You should consolidate and use subnets where possible. The WHOIS command is great for looking up allocations for blocks.
I have 2.0 RC3.....How would I do that?
If you are using Linux or OS X as your desktop system, open up a terminal and simply run "whois
ip address". If you're on Windows, you will probably want to download
JWhois from GNUWin32, then run that from the command prompt.
Reading WHOIS info on IPs takes some learning, and is a bit more involved than I will get into here. However, I will give an example from on of your above listed IPs.
$ whois 174.36.199.200
#
# Query terms are ambiguous. The query is assumed to be:
# "n 174.36.199.200"
#
# Use "?" to get help.
#
#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=174.36.199.200?showDetails=true&showARIN=false
#
torservers.net NET-174-36-199-200 (NET-174-36-199-200-1) 174.36.199.200 - 174.36.199.207
SoftLayer Technologies Inc. SOFTLAYER-4-7 (NET-174-36-0-0-1) 174.36.0.0 - 174.37.255.255
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
From the above search, we see that the range that IP falls in is specifically "174.36.199.200 - 174.36.199.207". In SMF, you can add the IP ban as "174.36.199.200-207". Checking with an online subnet calculator, they are likely a /29. (In some notation it would be: 174.36.199.200/29). Some WHOIS servers will kindly provide the subnet mask bits (the number after the /)
Further, the range that service is in is owned by SoftLayer, a server provider. No humans should normally be browsing from that their range, so you can block 174.36.0.0 - 174.37.255.255. That's two /16 blocks, by the way (I am a sysadmin by trade, so I know the basic subnet masks).
If you have server access, use iptables (Linux) or pf (BSD) to block the IPs at the system level.
I do have server access, but you lost me....what do I need to do?
Using the IP ranges I looked up above, you can do the following using iptables.
For the most restrictive set (the /29 network), the following command will work.
iptables -I INPUT -s 174.36.199.200/29 -j DROP
For that whole block for SoftLayer, you'd use:
iptables -I INPUT -s 174.36.0.0/16 -j DROP
iptables -I INPUT -s 174.37.0.0/16 -j DROP
As a bonus with iptables, httpd doesn't even see the requests as they are being blocked before they ever go to it. If you don't want to figure out the mask bits (the number after the /) you can also use full ranges like show in the WHOIS output, just don't use spaces around the hyphen.
You'll need to look up the rules for pf if you're on BSD.
Also note that these will only stay applied until the firewall service is restarted, or a reboot. Different distributions store iptables information in different ways. Check documentation on how to save the rules so they persist.
Unless you need to, disable memberlist access for guests.
I would love to, I have 2.0 RC3.....How would I do that?
Admin -> Members -> Permissions
Modify the permisions for Guests. Uncheck "View profile summary and stats" and save.
You could see if you can add a referrer check to the login process to avoid direct submissions. Note that this will break logins for a very small percentage of users that block sending referrers or who use networks that do so.
I have 2.0 RC3.....How would I do that?
That would require code changes and I honestly don't have the time to dig into the code and find the best way to handle it. Honestly, it's a last-choice option, something that you should only do if all other efforts fail as it has the most chance of causing issues for real users.
