Need help thwarting spambots to speed up the forum again

Post by **jacob** » Fri Dec 07, 2012 4:33 am

See viewtopic.php?t=3020#post-41936

dot_com_vet · Post by **dot_com_vet** » Fri Dec 07, 2012 5:41 am

How about putting the site behind cloudflare? www.cloudflare.com
Easy, free, and I believe it will take care of this.

My_Brain_Gets_Itchy · Post by **My_Brain_Gets_Itchy** » Fri Dec 07, 2012 5:32 pm

Hi Jacob,
If it is just the registration page (not the login), you can temporarily disable/remove/delete the page or form and put up a message and do registration manually via a temporary email address(yeah, sucky solution but it should immediately stop the problem)?
Not sure if you tried either of the two below articles, but hope this may help:
http://www.thesitewizard.com/apache/blo ... cess.shtml
http://en.linuxreviews.org/HOWTO_stop_a ... _.htaccess

Post by **jacob** » Sun Dec 09, 2012 5:30 pm

The IPs are mostly unique (probably dynamic). The IPs don't tend to repeat more than 10 times each, but there are thousands, so I don't think I can filter out individual ones. Even filtering out repeats would not solve the problem because most of the IPs are unique. I estimate ~5 bots based on the time-patterns (they're fairly regular) and how they identify themselves (they're all pretending to be browsers).
Some numbers for accessing the registration page

Bots: 1500

Unique IPs: 1200

Real users: 1-2

buzz · Post by **buzz** » Mon Dec 10, 2012 1:59 am

Ban by user agent:

RewriteCond %{HTTP_USER_AGENT} ^UserAgentHere [NC]

RewriteRule . abuse.txt [L]
Ban by uri request:

RewriteCond %{REQUEST_URI} page.html [NC]

RewriteRule . abuse.txt [L]
Ban by referrer:

RewriteCond %{HTTP_REFERER} !^http://(www\.)?spam\.com/ [NC]

RewriteRule . abuse.txt [L]
Ban by ip:

order allow,deny

deny from 192.168.0.1

allow from all
Ban by isp:

order allow,deny

deny from some-evil-isp.com

allow from all
Hope this helps. You have to find a pattern to avoid banning legitimate users.
Since it's only one page, you may consider renaming the actual page and all links to it (temporary fix) or secure the form with htpasswd and leave a notification near the registration link what the user and password is.

dot_com_vet · Post by **dot_com_vet** » Mon Dec 10, 2012 4:53 am

Jacob, did you look into Cloudflare? It would really fix this whole mess in about five minutes. (I do this for a living.)
PM me if you have questions.

tylerrr · Post by **tylerrr** » Tue Dec 11, 2012 7:42 am

I emailed Jacob a solution that should work. I never got an email back. Did you get it Jacob?

nawor · Post by **nawor** » Wed Dec 12, 2012 1:33 pm

The forum is very slow again today. The suggestion of Cloudflare is a good one. I just changed one of my sites to run through it. Sign up for a free account, change your DNS servers to their DNS servers, and that's it. It took me 5 minutes. Excellent service.

Post by **jacob** » Thu Dec 13, 2012 2:08 am

I switched cloudflare yesterday evening or at least I think I did. It's still showing as inactive.

dot_com_vet · Post by **dot_com_vet** » Thu Dec 13, 2012 3:03 am

I'd say give it the 24 hours to update to Cloudflare, then contact your hosting support if it's still inactive. Ping me if you need me.

Post by **jacob** » Fri Dec 14, 2012 4:53 am

Still inactive. Contacted host support.

Post by **jacob** » Mon Dec 17, 2012 2:38 am

Cloudflare is now Active.
But that broke the blog! I get a "Firefox has detected that the server is redirecting the request for this address in a way that will never complete." which I think has to do with some mix up between .htaccess and WP settings. I'm trying to figure out how to access the blog without getting caught in the loop.

George the original one · Mon Dec 17, 2012 2:48 am

With IE, I got an error from Cloudflare saying the blog site was down and they didn't have a cached version of the page.

Post by **jacob** » Mon Dec 17, 2012 3:38 am

Yeah, it seems to be a DNS issue, where the automatic setup included a bunch of www's that should be there and wp being set up to redirect www.early... to early... thus looping infinitely.
Fixing this (without screwing it up) is beyond me so I'll wait for support to get back to me on this. Lets hope the world does end in the mean time.

Post by **jacob** » Mon Dec 17, 2012 3:44 am

Temporary fix by switching cloudflare off from the blog and (presumably) keeping in on on the blog.

dot_com_vet · Post by **dot_com_vet** » Mon Dec 17, 2012 5:55 am

Jacob, that's what I'm seeing in dns. The forum is behind Cloudflare, the blog is not.
If something else needs done, and support can't help, let me know.

henrik · Post by **henrik** » Thu Dec 27, 2012 1:21 pm

Approximately since the move to Cloudflare, I am not able to get updates from the forum via RSS. The feed seems to work fine when I add it, but then fails to get any more updates. No problem with the blog feed. Is anyone else experiencing the same?

Post by **jacob** » Fri Dec 28, 2012 1:21 am

@henrik - I think it's on your end. The RSS feed from the forum to the blog (see the blog's left sidebar) is still updating.

Spartan_Warrior · Post by **Spartan_Warrior** » Thu Jan 17, 2013 6:16 am

So... not to prod or anything, but I'm still experiencing constant hanging, slowness, and the "Cloudflare back-up" page that George described upthread. Much as I like ya all, ten minutes of waiting/refreshing to navigate the forum each time is becoming not worth it. :/

Spartan_Warrior · Post by **Spartan_Warrior** » Thu Jan 17, 2013 6:18 am

So... not to prod or anything, but I'm still experiencing constant hanging, slowness, and the "Cloudflare back-up" page that George described upthread while navigating the forum. Much as I like ya all, ten minutes of waiting/refreshing to move from page to page on the forum is becoming not worth it. :/
In fact I'm going on ten minutes just trying to post this...