hbpowerwall
Administrator
- Joined
- Oct 7, 2016
- Messages
- 2,219
New porn page.
- Thread starter chuckp
- Start date
No DON"T!!!
ng.sa
Member
- Joined
- Apr 4, 2017
- Messages
- 92
G'Dat ITUser
You know that it is very unusual to have an inbound USSR IPV4 ?
I have been building a IPV4 database for more than 20 years mainly from port 25 attempts.
These guys are usually using T O R, which I use myself daily to try and cover their tracks, are you checking if these are exit points ?
I have been blocking ranges for 20 + years and would suggest you block 176.59.0.0 - 176.59.255.255 = 65,536
This is the allocation that contains these few IPV4 you listed.
You are better wasting their time than blocking, a couple of my mates and I have been setting up port 80 servers that do not have a .php server and creating files like admin.php or login.php this wastes a lot of time on their side with no return. We are currently using 100 of these honey pot domains.
Just my 2c worth !!!
You know that it is very unusual to have an inbound USSR IPV4 ?
I have been building a IPV4 database for more than 20 years mainly from port 25 attempts.
These guys are usually using T O R, which I use myself daily to try and cover their tracks, are you checking if these are exit points ?
I have been blocking ranges for 20 + years and would suggest you block 176.59.0.0 - 176.59.255.255 = 65,536
This is the allocation that contains these few IPV4 you listed.
You are better wasting their time than blocking, a couple of my mates and I have been setting up port 80 servers that do not have a .php server and creating files like admin.php or login.php this wastes a lot of time on their side with no return. We are currently using 100 of these honey pot domains.
Just my 2c worth !!!
italianuser
Moderator
- Joined
- Feb 25, 2020
- Messages
- 780
Spamhaus is good. On mail servers it's a good idea to use at least four or five of them, overhead is only a few seconds.
In Italy, by law, all emails must be delivered because they have the same legal value as ordinary post. I mark it as spam in the subject.
italianuser
Moderator
- Joined
- Feb 25, 2020
- Messages
- 780
Hey there ng.sa!
I get quite a lot of connections from east Europe, Russia and asian IPs. Eastern hacking groups have huge botnets.
Today's SMTP in sessions on main MX server; i could say 90% or maybe more is just spam and connection checks
It could be a russian provider connected to spam/hacking activities, a serious provider wouldn't allow all of that spam activity; I mean the provider should receive alerts from monitoring and anti abuse systems... if they ignore them (or don't have them) they are not serious.
Uhm, I normally never block a whole class B network. Could be worth it in this case but their IP space should be analyzed before blocking.
Yeah! Expecially if you have a nice server-side 5 second delay before giving the response hahaha!
TheBatteries
Administrator
- Joined
- Oct 8, 2016
- Messages
- 2,127
I had DNSBL disabled as it was causing too many false positives. I've turned it back on. We'll see if/how well it helps.
italianuser
Moderator
- Joined
- Feb 25, 2020
- Messages
- 780
As you all know, I think, to mark a message as spam a multiple factor score is computed.
On mail server I use a threshold of 6.6 point to mark a message as spam; DNSBL give a +3.0 points to the score. Spam Assassin has a full set of rules for this.
For a forum it could be more difficult to make a score system, maybe something like this:
+1.0 points for a message with short URL (bit.ly or similar)
+1.0 point for given words or strings (sexy, sex, russian girls, ecc)
-100.0 for messages from well-known users
if (any positive condition is satisfied) then
+1.0 point for message if new user
etc.
Maybe a plugin like Askimet (available for Wordpress) could be good, too.
On mail server I use a threshold of 6.6 point to mark a message as spam; DNSBL give a +3.0 points to the score. Spam Assassin has a full set of rules for this.
For a forum it could be more difficult to make a score system, maybe something like this:
+1.0 points for a message with short URL (bit.ly or similar)
+1.0 point for given words or strings (sexy, sex, russian girls, ecc)
-100.0 for messages from well-known users
if (any positive condition is satisfied) then
+1.0 point for message if new user
etc.
Maybe a plugin like Askimet (available for Wordpress) could be good, too.
Why do you get all the fun, forward the porn ;-)Oh, and there was I thinking we’d be getting to rate a few babes.
hbpowerwall
Administrator
- Joined
- Oct 7, 2016
- Messages
- 2,219