Specific bot
 

Hello all,

Sorry if this is not the place to post, but I am currently running a new Gaming community and we have had a few bots register. I have since banned a few IP's and mail servers like .ru and .yandex. I have created a robots.txt file as well. Anyway I banned one user that I though was a bot. I have noticed he has been on the site many times and seeing the "Viewing 'No Permission' Message" and the one IP I added to Ban User section in options his IP showed to be the same. I have since deleted his account via admin section and now I am seeing him accessing the site with many variations of this IP info:

107-172-195-39-host.colocrossing.com
107-172-205-106-host.colocrossing.com
107-173-224-144-host.colocrossing.com
Etc. this host.colocrossing.com is showing for guest over 14 times at a time on my whos online.

Anyway I can block all of this? I have many spambot mods from vBulletin.org installed as well as Spam o Matic and still having issues with this bot or bots. Attached is an image of what I am seeing all the time.

Your help would be greatly appreciated.

Forgot to mention I am using VB 4.2.3.

It's very well possible that it's a (small) DDoS attack. Simply said, there's no way to stop it without getting DDoS protection or flood protection. Actually stopping proxies and IP addresses that belong to hosting companies is also very difficult.

Hello Dave,

Thanks for your reply. I sent in a support ticket where I have my VPS and they looked at my files and saw no signs of DDos attacks. I do have DDos protection on my site and I think flood protection too. Today I come home and I see I have 40 guests online which 3 were Google bots, the rest from those IPs that are in the image. I don't know what to do get stop this crap.

Again thanks for your reply

If the IP addresses are mostly in the 107.172.*.* range then you can try to block that IP range but just keep in mind that it's possible that you block legitimate traffic/users that way.

In my experience no good traffic ever comes from Colocrossing and their allies. Attached is my block list, it has not been updated for the most recent address blocks but it should suffice.

Dave, thanks again for your reply. Yup I know about blocking ranges. I guess thats the chance I will have to take.

Kane, Thanks for your reply and your information, its good to know. Very much appreciate your block list. I will have to add the other IP's to it later.

Again thanks all for the info, very much appreciated.

Look at installing ZB Block (see the link in my signature). It is an outstanding solution to protecting ones forum from spam/spammers. We have been using it on our vBulletin forum since 2012, and spam/spammers are as rare as hens teeth for us.

I use it too and it is excellent at what it does. However, it is not a Vbulletin mod and does not integrate so certain tasks you do in ACP or even on the board itself, will trigger a SQL injection attack (among others) block, thread titles that contain wildcard characters too.

That said, you can tune the signature file to suit your needs.

I've simply taken to turning ZB Block off temporarily when I have something that needs doing either in the AdminCP or from a SSH konsole connection that would trigger a false positive. When I'm done, I turn it on again.

Before we installed ZB Block, I was cleaning up spam and spam accounts every day, and the number of such was increasing, and that was, even then, with Spam-O-Matic installed. After installing ZB Block, the number of spam accounts that got registered (and as a consequence, spam posts) went to practically zero. I'm a firm believer in ZB Block. It simply works.