Post by psxgamer » Wed Jun 07, 2017 5:38 am

I will definately not be the only one having this problem but enough is enough.

I have a guestbook on my website which is protected with a Captcha to prevent spam. Some time ago some black hat SEO software has broken the Captcha security (not gonna mention the name to give them extra publicity). They've added comment as (X test hello and goodbye) in my guestbook.

I'm getting loads of junk in my guestbook. 90% comes from the same shady website. Through the whois info I found oud the name of the hosting company. I've contacted them several times but without any result.

Now I'm starting to get messages they send through the contact form.

Does anybody have a clue on how to stop this? Just an extention to add another Captcha won't help. Spammers seem to have found a way to bypass this by using the software I mentionned above.

It's not just me. When I google the website name I find hundreds and hundreds over website all over the world all with the same spam in their guestbook.

Is there a way to figure out the IP address and block them on IP????

Active Member

Posts

Joined
Tue Apr 13, 2010 4:14 am

Post by IP_CAM » Wed Jun 07, 2017 7:01 am

well, just check your Server Access log, then you will find out easy, what IP's they use.
Then either lock 'em out, blockwise, or reroute them to someplace else by .htaccess,
Ernie

Code: Select all

<Files *>
order allow,deny
allow from all
deny from 5.77.34.
deny from 36.73.
deny from 37.59.
deny from 37.128.
deny from 41.140.
deny from 46.101.
deny from 46.161.
deny from 46.229.
...
...
...
deny from 213.251.
deny from 216.244.
deny from 217.28.
deny from 217.73.
deny from 217.182.
</Files>

For Sale: Turnkey URLs with Opencart installed
My present Opencart Testsite: http://www.velomech.ch/shop/
Attacker IP Blocks are denied from further access to my Sites!
Just contact me for more Information at: jti@jacob.ch
690 FREE OC Extension-Repositories - from OC v.1.5.x up
on the largest Opencart-Mod Github Site: https://github.com/IP-CAM
Image


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by psxgamer » Wed Jun 07, 2017 4:41 pm

Stupid question but how do I access my weblogs?

Active Member

Posts

Joined
Tue Apr 13, 2010 4:14 am

Post by IP_CAM » Wed Jun 07, 2017 6:52 pm

well, you better ask your hoster about this. :D
Ernie

For Sale: Turnkey URLs with Opencart installed
My present Opencart Testsite: http://www.velomech.ch/shop/
Attacker IP Blocks are denied from further access to my Sites!
Just contact me for more Information at: jti@jacob.ch
690 FREE OC Extension-Repositories - from OC v.1.5.x up
on the largest Opencart-Mod Github Site: https://github.com/IP-CAM
Image


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by kuebantall » Wed Jun 14, 2017 5:31 pm

You can't block Spammer IP, because they use random proxy to put their comments in your guestbook.

When you have found 1 IP, there will be a different IP to try spam back to the guest book on your website.

Im newbie on OpenCart
Jasa Pembuatan Website,Jasa Pembuatan Website Wordpress,Jasa Desain Grafis Profesional,Jasa Pembuatan Toko Online,Jasa SEO Berkualitas


User avatar
Newbie

Posts

Joined
Mon Sep 19, 2016 4:31 pm
Location - Desk Table

Post by IP_CAM » Wed Jun 14, 2017 7:39 pm

You can't block Spammer IP ...

well, this sounds similar to, you can't keep Gangsters from breaking into your house,
so, what's the use to lock your doors in the first place...
But it's an ongoing battle, and it never ends, so, I am still updating my 'blocker' .htaccess,
whenever one tries again, by blocking entire segments, so, it at least reduces such attempts.
It's the best way, I found so far, and according my logs, it does it's job quite well.
Ernie
Onby my latest .htaccess file:

For Sale: Turnkey URLs with Opencart installed
My present Opencart Testsite: http://www.velomech.ch/shop/
Attacker IP Blocks are denied from further access to my Sites!
Just contact me for more Information at: jti@jacob.ch
690 FREE OC Extension-Repositories - from OC v.1.5.x up
on the largest Opencart-Mod Github Site: https://github.com/IP-CAM
Image


