I'll have a word with Mike (owner of BotScout) as it's actually the SBST that is doing the BotScout queries (it deliberately does them seperately as not all of them may be present).
I'll see about grabbing myself a copy of Drupal too, cheers
SpamBots
- MysteryFCM
- Travelling Tuatara
- Contact:
- Location: Tyneside, UK
- rusticdog
- Firetrust Monkey
Post
Re: SpamBots
I'm not sure we are doing it wrong, whenever I do any test signups that are blocked, I only receive one email which implies one check ?
I notice sometimes though I'll get 4 emails at once when a bot tries, so perhaps the bot has some kind of auto-retry if it's blcoked
I notice sometimes though I'll get 4 emails at once when a bot tries, so perhaps the bot has some kind of auto-retry if it's blcoked
- rusticdog
- Firetrust Monkey
Post
Re: SpamBots
Looking at the emails closer, every 25 minutes a bot comes and tries about 5 times to sign up....95% of the attempts blocked so far are that same IP, so I'll get that blocked from even accessing our servers, they all use different usernames/email addy.....same IP
Username: Yabovuvuo
Email: caluetug@easyerproject.info
IP: 194.8.75.163
That IP is registered to http://dragonara.net which has a lot of complaints going back into late 2008 about SpamBot sign ups/DDoS
Username: Yabovuvuo
Email: caluetug@easyerproject.info
IP: 194.8.75.163
That IP is registered to http://dragonara.net which has a lot of complaints going back into late 2008 about SpamBot sign ups/DDoS
- MysteryFCM
- Travelling Tuatara
- Contact:
- Location: Tyneside, UK
Post
Re: SpamBots
Only receiving one e-mail per block is normal as that is all the mod has been coded to do (as you mentioned, chances are the bot has an auto-retry function if the first n attempts fail)
The mod itself only does one check, but check_spammers_plain.php has been coded to check each parameter (name/e-mail/IP) individually. I'm going to be changing this in the next release so it does them all at once to increase efficiency and cut down on the amount of queries required (Mike has mentioned the possibility of modifying his API so that it's no longer mandatory for all 3 parameters to be present for the single query).
I downloaded Drupal btw, but cannot find the registration file that is used by the person posting the comment (found the comments files, and they look pretty simple). Gonna keep looking into it if I don't hear from your guy first
/edit
Told me there was another reply when I was submitting this, and I recognize that IP
http://fspamlist.com/view.php?s=32847
Dragonara are well known for malicious activity
The mod itself only does one check, but check_spammers_plain.php has been coded to check each parameter (name/e-mail/IP) individually. I'm going to be changing this in the next release so it does them all at once to increase efficiency and cut down on the amount of queries required (Mike has mentioned the possibility of modifying his API so that it's no longer mandatory for all 3 parameters to be present for the single query).
I downloaded Drupal btw, but cannot find the registration file that is used by the person posting the comment (found the comments files, and they look pretty simple). Gonna keep looking into it if I don't hear from your guy first
/edit
Told me there was another reply when I was submitting this, and I recognize that IP
http://fspamlist.com/view.php?s=32847
Dragonara are well known for malicious activity
Regards
Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net
Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net
- rusticdog
- Firetrust Monkey
Post
Re: SpamBots
Something that I'd recommend too is a caching mechanism. If you stored the IP, username or email addy that was blocked and the later checks first ran through this cache, you might find any load on the servers would be reduced. If the cache just added new records to the top, and had a limit of say 100 per each type, you can ensure it's not effecting performance. Plus any time an entry matches in the cache (so no outside lookup is required) you can move that record to the top of the cache again, that way the one offs end up dropping out as new entries are cached, and the repeat offenders are always sitting in the cache.
Should I email Mike back, or does he know about this now ?
Should I email Mike back, or does he know about this now ?
- MysteryFCM
- Travelling Tuatara
- Contact:
- Location: Tyneside, UK
Post
Re: SpamBots
I fired Mike a PM via the BotScout forums to let him know
I don't actually know how to write a cache function in PHP* without a database atm (prefer doing it without a DB so it can still be standalone for those that can't install DB apps such as MySQL), but will read up on it
/edit * just had a thought that it should actually be the same method as it would be in ASP, so I'll have a play and see about including it in the next release
I don't actually know how to write a cache function in PHP* without a database atm (prefer doing it without a DB so it can still be standalone for those that can't install DB apps such as MySQL), but will read up on it
/edit * just had a thought that it should actually be the same method as it would be in ASP, so I'll have a play and see about including it in the next release
Regards
Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net
Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net
- rusticdog
- Firetrust Monkey
Post
Re: SpamBots
OK cool
Caching would help, as because of this one bot, we've hit a daily usage limit too though I'm not sure who with
Caching would help, as because of this one bot, we've hit a daily usage limit too though I'm not sure who with
- MysteryFCM
- Travelling Tuatara
- Contact:
- Location: Tyneside, UK
Post
Re: SpamBots
I've modified check_spammers_plain.php so it now uses the "multi" query for BotScout. Gonna release it later tonight, once the rest of the changes are done. In the meantime, the new BS code is on their forums if you'd like to use that for now?
http://botscout.com/forum/index.php/top ... tml#msg110
check_spammers.php (used by the SBST web interface) still uses the regular queries due to the requirement of seeing which of the three are included.
/edit
Edited to update URL to new portion code
http://botscout.com/forum/index.php/top ... tml#msg110
check_spammers.php (used by the SBST web interface) still uses the regular queries due to the requirement of seeing which of the three are included.
/edit
Edited to update URL to new portion code
Last edited by MysteryFCM on Thu Feb 12, 2009 3:54 pm, edited 1 time in total.
Regards
Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net
Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net
- MysteryFCM
- Travelling Tuatara
- Contact:
- Location: Tyneside, UK
Post
Re: SpamBots
The usage limit is likely with BotScout (if you login to the BS website, it'll tell you what your limit is and what your current usage is)rusticdog wrote:OK cool
Caching would help, as because of this one bot, we've hit a daily usage limit too though I'm not sure who with
Regards
Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net
Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net
- rusticdog
- Firetrust Monkey
Post
Re: SpamBots
Sweet. I can't do anything at present as Sys Admin is on his Exchange Server course, but will get done when he gets in after he's finished school.
And yeah, I've checked and it's BotScout
And yeah, I've checked and it's BotScout
- MysteryFCM
- Travelling Tuatara
- Contact:
- Location: Tyneside, UK
- rusticdog
- Firetrust Monkey
Post
Re: SpamBots
Guy here is also keen to write a Drupal module, he's working on a system at present where users can make suggestions for our products and vote on other suggestions....once he's done that he'll write the Drupal module, that way we can use it for this voting thing, the blog , plus anything else.
I'll fire you the code when he's done
I'll fire you the code when he's done
- MysteryFCM
- Travelling Tuatara
- Contact:
- Location: Tyneside, UK
Post
Re: SpamBots
Nice one, cheers
/edit
It's officially been released
http://hphosts.blogspot.com/2009/02/spa ... -v019.html
I fired you a copy of the latest version of the file, so you don't need to re-download it (only other change is the version number in en.php )
/edit
It's officially been released
http://hphosts.blogspot.com/2009/02/spa ... -v019.html
I fired you a copy of the latest version of the file, so you don't need to re-download it (only other change is the version number in en.php )
Regards
Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net
Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net
- MysteryFCM
- Travelling Tuatara
- Contact:
- Location: Tyneside, UK