PDA

View Full Version : Denying IPs (to prevent SPAM)



Mr. Pink
02-09-2010, 08:03 AM
Hi,

I get a lot of spam through my sites, from spammers that are abusing my contact forms. Every time I get the spam message I can see the IP number of the sender. The sender is of course (in 99% of cases) just a spam robot.

So, I have once denied these IPs by putting them on the .htaccess file (or through the IP Deny Manager on the hosting CP).

Then the list got long and I removed them all, because I really didn't notice any change and was also wondering if denied IPs hur me somehow.

recently I started adding IPs to the list again. As of now, this is the list of denied IPs:


62.142.86.100
67.91.202.194
67.159.44.96
69.32.139.171
68.68.104.34
69.64.69.142
69.117.150.243
76.168.253.157
78.26.187.114
82.102.228.174
88.36.178.86
89.248.172.58
91.214.
97.82.150.252
113.192.8.214
120.28.64.77
123.138.18.114
148.167.126.211
155.33.223.244
168.10.168.61
194.8.74.
194.8.75.52
194.8.75.155
194.8.75.251
194.85.242.62
194.187.148.249
208.67.253.170
209.107.217.164
210.5.71.130
212.95.58.208
212.138.69.18
217.132.175.169

So, I have a few questions.

1 - Does adding an IP on the deny list actually help me in any way?

2 - Can adding an IP on the deny list end up denying legit traffic?

3 - Is it risky to deny a range of IPs, such as 91.214. (when I notice a lot of spam comes from IPs starting with those numbers)?

It seems that the same spammers are revisiting my sites with different IPs every time, so I don't know if denying does any good at all.

Any thoughts?

Thanks...

Chris
02-09-2010, 10:20 AM
1. Yes, but as you noticed, with millions of IPS out there, the spammers can always find another.... unless... (See 3)

2. Yes, possibly. Sometimes IP ranges change. I at one point thought I was spamming some russian traffic, but the russian ISP sold the IP block to a Hawaiin ISP so I was blocking Hawaii for a time, accidentially. You should refresh your ranges regularly.

3. If you really want to take a bite out of spam, block whole ranges.

http://www.countryipblocks.net/

Assuming you don't have any customers in the following countries, block the entire country. Russia, Korea, China, Pakistan, India, Indonesia, Malaysia, Nigeria (all of Africa really) etc.

But refresh those blocks atleast once a year, maybe twice, incase IP ownership changes.

On quite a few of my forums I have taken to doing that. It is draconian, but, it works.

If you have your own server and can block them all at the firewall level, you'll also block a ton of your incoming email spam as well.

The only spam you'll get then is typically from a botnet of infected computers from legitimate countries, so you'll still get some, but a good chunk will be blocked.

Especially forum spam, because a lot of forum spammers have adopt the "pay a real person half a penny a post" method of spamming, which uses people from such countries almost entirely.

Also, don't block an IP range if it is from a country you want customers from, even if you get a lot of spammers from it. If you're unsure the country of an IP, check arin.net

Mr. Pink
02-09-2010, 01:39 PM
Thanks for the quick reply, Chris, and valuable guidelines.

hairycaterpillar
02-19-2010, 11:33 AM
After reading this post I recently banned russia, china, vietnam, korea, nigeria and this has cut my spam to virtually none...thanks!