Lking Posted August 30, 2019 Share Posted August 30, 2019 FYI While setting up a new phpBB I noticed that if enabled the SpamCop Block list to filter user's IP. spamhuas is also used. The option cautions about "slowdowns" and false positives. Not sure how admin will know about false positives. Link to comment Share on other sites More sharing options...
petzl Posted August 30, 2019 Share Posted August 30, 2019 6 hours ago, Lking said: FYI While setting up a new phpBB I noticed that if enabled the SpamCop Block list to filter user's IP. spamhuas is also used. The option cautions about "slowdowns" and false positives. Not sure how admin will know about false positives. "janicemcneill1" pushing fake drugs soon after? Can you increase ReCapture to 0.9 I believe is maximum? But then this may not be a direct SpamBot?https://www.spamhaus.org/news/article/786/mta-developers-allow-use-of-domain-dnsbls-at-the-smtp-level Seems to be blackhat "namecheap" spam which operate spambots from their domains Can you block Namecheap domains? 198.54.112.0/20 or "198.54.112.0 - 198.54.127.255"https://talosintelligence.com/reputation_center/lookup?search=198.54.115.238#whois Link to comment Share on other sites More sharing options...
Lking Posted August 31, 2019 Author Share Posted August 31, 2019 No I do not see a why to adjust ReCapure As for a block of IP that would be a philological change above my pay grade. In that light looking back at logs for the month of August, if we are going to blocks of IPs then we should block gmail and outlook. Which of course we can't. Link to comment Share on other sites More sharing options...
petzl Posted August 31, 2019 Share Posted August 31, 2019 9 minutes ago, Lking said: No I do not see a why to adjust ReCapure As for a block of IP that would be a philological change above my pay grade. In that light looking back at logs for the month of August, if we are going to blocks of IPs then we should block gmail and outlook. Which of course we can't. Domain namecheap IMO need blocking, if not your pay grade whose?https://www.spamhaus.org/news/article/786/mta-developers-allow-use-of-domain-dnsbls-at-the-smtp-level You get the IP of the post, the only IP's I get are from the URL Link to comment Share on other sites More sharing options...
petzl Posted August 31, 2019 Share Posted August 31, 2019 Flood from namecheck domain starting https://topwellnessblog.cXm/sunday-scaries-cbd-gummies/ 185.61.152.24 abuseXnamecheapXcom https://pil4pedia.cXm/control-x-keto/ 198.54.125.159 abuseXnamecheapXcom Link to comment Share on other sites More sharing options...
Lking Posted August 31, 2019 Author Share Posted August 31, 2019 Just realized I may be confused. petzl are you talking about the SCBL or blocking login to the forum? The design of the SCBL has been long established. IP addresses come and go from the list depending on established rules based on reports and emails to spam traps. Domain name are not part of the calculation. I don't think that will ever change On the forum blocking blocks of IPs or domains becomes capricious. Looking at the logs and email addresses of spammers first we should block gmail, outlook etc.based on the number of spam posted by those confirmed email addresses. Link to comment Share on other sites More sharing options...
petzl Posted August 31, 2019 Share Posted August 31, 2019 46 minutes ago, Lking said: blocking login to the forum? That's it. The solution is here I thinkhttps://www.spamhaus.org/news/article/786/mta-developers-allow-use-of-domain-dnsbls-at-the-smtp-level Latest forum floodhttps://www.myfitnesspharm.cXm/total-life-maxx/ 104.31.94.46 Cloudflarehttps://www.fitnesscarezone.cXm/superketo/ 198.54.125.251 DNS1.NAMECHEAPHOSTING.COMhttps://fitcareketo.cXm/krygen-xl-male-enhancement/ 198.54.126.12 DNS1.NAMECHEAPHOSTING.COM Link to comment Share on other sites More sharing options...
RobiBue Posted September 1, 2019 Share Posted September 1, 2019 18 hours ago, Lking said: Just realized I may be confused. petzl are you talking about the SCBL or blocking login to the forum? The design of the SCBL has been long established. IP addresses come and go from the list depending on established rules based on reports and emails to spam traps. Domain name are not part of the calculation. I don't think that will ever change On the forum blocking blocks of IPs or domains becomes capricious. Looking at the logs and email addresses of spammers first we should block gmail, outlook etc.based on the number of spam posted by those confirmed email addresses. 16 hours ago, petzl said: That's it. The solution is here I thinkhttps://www.spamhaus.org/news/article/786/mta-developers-allow-use-of-domain-dnsbls-at-the-smtp-level Latest forum floodhttps://www.myfitnesspharm.cXm/total-life-maxx/ 104.31.94.46 Cloudflarehttps://www.fitnesscarezone.cXm/superketo/ 198.54.125.251 DNS1.NAMECHEAPHOSTING.COMhttps://fitcareketo.cXm/krygen-xl-male-enhancement/ 198.54.126.12 DNS1.NAMECHEAPHOSTING.COM I’m there with Lking. Until these people post their junk, there is not knowing if they are going to spam or not. Besides, adding changes to the forum software would only work if the company that designed the system would implement the changes. (As was mentioned in my thread by Lking) Link to comment Share on other sites More sharing options...
petzl Posted September 1, 2019 Share Posted September 1, 2019 1 hour ago, RobiBue said: I’m there with Lking. Until these people post their junk, there is not knowing if they are going to spam or not. Besides, adding changes to the forum software would only work if the company that designed the system would implement the changes. (As was mentioned in my thread by Lking) Well were referring to Forum spam I believe domains can be blocked from Forums by IP maybe domain (more effective) The villains running Namecheap seem to be Ukrainian of origin The IP's to block if domain cannot be, are range 98.54.112.0/20 or "198.54.112.0 - 198.54.127.255" But beyond my pay-grade Thought phpBB could block domains using a Wildcard? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.