Jump to content

SCBL Usage


Lking
 Share

Recommended Posts

FYI While setting up a new phpBB I noticed that if enabled the SpamCop Block list to filter user's IP.  spamhuas is also used.

The option cautions about "slowdowns" and false positives.  Not sure how admin will know about false positives.

Link to comment
Share on other sites

6 hours ago, Lking said:

FYI While setting up a new phpBB I noticed that if enabled the SpamCop Block list to filter user's IP.  spamhuas is also used.

The option cautions about "slowdowns" and false positives.  Not sure how admin will know about false positives.

"janicemcneill1" pushing fake drugs soon after?
Can you increase ReCapture to 0.9 I believe is maximum?
But then this may not be a direct SpamBot?
https://www.spamhaus.org/news/article/786/mta-developers-allow-use-of-domain-dnsbls-at-the-smtp-level
Seems to be blackhat "namecheap" spam which operate spambots from their domains
Can you block Namecheap domains? 198.54.112.0/20 or "198.54.112.0 - 198.54.127.255"
https://talosintelligence.com/reputation_center/lookup?search=198.54.115.238#whois

Edited by petzl
Link to comment
Share on other sites

No I do not see a why to adjust ReCapure  As for a block of IP that would be a philological change above my pay grade.

In that light looking back at logs for the month of August, if we are going to blocks of IPs then we should block gmail and outlook. Which of course we can't.

Link to comment
Share on other sites

9 minutes ago, Lking said:

No I do not see a why to adjust ReCapure  As for a block of IP that would be a philological change above my pay grade.

In that light looking back at logs for the month of August, if we are going to blocks of IPs then we should block gmail and outlook. Which of course we can't.

Domain namecheap IMO need blocking, if not your pay grade whose?
https://www.spamhaus.org/news/article/786/mta-developers-allow-use-of-domain-dnsbls-at-the-smtp-level
You get the IP of the post, the only IP's I get are from the URL

Edited by petzl
Link to comment
Share on other sites

Flood from namecheck domain starting

https://topwellnessblog.cXm/sunday-scaries-cbd-gummies/
185.61.152.24  abuseXnamecheapXcom

https://pil4pedia.cXm/control-x-keto/
198.54.125.159  abuseXnamecheapXcom

Edited by petzl
Link to comment
Share on other sites

Just realized I may be confused.  petzl are you talking about the SCBL or blocking login to the forum?

The design of the SCBL has been long established. IP addresses come and go from the list depending on established rules based on reports and emails to spam traps. Domain name are not part of the calculation.  I don't think that will ever change

On the forum blocking blocks of IPs or domains becomes capricious. Looking at the logs and email addresses of spammers first we should block gmail, outlook etc.based on the number of spam posted by those confirmed email addresses.

Link to comment
Share on other sites

46 minutes ago, Lking said:

blocking login to the forum?

That's it.
The solution is here I think
https://www.spamhaus.org/news/article/786/mta-developers-allow-use-of-domain-dnsbls-at-the-smtp-level
Latest forum flood
https://www.myfitnesspharm.cXm/total-life-maxx/
104.31.94.46  Cloudflare
https://www.fitnesscarezone.cXm/superketo/
198.54.125.251
DNS1.NAMECHEAPHOSTING.COM

https://fitcareketo.cXm/krygen-xl-male-enhancement/
198.54.126.12 
DNS1.NAMECHEAPHOSTING.COM
 

Link to comment
Share on other sites

18 hours ago, Lking said:

Just realized I may be confused.  petzl are you talking about the SCBL or blocking login to the forum?

The design of the SCBL has been long established. IP addresses come and go from the list depending on established rules based on reports and emails to spam traps. Domain name are not part of the calculation.  I don't think that will ever change

On the forum blocking blocks of IPs or domains becomes capricious. Looking at the logs and email addresses of spammers first we should block gmail, outlook etc.based on the number of spam posted by those confirmed email addresses.

 

16 hours ago, petzl said:

That's it.
The solution is here I think
https://www.spamhaus.org/news/article/786/mta-developers-allow-use-of-domain-dnsbls-at-the-smtp-level
Latest forum flood
https://www.myfitnesspharm.cXm/total-life-maxx/
104.31.94.46  Cloudflare
https://www.fitnesscarezone.cXm/superketo/
198.54.125.251
DNS1.NAMECHEAPHOSTING.COM

https://fitcareketo.cXm/krygen-xl-male-enhancement/
198.54.126.12 
DNS1.NAMECHEAPHOSTING.COM
 

I’m there with Lking. Until these people post their junk, there is not knowing if they are going to spam or not.

Besides, adding changes to the forum software would only work if the company that designed the system would implement the changes. (As was mentioned in my thread by Lking)

Link to comment
Share on other sites

1 hour ago, RobiBue said:

 

I’m there with Lking. Until these people post their junk, there is not knowing if they are going to spam or not.

Besides, adding changes to the forum software would only work if the company that designed the system would implement the changes. (As was mentioned in my thread by Lking)

Well were referring to Forum spam
I believe domains can be blocked from Forums by IP maybe domain (more effective) 
The villains running Namecheap seem to be Ukrainian of origin
The IP's to block if domain cannot be, are range
98.54.112.0/20 or "198.54.112.0 - 198.54.127.255"
But beyond my pay-grade
Thought phpBB could block domains using a Wildcard?

Edited by petzl
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...