Keith
11-18-2012, 01:34 PM
This week there's been an enormous amount of registration spam (100+ per hour), so I took the following steps:
1. I turned on the registration moderation with manual approval, the system sends me an email when a new registration comes through.
2. I have always had human verification turned on, with simple questions/answers, including math problems. So yesterday I eliminated the math related questions, and further customized the Questions/Answers to be more applicable to the content topic of our site. Meaning, if we're running a gardening site, the QA pertains to gardening.
3. Valid email verification has always been turned on and remains active.
As a result, moderation emails telling me to look at a new registration request have been reduced dramatically since I changed the Questions/Answers, but a few still get through and placed in the moderation queue before I do in and delete them. The Who's Online screen indicates they're still trying to register or scanning over my site.
When I look at the VB Who's Online, I'm seeing IP addresses like the following, some indicate they're using a proxy or some other method like a vpn to spoof location in the US.:
18.177.76.217.akado-ural.ru (by example - resolves to an IP in Boston, MA)
127-254.nwlink.spb.ru
dynamicip-176-214-33-177.pppoe.spb.ertelecom.ru
host224-180-109-176.lds.net.ua
139.static.118-96-211.astinet.telkom.net.id
Our site is entirely local based, at the State level. Unless one of our existing members is traveling on business outside the US, there would be very few reasons for someone else in a foreign country to register or post.
So is there a way to look at the location in this same manner, and block any location ending in .ru or .ua or .id by example? I don't think I can do this in htaccess, and thought maybe there's a VB hack available to do it by looking at the end of the IP as it appears in the Who's Online list?
I'm reading up on all the anti spam hacks, but haven't found something related specifically to blocking by those last two country letters. Thanks in advance for any guidance on this particular question.
1. I turned on the registration moderation with manual approval, the system sends me an email when a new registration comes through.
2. I have always had human verification turned on, with simple questions/answers, including math problems. So yesterday I eliminated the math related questions, and further customized the Questions/Answers to be more applicable to the content topic of our site. Meaning, if we're running a gardening site, the QA pertains to gardening.
3. Valid email verification has always been turned on and remains active.
As a result, moderation emails telling me to look at a new registration request have been reduced dramatically since I changed the Questions/Answers, but a few still get through and placed in the moderation queue before I do in and delete them. The Who's Online screen indicates they're still trying to register or scanning over my site.
When I look at the VB Who's Online, I'm seeing IP addresses like the following, some indicate they're using a proxy or some other method like a vpn to spoof location in the US.:
18.177.76.217.akado-ural.ru (by example - resolves to an IP in Boston, MA)
127-254.nwlink.spb.ru
dynamicip-176-214-33-177.pppoe.spb.ertelecom.ru
host224-180-109-176.lds.net.ua
139.static.118-96-211.astinet.telkom.net.id
Our site is entirely local based, at the State level. Unless one of our existing members is traveling on business outside the US, there would be very few reasons for someone else in a foreign country to register or post.
So is there a way to look at the location in this same manner, and block any location ending in .ru or .ua or .id by example? I don't think I can do this in htaccess, and thought maybe there's a VB hack available to do it by looking at the end of the IP as it appears in the Who's Online list?
I'm reading up on all the anti spam hacks, but haven't found something related specifically to blocking by those last two country letters. Thanks in advance for any guidance on this particular question.