homepage Welcome to WebmasterWorld Guest from 54.205.144.54
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / WebmasterWorld / Webmaster General
Forum Library, Charter, Moderators: phranque

Webmaster General Forum

    
strange spam bot attack requesting deleted pages
getting many requests for deleted phpbb forum
punisa




msg:4032116
 10:21 am on Nov 26, 2009 (gmt 0)

Hello guys,
on my site I had phpbb forum which wasn't being used for at least a year. Couple of days ago I noticed that suddenly a lot of posts appeared with "obscene" content.
As I wasn't even using the forum I simply deleted the whole folder from ftp and removed all associated tables in my DB.

Then the problems began. A certain IP range keeps requesting hundreds of deleted forum files resulting in 404s now.
At least 500-1000 requests per day.
All IP addresses start with either 84. or 89. other numbers seem to be pretty random, IP locator says all these requests come from Frankfurt Am Main (Germany).

-How should I proceed? I have virtually no experience in IP blocking, I know there is a way to do this in .htaccess, but is it even possible to block such a wide range?
- what is it exactly that I'm seeing here? I never heard of such situation. What is this spammer trying to do actually? Except generate hundreds of 404's in my log?

I'd appreciate any help and suggestions..

 

lammert




msg:4032439
 10:51 pm on Nov 26, 2009 (gmt 0)

There is a group of spam bots located in a German network which also targeted my phpbb forums some time ago. I have solved the problem in my firewall by simply blocking all HTTP traffic from those IP ranges (they resolved to server data centers, not to end user IPs). IP blocking in the firewall has the advantage that it doesn't cause any load on the webserver, but you have to know what you are doing, because you can easily lock down your server completely.

My experience is that those forum spam bots are quite dumb, and you will get requests for the deleted pages for at least another six months or so. If you don't have the forum anymore you can just let the spambots come in and eat their 404. They don't harm and adding all those IPs to your .htaccess for filtering might slow down other users because for every legitimate HTTP request the rules in the .htaccess files are parsed to see if a matching IP address exists.

punisa




msg:4032614
 9:33 am on Nov 27, 2009 (gmt 0)

Thanks for the input lammert.
Seems that this is not an isolated issue I'm experiencing then.
As you said, they really seem rather "dumb". What could be the point in hitting a 404 wall so many times?

I suppose no harm will be done, but they do mess with my statistics somewhat, because they usually enter the front page and then keep looking for phpbb pages, which don't exists any more.
But indeed they get active with wide array of IP addresses, I also believe that trying to block them in htaccess would be a terrible mess.

lammert




msg:4032871
 7:11 pm on Nov 27, 2009 (gmt 0)

These spambots apparently don't parse the HTTP return codes and therefore don't remove your URLs from their list. They will try over and over until by human intervention your forum URLs are removed from the spamlist or the spambots is loaded with a new set of URLs. That can take several months.

I use this dumb attitude of spambots now in my new anti-spam approach and with my current setup they don't even reach my register or post scripts anymore.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Webmaster General
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved