1

so there is this guy spamming my phpBB2 forum since he's banned. He keeps coming back with proxies, and I would like to block them using my htaccess. My forum is located at http://www.site.com/forum/ I put a .htaccess file in /forum/, which contains the following, as found somewhere on the net:

RewriteEngine on
RewriteCond %{HTTP:VIA}                 !^$ [OR]
RewriteCond %{HTTP:FORWARDED}           !^$ [OR]
RewriteCond %{HTTP:USERAGENT_VIA}       !^$ [OR]
RewriteCond %{HTTP:X_FORWARDED_FOR}     !^$ [OR]
RewriteCond %{HTTP:PROXY_CONNECTION}    !^$ [OR]
RewriteCond %{HTTP:XPROXY_CONNECTION}   !^$ [OR]
RewriteCond %{HTTP:HTTP_PC_REMOTE_ADDR} !^$ [OR]
RewriteCond %{HTTP:HTTP_CLIENT_IP}      !^$
RewriteRule ^(.*)$ - [F]

I heard this is pretty accurate. So I tried, and the web proxy was unable to reach the page. But it worked like 5 minutes, and now it's not blocking anything... I tried different proxies, web based or not, and nothing was blocked... I'm wondering if I did anything wrong, the htaccess looks correct to me !

If you guys have an idea, that would be awesome. I always find my answers on Stackoverflow, so I thought I should ask here :P

Cheers

pko
  • 11
  • 2

2 Answers2

2

I hope you understand that IF you will make your proxy-blocking rules work this will forbid not only the spammer but all the users using proxies.

You can try logging X-Forwarded-For header (e.g. if you are using apache, add "%{X-Forwarded-For}i" to logformat) . This should give you real visitor ips in access log unless the spammer is using anonymous proxies. Then match the timestamp of his post against http access log (use a few seconds time window) and you should get his real ip. It may just work.

if the spammer is using anon proxies you may need to moderate your posts. You should do it anyway. Accept automatically posts from well known users and moderate the posts of new/untrusted users. I don't know phpbb but it probably supports moderation.

EDIT__

If you really want to block (bad) proxies try using mod_spamhaus , it should block the ips reported for spamming and open proxies. See spamhaus website to get an idea on what ips are being reported. I can't think of any mod_rewrite rules that could block anonymous proxies (I keep thinking about it)

user237419
  • 1,653
  • 8
  • 8
  • yes I understand and that is my point. What I'd like to do is prevent people from using web proxies and such to browse the forum, register and post. Most members don't use proxies, it's a simple forum actually. But some use proxies to avoid bans. So this solution looks better to me than logging all IP, because there are thousands of proxies servers and it would be time consuming to ban each IP I found in this log... With the htaccess thing, I wouldn't have to worry about most easy proxies, which people use. For better proxies, I can still range ban. – pko May 12 '12 at 17:10
  • Anyway for phpbb2 there is no moderation queue for newest members, unfortunately. A newly registered member has the same rights as an old chap. And the moderation team is quite fast for banning idiots :) But well, I'd rather keep them away with their proxies... So my question is just if anyone has an idea why this code used to work, but not anymore. Seems very odd, since it worked once... Thanks for your answer ;) – pko May 12 '12 at 17:10
  • maybe try mod_spamhaus? updated my answer – user237419 May 12 '12 at 17:16
  • I don't have access to the root server stuff, but I'll take a look thanks – pko May 12 '12 at 18:05
0

3 things I do for my work's website that help eliminate 99.9% of all our contact form spam:

1) measure the time that passes from when the contact form loads to the time it was submitted. If someone submits the form within <10 seconds, it has to be a computer because theres no way a human could answer all the required questions in that time, even with an address population plugin. You might consider a similar tactic to prevent scripts from rapidly posting.

2) If the contact message contains multiple or suspect urls, flag as spam. Preventing multiple url links might not be acceptable for a bulletin board situation but if you can spot any particular unique url pattern in the spam posts, you might be able to filter these posts.

3) we have a false hidden email address field human users would never see, so if the form is submitted with the hidden field having a value we know it wasnt a human... may be you could do something similar with a false comment box?

These may not work for you since they would to be implemented at the PHP level and not apache, and they're only really effective against automated scripts, but hopefully atleast it gives you some ideas for additional ways to handle your spam problem

WebChemist
  • 138
  • 8