User avatar
Legendary Member

Posts

Joined
Tue Mar 04, 2014 1:37 am
Location - Switzerland

Post by MrPhil » Wed Jun 14, 2017 10:24 pm

psxgamer wrote:
Wed Jun 07, 2017 5:38 am
I have a guestbook on my website which is protected with a Captcha to prevent spam. Some time ago some black hat SEO software has broken the Captcha security (not gonna mention the name to give them extra publicity).
If IP blocking isn't doing the job (i.e., the spammer just jumps to another address), it sounds like all you can do (as a practical matter) is upgrade your CAPTCHA. Unfortunately, spammers have gotten very good at automated and semi-automated cracking (using AI, or forwarding your puzzle to porn sites where someone will eagerly and immediately solve it to get in). To keep ahead of them, you can't use something already widely used (and therefore already cracked). Most CAPTCHAs cranked up enough to stop a bot are also too difficult to solve by mere humans, so the solution is to make a different approach (a different kind of puzzle to solve). Be sure that you don't exclude blind or deaf people in the process! Move fields and controls around (maybe with some randomness) to fool bots into misfilling the page. Randomly change prompts, too.

If there is a pattern that the spammer(s) always use, such as links to a specific site, you could accept the guestbook entry, scan it for keywords, and simply vaporize it if it looks like spam. Should a guestbook entry contain links? If not, automatically remove or disable the link, or even the entire post. I can't imagine a guestbook not disabling HTML in a post, so spam should be more annoying than serious.

User avatar
Active Member

Posts

Joined
Wed May 10, 2017 11:52 pm

Post by frank79 » Sun Feb 25, 2018 7:59 pm

My small contribution, although late, it might be useful for someone else.
Blocking a spambot by ip filters is like trying to close a hole in a colander.
Many spambots are embedded into viruses, trojan horses, malawares, installed on thousands of computers. This way the spammer builds a bot net, with thousands of pc turned into "zombies machines". Each machine gets a list of target websites to spam from some source, then it sends fake registrations, password reset requests, login attempts, etc.
Of course the owner of the infected pc in unaware that his machine is infected, and his ip is flagged as spam, when he tries to register on a site that implements an ip based antispam filter, his (legitimate) registration fails.

You block an ip? They spam from another computer. Bot nets can be made of hundreds of thousands of ip addresses, and a bot can attack a site with new ips every day (switching off and on a router assigns to a victim computer a fresh clean ip can be re-used for spamming).
New bots can even solve alphanumeric captchas, expecially the simple captcha included by default with Opencart.

I wrote an extension 5 years ago to block spam, and I updated it few days ago, if you are getting flooded by fake registration take a look at this link:

Image

https://www.opencart.com/index.php?rout ... n_id=13097
Last edited by frank79 on Sun Feb 25, 2018 10:29 pm, edited 1 time in total.

User avatar
Newbie

Posts

Joined
Thu Apr 26, 2012 12:01 am

Post by straightlight » Sun Feb 25, 2018 8:17 pm

Latest release of CSRF Protection Form has been released. Tested by a forum user and confirmed the latest release no longer floods registration. No packages required, totally FREE! - no discounts necessary either: https://www.opencart.com/index.php?rout ... on_id=4773

For v1.5x users, send me a PM after installing the extension if you're unable to propagate the CSRF tokens.

The most generated errors being found on Opencart forum originates from contributed programming. The increased post counters are caused by redundancies of the same solutions that were already provided prior.

F. Rules:

- viewtopic.php?f=176&t=200480
- viewtopic.php?f=176&t=200804


Regards,
Straightlight


Legendary Member

Posts

Joined
Mon Nov 14, 2011 11:38 pm
Location - Canada, ON
Who is online

Users browsing this forum: Bing [Bot], johnp and 25 guests