chieh Cheng
Mon, 10 Jun 2013 21:18:56 +0400

<< Back to Article

Add Comment | Related Links | TrackBack
Related Content

Did your message disappear? Read the Forums FAQ.

TrackBack

TrackBack only accepted from WebSite-X Suite web sites. Do not submit TrackBacks from other sites.

Send Ping | TrackBack URL | Spam Control

Title: XRumer Blocked by IP Ban List
Weblog: GearHack
Excerpt: Today, while breezing through the spam log (yes, I do this to improve the IP ban list and honey pots), I found an spam for XRumer. Based on the advertisement (included below with all the spam links stripped), XRumer is extremely powerful at getting past CAPTCHA's and many other security features. Th . . .
Tracked: Tue, 26 Feb 2008 18:12:40 +0000

Title: Got Spam After Using Email on This Site
Weblog: GearHack
Excerpt: I received spam on an e-mail address known only to this site (gearhack) and to my provider of disposable e-mail addresses. The list of disposable e-mail addresses I use takes up more than 90 kB and I receive spam on very few of them, so I have no reason to suspect my provider of disposable addresses . . .
Tracked: Fri, 23 Aug 2013 21:54:56 +0400

Add Comment

Spam Control | * indicates required field
Your Name: *
E-mail:
Remember Me!
Comment: *
File attachment is optional. Please do not attach a file to your submission unless it is relevent.
Attach File:
(20 MB Max)
Spam Protection: * Answer of 6 + 7?
Click button only once, please!

Messages, files, and images copyright by respective owners.


Back to Article

Articles | Wiki
Forums | Latest | RSS
Library | Links | News
Search | Store | Help

208 Users Online



Hacking Digital Cameras
Fun for Photographers

Amazon Associate


Copyright © 2004 - 2024. All Rights Reserved.