search

bhadaway / stop-spammers

Stop Spammers has been forked into a new project called Dam Spam.
https://github.com/bhadaway/dam-spam
35 stars 13 forks source link

double chk #125

Open jetsam729 opened 4 years ago

jetsam729 commented 4 years ago

ss_options.php opt 'Check for Major Hosting Companies and Cloud Services' -> chkhosting.php -> 'Amazon AWS Server' [] opt 'Check for Amazon Cloud' -> chkamazon.php -> 'Amazon AWS Server'[] (two identical array of ip)

why have two options and double check? ;)

I would remove both the first option and the second option as deprecated. For verification (and it is not necessary to track the change of blocks of ip-addresses) there is dnsbl. IP address lists are outdated and do not contain information - there may be a spammer or maybe a good user. a spammer, as a rule, changes the location often.

bhadaway commented 4 years ago

You're probably right (your contributions have been awesome — thank you!), but playing devil's advocate, this might be useful to some users because they might want to either block all popular cloud servers or just specific ones, as the option stands now.

But yes, the whole approach may need to be thrown out and replaced.

jetsam729 commented 4 years ago
  1. geoip2 -> get asn -> if word ddddd (example OVH) in - blocked [before reg] or
  2. dnsbl (5-6 service & stop on first ok answer) [before reg]

but many user go via vpn/vps/vds :) + tor :) - not spammer - example, at russia many resource blocked by gov and go out via vpn (maybe spam hosting). to my web many go from clod google - block google? :) or to whitelist google???

This is a difficult and easy question. there should be only a few tools. you can no longer decide only on the basis of a cloud hosting. here a comprehensive approach - I send when registering an activation email - 99% of spammers a second time do not receive urls from a letter - these are bots based on simple (instant) registration. don't even need another filter :) sfs + abuseipdb + blocklistde , and 99% of spammers (and hackers) are blocked. you can still take data from the cleantalk page. 2-3 seconds for the entire scan (3-4 requests). if you have 20,000 users and more than 1,000 posts daily - this is a different area - other approaches and tools.

Over the past 4-5 months, I saw only one bot that passed (sent) an invisible recaptcha (google) field during registration (it was blocked by the DNSBL list). without any other checks, the rest were blocked by recaptcha :))))))))