new modsecurity rules deployed to cut back spam

[c0ldshadow]

hey guys

i have deployed some new modsecurity rules to block spammers based on some archaic user agents frequently associated with the IP patterns that dave finds tied to spammers (thx dave for great help w/ this).

i just deployed the rules like 5 mins ago.. already blocked 3 IPs

Google any of the IPs... and they are in spam databases=)

Google


Google


Google


i haven't seen any false positives yet. this approach obviously isn't perfect but it should help

peace
-ave

 

[c0ldshadow]

184.22.1.81 just got blocked too, appears to be working

http://www.google.com/#sclient=psy-....,cf.osb&fp=72d2f4c2b73b7f76&biw=1133&bih=535

 

[c0ldshadow]

owned

Google

 

[c0ldshadow]

owned

Google

 

[c0ldshadow]

these are all bots that would normally be trying to break the captcha but now they get 403 errors instead lol

 

[StardustSprinkles]

Lol that was fast! High-five for anti-spam!

 

[c0ldshadow]

yah win

have a great weekend,all

peace

 

[c0ldshadow]

here is an update on number of times each IP got blocked in descending order

command:

cat error.log | sed -n -e '/User\x2dAgent/p' | awk '{print $8}' | awk '{sub(/\]/,""); print}' | sort -n | uniq -c | sort -nr


