News:

Wondering if this will always be free?  See why free is better.

Main Menu

Spammer-defence by entry-page?

Started by walrus2019, September 04, 2019, 03:51:43 PM

Previous topic - Next topic

walrus2019

Dear all,

Forbes has a very annoying page: when you get the url of an article of Forbes, you do not read the article web-page, but land in a page, where you have to click on a link, AND THEN are directed automatically to the actual article page.

We never thought that we would consider installing such a mechanism. But in the last weeks we were flooded by Chinese and other spammers, who spider the forum and abuse its contents on their web-farms. 2 Chinese internet access providers are responsible for over 500000 forum reads in just 2 weeks. This is a severe abuse, and we are facing problems with our web-hoster.

The abuse is much worse, because the attackers show up with up to 1000 diffferent IPs simultaneously. So we can not block their IPs. The Chinese were easy to block, but a cloud of IPs we can not handle.

So we need some mechanism to separate spiders from real humans. But we were not able to find such a mechanism in the forum. Did we miss something?

If someone knows a way to handle the problem, we would be very happy.

Regards,

Walrus

Arantor

Having the landing page doesn't really protect you significantly in terms of bandwidth etc.

Something like Cloudflare is probably a better bet, and you can just block all the traffic from China and be done with it.

walrus2019

As far as I understand, Cloudflare is a commercial company. But we are guests on a webspace given to us by friends.

As I said: We can not block all the various IPs, because they  do not come from distinguishable internet access providers. There are hundreds of simultaneous read requests. We think they are from hijacked PCs. There is no other explanation because of the sequence of requests.

If the spiders were hindered to access the forum pages, after some time they would give up, because they can no get what the want to harvest.

We do know that the additional layer is annoying, but we think that human guests of the forum will understand the matter.

Arantor

That's why you use something like CloudFlare, by way of them having a list of IP addresses linked to a given country.

And no, I guarantee you that for the bots to give up in the fashion you're talking about, it will take months for them to actually notice.

vbgamer45

Cloudflare  does have a free plan which I believe will give some of the blocking features. Give it a try.
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

walrus2019

To me Cloudflare just looks line one more parasite. Just like the anti-virus companies.

There must be better things than those gangs which just drain money.

We have a small and tough forum, and we are guests. We can not put the burden of attacks onto our generous hosts. we have to do it our way.

Arantor

Then I wish you the very best possible luck.

walrus2019

Quote from: vbgamer45 on September 04, 2019, 04:23:34 PM
Cloudflare  does have a free plan which I believe will give some of the blocking features. Give it a try.


That looks so at the first sight. But we have 30 to 50 GB traffic per month. This is the region where Cloudflare DOES want money. We encountered other "free" offers which are much too small, like for 10 web pages, or something like that. But we already outgrew that size.

vbgamer45

You can do geoip solution with apache  or other firewall.
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

walrus2019

Quote from: vbgamer45 on September 04, 2019, 04:35:29 PM
You can do geoip solution with apache  or other firewall.


This will not work, because they come from all over the world via hijacked PCs. That is the problem. They behave like ordinary guests, which - in fact - they are not.

So we need a means to make guests undergo a manual procedure, just like Forbes. As I said: We do not like it that way, but we see no other chance.

The entry page, even if hit by hundreds of thousands of requests, is so small in size that it will save more than 95 percent of the traffic. The forum pages easily exceed 300 to 500 kB.

Mick.

I use recaptcha mod only. No smf security questions no nothing. Yet I have no spammers. Tho, i see them sign up but they dont post.

walrus2019

Quote from: Mick. on September 04, 2019, 04:48:43 PM
I use recaptcha mod only. No smf security questions no nothing. Yet I have no spammers. Tho, i see them sign up but they dont post.

Those spammers who want to register in the forum, do not succeed.

Our problem is GUESTS. They are not registered. They simply drain traffic. This is why we need something to force guests to undergo a manual procedure. But we do not see any way to do that.

walrus2019

Quote from: Mick. on September 04, 2019, 04:48:43 PM
I use recaptcha mod only. No smf security questions no nothing. Yet I have no spammers. Tho, i see them sign up but they dont post.

I have to add something about the term "spammers":

The spammers that we encounter are NOT those which place crappy forum posts. The spammers we encounter read forum pages, then shred them to particles of some sentences, and then mount those particles with particles taken from other web-sites in new web-pages the fill their web-sites with: hundreds of thousands of pages.

This way they abuse the original writers of the original web-pages, attract search engines, and pull the major traffic of real people to their sites.

This has a dramatic effect:

1. The huge number of targets for search engines leads to only a fraction of the surfers go and read the original pages. The original pages simply drown in an ocean of crap. This is a deadly means to suppress unwanted web-sites.

2. The search engines might consider the original sites as paying partners of spammers with the INTENT of flooding the search engines - and so the search engines will drop the original sites in ranking. This, too, is a deadly means to suppress unwanted web-sites.


The waves of attack show up suddenly, exceed HUNDREDS of read requests per 15 minutes, and disappear as fast as they began. Which definitely is not the usual traffic caused by humans living in other time zones. Such traffic goes up slowly, and fades away, on a daily basis.

Also, very peculiar: the requests are not for the latest forum entries, but for stuff several years old. Humans would rather read new topics.

vbgamer45

You can try mod_evasive on apache might help just adjust the settings.
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

walrus2019

If "mod-evasive" is something to be installed on the server: we have no means to do that. We can only modify the forum software. Access to the server itself we do not have.

vbgamer45

Quote from: walrus2019 on September 04, 2019, 05:37:40 PM
If "mod-evasive" is something to be installed on the server: we have no means to do that. We can only modify the forum software. Access to the server itself we do not have.
it is. could be installed though you might be able to control though .htaccess or contact your host.
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

walrus2019

Quote from: vbgamer45 on September 04, 2019, 05:48:18 PM
it is. could be installed though you might be able to control though .htaccess or contact your host.

I have no idea what you mean. Where is that modification? How can it be controlled by .htaccess?

vbgamer45

Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

walrus2019

Quote from: vbgamer45 on September 04, 2019, 06:06:32 PM
https://www.linode.com/docs/web-servers/apache-tips-and-tricks/modevasive-on-apache/ [nofollow]

Thank you, but we have no access to that. Our hosts only can work on a cpanel. so they have no access to the server itself.

Herman's Mixen

You can use the SMF GeoIP modification written by a former SMF Member...
It needs a bit of updating, but there are here people around who can help you with that...
Met vriendelijke groet, The Burglar!

 House Mixes | Mixcloud | Any Intelligent fool can make things bigger, more complex, and more violent.
It takes a touch of genius - and a lot of courage - to move in the opposite direction. - Albert Einstein

Former Godfather of our dutch community ;)

Advertisement: