Jump to content
Sign in to follow this  
Lking

SCBL Usage

Recommended Posts

FYI While setting up a new phpBB I noticed that if enabled the SpamCop Block list to filter user's IP.  spamhuas is also used.

The option cautions about "slowdowns" and false positives.  Not sure how admin will know about false positives.

Share this post


Link to post
Share on other sites
Posted (edited)
6 hours ago, Lking said:

FYI While setting up a new phpBB I noticed that if enabled the SpamCop Block list to filter user's IP.  spamhuas is also used.

The option cautions about "slowdowns" and false positives.  Not sure how admin will know about false positives.

"janicemcneill1" pushing fake drugs soon after?
Can you increase ReCapture to 0.9 I believe is maximum?
But then this may not be a direct SpamBot?
https://www.spamhaus.org/news/article/786/mta-developers-allow-use-of-domain-dnsbls-at-the-smtp-level
Seems to be blackhat "namecheap" spam which operate spambots from their domains
Can you block Namecheap domains? 198.54.112.0/20 or "198.54.112.0 - 198.54.127.255"
https://talosintelligence.com/reputation_center/lookup?search=198.54.115.238#whois

Edited by petzl

Share this post


Link to post
Share on other sites

No I do not see a why to adjust ReCapure  As for a block of IP that would be a philological change above my pay grade.

In that light looking back at logs for the month of August, if we are going to blocks of IPs then we should block gmail and outlook. Which of course we can't.

Share this post


Link to post
Share on other sites
Posted (edited)
9 minutes ago, Lking said:

No I do not see a why to adjust ReCapure  As for a block of IP that would be a philological change above my pay grade.

In that light looking back at logs for the month of August, if we are going to blocks of IPs then we should block gmail and outlook. Which of course we can't.

Domain namecheap IMO need blocking, if not your pay grade whose?
https://www.spamhaus.org/news/article/786/mta-developers-allow-use-of-domain-dnsbls-at-the-smtp-level
You get the IP of the post, the only IP's I get are from the URL

Edited by petzl

Share this post


Link to post
Share on other sites

Just realized I may be confused.  petzl are you talking about the SCBL or blocking login to the forum?

The design of the SCBL has been long established. IP addresses come and go from the list depending on established rules based on reports and emails to spam traps. Domain name are not part of the calculation.  I don't think that will ever change

On the forum blocking blocks of IPs or domains becomes capricious. Looking at the logs and email addresses of spammers first we should block gmail, outlook etc.based on the number of spam posted by those confirmed email addresses.

Share this post


Link to post
Share on other sites
46 minutes ago, Lking said:

blocking login to the forum?

That's it.
The solution is here I think
https://www.spamhaus.org/news/article/786/mta-developers-allow-use-of-domain-dnsbls-at-the-smtp-level
Latest forum flood
https://www.myfitnesspharm.cXm/total-life-maxx/
104.31.94.46  Cloudflare
https://www.fitnesscarezone.cXm/superketo/
198.54.125.251
DNS1.NAMECHEAPHOSTING.COM

https://fitcareketo.cXm/krygen-xl-male-enhancement/
198.54.126.12 
DNS1.NAMECHEAPHOSTING.COM
 

Share this post


Link to post
Share on other sites
18 hours ago, Lking said:

Just realized I may be confused.  petzl are you talking about the SCBL or blocking login to the forum?

The design of the SCBL has been long established. IP addresses come and go from the list depending on established rules based on reports and emails to spam traps. Domain name are not part of the calculation.  I don't think that will ever change

On the forum blocking blocks of IPs or domains becomes capricious. Looking at the logs and email addresses of spammers first we should block gmail, outlook etc.based on the number of spam posted by those confirmed email addresses.

 

16 hours ago, petzl said:

That's it.
The solution is here I think
https://www.spamhaus.org/news/article/786/mta-developers-allow-use-of-domain-dnsbls-at-the-smtp-level
Latest forum flood
https://www.myfitnesspharm.cXm/total-life-maxx/
104.31.94.46  Cloudflare
https://www.fitnesscarezone.cXm/superketo/
198.54.125.251
DNS1.NAMECHEAPHOSTING.COM

https://fitcareketo.cXm/krygen-xl-male-enhancement/
198.54.126.12 
DNS1.NAMECHEAPHOSTING.COM
 

I’m there with Lking. Until these people post their junk, there is not knowing if they are going to spam or not.

Besides, adding changes to the forum software would only work if the company that designed the system would implement the changes. (As was mentioned in my thread by Lking)

Share this post


Link to post
Share on other sites
1 hour ago, RobiBue said:

 

I’m there with Lking. Until these people post their junk, there is not knowing if they are going to spam or not.

Besides, adding changes to the forum software would only work if the company that designed the system would implement the changes. (As was mentioned in my thread by Lking)

Well were referring to Forum spam
I believe domains can be blocked from Forums by IP maybe domain (more effective) 
The villains running Namecheap seem to be Ukrainian of origin
The IP's to block if domain cannot be, are range
98.54.112.0/20 or "198.54.112.0 - 198.54.127.255"
But beyond my pay-grade
Thought phpBB could block domains using a Wildcard?

Edited by petzl

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×