Allow access only from SA or CloudFlare - Spam prevention

Thor

Thor

Honorary Master
Joined
Jun 5, 2014
Messages
44,422
Reaction score
7,528
Location
Bellville
I need some help I am in the exact same situation as this post -> http://mybroadband.co.za/vb/showthr...ll-countries-except-SA-from-access-to-my-site

Basically muscletalk is a phpbb forum and I am struggling to fight spam despite having Rechapcha.


So my question - Would switching to cloud-flare be of any use?

my idea was to allow only SA IP's via htaccess, but meh I do not like Geo-restrictions on content so now I am looking at cloudflare hoping their servers would have a DB of potential spammy emails and IP's already and that would help prevent malicious traffic?

Edit - Looking at the free plan :P
 
Last edited:
No, Sketchy Chinese and Russian registrations posting crap on the forum.
 
unfortunately the free cloudflare wont be of any help..

you are left with either allowing only SA IP's to the forum.. making recaptcha as annoying as it can possibly be made and apologize to your users for any annoyances but you want to avoid spam or going with a paid package where you can enable and select from their modsecurity rules a few rules to help avoid the spam.. they have a bunch of pre existing rules which may have things like blocking of known spam ip's or spamvertising type words etc.. you can also request for custom modsecurity rules.. the firewall option may be of some assistance as well..

its been a while since i have played with their paid for stuff though, so i stand corrected on some of the specifics..
 
Paul Bedford said:
Have you looked at the Stop Forum Spam extension available in the phpBB extension repository. https://www.phpbb.com/customise/db/extension/phpbb_3.1_stop_forum_spam/

I haven't used the phpBB version but I use the Wordpress equivalent on every site I roll out.
Click to expand...

have all of it :) also wrote some of my own querying that DB.

They use gmail so it's hard to block .cn .ru etc which I do already

Examples of spam registrations:

[email protected]
[email protected]
[email protected]
[email protected]
[email protected]

Then I get the classics:

[email protected]
 
VG008 said:
Are these bots?
You could try using the new reCaptcha (https://www.google.com/recaptcha/intro/index.html), or maybe implement honey pots.
Or, develop a machine learning program that determines if the registration is spam or not :)
Click to expand...

That sounds easy I will go learn it :D


- I want to add the new Recapcha just need to figure out the php - I do not like plugins I roll my own.

I see now google's reCAPTCHA 1.0 was cracked that would explain the flurry influx of spam.

Dammit, priority one now I suppose.

EDIT:

I have now opted for the age old Q&A back to basics method while I figure out how to build a reCAPTCHA 2.0 plugin.
 
Last edited:
Add custom signup questions to the board, so it stops automated scripts. And add the free cloudflare caching (doesn't hurt).
You'll still get the odd indian based human spammer, but you lose most of the russian automated stuff.

I have a mix of things on one of my forums ( cubieforums.com ), although I'm using smf, not phpbb.

Another option is using mod_security or similar and creating a custom ruleset (or use existing ones), that assumes you are using apache though. There are solutions for other web servers though.
 
Last edited:
lsheed_cn said:
Add custom signup questions to the board, so it stops automated scripts. And add the free cloudflare caching (doesn't hurt).
You'll still get the odd indian based human spammer, but you lose most of the russian automated stuff.

I have a mix of things on one of my forums ( cubieboard.com ), although I'm using smf, not phpbb.

Another option is using mod_security or similar and creating a custom ruleset (or use existing ones), that assumes you are using apache though. There are solutions for other web servers though.
Click to expand...

I added the cloudflare the added SSL is also appreciated, then I have changed to a basic Q&A so that should be able to do the trick now I hope
 
but yeah, stopping spammers is a very large part of what I do for a living and they use all sorts of tricks and as soon as you develop one thing to stop them, they use a different tactic.

All I can say is goodluck!
 
flippakitten said:
but yeah, stopping spammers is a very large part of what I do for a living and they use all sorts of tricks and as soon as you develop one thing to stop them, they use a different tactic.

All I can say is goodluck!
Click to expand...

Seems the back to basics Q&A did the trick (for now).
 
Property24 seems to block by country.

My company has the network setup in such a way that we connect from another country.
We employ 1000s of people, that effectively can't access Property24.

I've wondered about emailing them and telling them.
Either way, it means I don't use Property24.

I'm not telling you what to do, simply giving an example against SA only IPs
 
Gnome said:
Property24 seems to block by country.

My company has the network setup in such a way that we connect from another country.
We employ 1000s of people, that effectively can't access Property24.

I've wondered about emailing them and telling them.
Either way, it means I don't use Property24.

I'm not telling you what to do, simply giving an example against SA only IPs
Click to expand...

totally agree hence why I opted against that option.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X