output:
38 76.164.231.196
26 188.143.233.207
24 94.142.128.140
21 123.62.6.58
20 87.225.118.163
20 71.206.67.53
20 220.161.150.70
20 182.50.142.66
18 200.72.32.173
18 193.105.210.117
18 122.225.68.126
14 210.101.131.231
14 173.242.113.190
14 122.225.68.123
14 113.53.232.91
13 46.17.97.28
12 91.226.165.164
12 60.209.5.13
12 46.17.100.243
12 31.214.201.251
12 190.202.87.134
12 184.105.153.238
12 178.73.17.204
12 117.27.138.68
12 117.27.138.176
11 211.139.10.174
10 95.65.81.46
10 91.212.226.12
10 91.207.4.150
10 85.141.187.61
10 64.31.28.109
10 59.57.15.89
10 46.17.96.152
10 46.109.195.73
10 46.109.195.208
10 211.139.10.173
10 202.171.253.104
10 195.62.25.248
10 188.163.67.159
10 178.137.129.173
10 173.195.5.176
10 122.225.68.120
10 117.21.225.66
10 109.230.245.28
9 8.30.16.143
9 80.245.86.19
8 95.70.99.2
8 91.207.5.198
8 69.162.80.73
8 58.68.138.200
8 46.17.96.75
8 218.94.136.178
8 208.115.217.18
8 195.162.68.3
8 193.106.136.36
8 188.143.232.104
8 178.94.183.150
8 1.54.69.225
8 109.203.117.201
8 108.21.95.118
7 46.17.96.154
7 213.171.61.23
7 189.126.254.137
7 119.167.225.1
6 95.42.179.137
6 95.17.128.33
6 93.114.40.158
6 77.4.248.31
6 66.85.170.202
6 49.212.38.134
6 46.17.96.64
6 46.17.96.174
6 46.17.96.112
6 41.215.183.3
6 41.190.16.17
6 31.187.9.225
6 31.184.238.77
6 195.162.69.104
6 189.17.245.12
6 188.233.159.83
6 188.233.116.204
6 188.138.84.93
6 178.137.162.160
6 122.154.140.50
6 120.203.1.250
6 109.230.245.32
6 109.230.213.35
5 58.246.200.114
5 46.17.96.68
5 222.32.70.125
5 200.66.102.67
4 95.78.65.103
4 95.78.170.201
4 95.78.100.21
4 95.65.75.160
4 95.24.121.67
4 95.173.183.68
4 93.80.25.5
4 93.182.190.25
4 92.241.169.160
4 91.203.139.82
4 89.78.124.149
4 86.62.117.211
4 84.229.145.225
4 84.19.184.144
4 83.6.50.115
4 82.179.217.243
4 81.200.24.181
4 80.93.126.22
4 80.243.182.200
4 79.215.68.92
4 79.142.73.169
4 69.162.84.90
4 69.1.60.218
4 66.90.101.57
4 64.191.114.102
4 61.184.137.38
4 58.22.101.247
4 58.114.74.72
4 46.17.97.223
4 46.17.96.43
4 46.17.96.196
4 46.17.96.121
4 31.184.238.8
4 31.171.135.55
4 31.128.83.225
4 222.91.228.121
4 222.77.229.111
4 222.77.227.232
4 218.50.52.210
4 217.77.220.156
4 217.219.45.221
4 213.109.19.24
4 204.124.180.74
4 204.124.180.55
4 195.162.69.108
4 195.162.69.106
4 195.162.68.7
4 195.162.68.4
4 194.63.239.237
4 193.37.156.146
4 193.105.210.116
4 190.12.44.180
4 188.92.75.36
4 188.123.248.62
4 184.22.1.81
4 178.93.63.18
4 178.49.155.47
4 178.33.109.244
4 178.186.168.19
4 178.137.19.190
4 176.31.155.2
4 125.88.75.139
4 124.232.163.96
4 122.225.68.119
4 122.225.68.118
4 120.43.8.177
4 118.97.82.253
4 117.23.227.93
4 115.141.61.130
4 109.230.244.101
4 109.230.220.96
4 109.230.217.37
4 109.230.217.246
3 79.121.126.115
3 74.50.153.62
3 24.210.132.176
3 202.108.5.114
3 178.17.117.239
3 174.48.234.181
3 109.236.87.115
2 98.216.228.188
2 95.28.160.177
2 95.25.207.189
2 95.170.114.136
2 93.201.38.143
2 93.173.22.104
2 92.243.107.27
2 90.191.75.93
2 90.157.47.15
2 89.189.167.9
2 89.111.61.218
2 86.21.126.210
2 85.204.129.251
2 85.195.138.24
2 83.21.98.126
2 80.243.191.114
2 79.165.188.233
2 77.65.48.239
2 76.124.239.235
2 76.123.46.228
2 71.233.240.10
2 71.11.255.70
2 68.60.39.161
2 58.83.224.217
2 46.17.98.217
2 46.17.96.61
2 46.17.96.55
2 46.17.96.194
2 46.0.107.145
2 39.48.83.238
2 31.214.169.126
2 31.214.133.13
2 220.128.79.49
2 219.233.194.188
2 219.112.119.168
2 217.228.179.124
2 217.129.2.13
2 216.45.48.84
2 216.164.59.95
2 213.108.21.46
2 204.124.181.218
2 202.171.253.103
2 195.162.69.112
2 195.162.69.100
2 193.105.210.102
2 190.9.128.96
2 188.235.148.63
2 188.165.214.179
2 188.165.201.6
2 188.165.193.152
2 184.105.149.54
2 176.36.66.238
2 176.31.207.88
2 174.128.232.126
2 174.128.232.120
2 174.128.232.109
2 173.48.16.6
2 14.198.75.152
2 141.105.66.46
2 125.80.233.115
2 125.39.16.92
2 123.13.206.59
2 122.225.68.122
2 122.225.68.116
2 122.225.68.113
2 121.94.226.24
2 121.18.211.177
2 116.22.28.82
2 114.228.125.40
2 109.69.1.253
2 109.230.251.168
2 109.230.245.171
2 109.230.223.85
2 109.200.240.29
2 101.109.96.189
1 99.140.241.90
1 98.14.216.227
1 95.133.123.26
1 94.158.34.71
1 92.100.248.52
1 91.45.166.240
1 89.248.173.20
1 89.228.150.91
1 84.250.49.68
1 83.249.80.79
1 81.179.17.63
1 81.155.222.75
1 80.89.188.60
1 79.197.191.119
1 79.143.173.10
1 78.153.25.127
1 76.31.8.143
1 70.46.27.250
1 69.47.164.229
1 68.207.88.64
1 68.191.42.230
1 68.100.50.29
1 65.172.208.37
1 60.236.33.211
1 31.3.229.123
1 24.18.49.21
1 24.139.43.249
1 24.128.27.74
1 2.24.166.2
1 222.6.127.60
1 217.227.240.193
1 213.215.17.90
1 205.213.195.70
1 193.77.102.201
1 188.123.248.57
1 184.82.5.72
1 178.236.145.181
1 178.162.70.204
1 177.19.134.66
1 174.55.7.124
1 174.128.232.121
1 174.128.232.117
1 174.128.232.106
1 174.128.232.100
1 172.129.115.68
1 146.0.73.184
1 14.199.127.156
1 122.225.68.114
1 109.255.52.235
1 101.51.19.220

 

[bennett326]

nice job c0ld !! no more boob stress balls ? LOL

 

[jimdt7]

The results of this new security are very fast !
+1 for deleting our forum spammers :beer:

Jim

 

[Ghostchrome]

no more boob stress balls ? LOL

j/k Well done, man.

 

[TuhOz]

Wow!
That blocks alot of spammers!

Nice one c0ldshadow!

 

[Flaminpyro]

Thanks Avery for keeping us safe from the bots :beer:

 

[c0ldshadow]

n/p happy to help

much credit to dave for helping find spammer IPs tied to many accounts

bbl watching football

peace

 

[lazeerer]

Great Job.

Ever since this Update it seems to have taken away all the ads on the forum for me and where the ads should be it just sys website cannot be displayed.


Any idea why.?

 

[LaZeRz]

^same here