Spamming with Private VPNs

Technical and non-technical chit-chat about whatever. Discuss, trade notes, complain, debate, just keep it civilized.

Moderators: cgrey8, EDS50, 2Shaker, Jon 94GT

Post Reply
User avatar
cgrey8
Administrator
Posts: 10710
Joined: Fri Jun 24, 2005 5:54 am
Location: Acworth, Ga (Metro Atlanta)
Contact:

Spamming with Private VPNs

Post by cgrey8 » Mon Aug 19, 2019 6:13 am

Historically, it's been easy to ban a lot of the spammers via their IP. In fact, I'd often just block the entire range of IPs they hit the site from since most of the time, they are from countries that generally don't have a lot of Ford tuning going on like China or India.

However with the advent of all these Personal VPNs that are out there now, people buy their way into hiding who they are, aren't tracked, and as a result aren't going to be punished even if I contacted the VPN company and told them the IP and time the offense occurred. If they don't track their users, then how could they possibly "punish" anybody for wrong doing?

So my only alternative is to start banning IP ranges that VPNs use, even if they are in the US. While it's not likely, what I can't be assured is that I won't inadvertently block legitimate users (possibly using the same VPN company but not using them to wreak havoc).

The question to you guys is, how many of you access the site while using a P-VPN? I know a lot of them integrate into your phone and are active all the time. So all access to the Internet is secured and there's nothing nefarious about what you are doing...you just don't want to be tracked by websites. And I get that. But how big of a deal is it going to be if the popular P-VPN IPs wind up getting blocked?

Or would you prefer the admins not block the VPNs and just clean up the spam when it happens?
...Always Somethin'

89 Ranger Supercab, 331 w/GT40p heads, ported Explorer lower, Crane Powermax 2020 cam, 1.6RRs, FMS Explorer (GT40p) headers, Slot Style MAF, aftermarket T5 'Z-Spec', 8.8" rear w/3.27s, Powertrax Locker, Innovate LC-1, GUFB, Moates QuarterHorse tuned using BE&EA

Member V8-Ranger.com

User avatar
EDS50
Administrator
Posts: 3733
Joined: Sun Apr 05, 2009 9:17 am
Location: Tampa Bay, FL
Contact:

Re: Spamming with Private VPNs

Post by EDS50 » Mon Aug 19, 2019 10:53 am

I just delete suspicious member accounts which are pretty easy for me to weed out. I must have a good track record since I have not been questioned on one account delete in 10 years.
1992 LX - 25.1c Chassis, Vortech Blown Dart 332, Lentech Trans, TRZ Backhalf, A9L, Moates QH/SL v1.9, BE, EA, TunerView

User avatar
cgrey8
Administrator
Posts: 10710
Joined: Fri Jun 24, 2005 5:54 am
Location: Acworth, Ga (Metro Atlanta)
Contact:

Re: Spamming with Private VPNs

Post by cgrey8 » Mon Aug 19, 2019 11:07 am

Deleting the account gets rid of the user and, if selected, all the offending posts they created.

And that's fine, but my intention is to block the IP they registered from so they can't create another account later and just keep spamming at will. Most use throw-away emails, so blocking email address isn't any more effective. So if they can create an account once, they can just as easily create another with another "burner" email address. But if we block the IPs they are hitting the site from, that stops them from even being able to create an account.

My fear is getting too excessive with the blocks and inadvertently blocking the IPs legitimate users might use.
...Always Somethin'

89 Ranger Supercab, 331 w/GT40p heads, ported Explorer lower, Crane Powermax 2020 cam, 1.6RRs, FMS Explorer (GT40p) headers, Slot Style MAF, aftermarket T5 'Z-Spec', 8.8" rear w/3.27s, Powertrax Locker, Innovate LC-1, GUFB, Moates QuarterHorse tuned using BE&EA

Member V8-Ranger.com

User avatar
EDS50
Administrator
Posts: 3733
Joined: Sun Apr 05, 2009 9:17 am
Location: Tampa Bay, FL
Contact:

Re: Spamming with Private VPNs

Post by EDS50 » Mon Aug 19, 2019 11:12 am

I agree with what you are wanting to do. I would move forward with blocking the ip's as you see fit and if a legitimate account gets blocked or involved in the process; they do have the option to contact us to dispute the blockage via the "contact us" form that comes to our emails. I personally have not received one as of yet.
1992 LX - 25.1c Chassis, Vortech Blown Dart 332, Lentech Trans, TRZ Backhalf, A9L, Moates QH/SL v1.9, BE, EA, TunerView

User avatar
cgrey8
Administrator
Posts: 10710
Joined: Fri Jun 24, 2005 5:54 am
Location: Acworth, Ga (Metro Atlanta)
Contact:

Re: Spamming with Private VPNs

Post by cgrey8 » Mon Aug 19, 2019 11:58 am

Will do.

It just really bothered me when I checked this morning and there were 30 something spam posts, most with Chinese letters, but the registration IP was from the US. I know most P-VPNs let you choose the country you want to "appear" to be from. That's quite useful for things like watching Netflix where certain shows are only available in certain countries.

I figured that out when I went to Canada and found that Netflix had the latest season of a show I liked, but when I got back here to the US, I couldn't access those episodes. I even had some episodes downloaded to my tablet, but once the app realized I was back in the US, it denied me the ability to watch what I'd already downloaded! So a common use of P-VPNs is to fool apps like Netflix into letting you watch shows that technically aren't "allowed" for US customers to watch.

Point is, knowing you can do that with P-VPNs, I'm fairly confident that's what the spammer was using. Being I have all the known IPs in China already blocked (as I'm assuming many other sites do), my guess is spammers are going to start using P-VPNs more and more.
...Always Somethin'

89 Ranger Supercab, 331 w/GT40p heads, ported Explorer lower, Crane Powermax 2020 cam, 1.6RRs, FMS Explorer (GT40p) headers, Slot Style MAF, aftermarket T5 'Z-Spec', 8.8" rear w/3.27s, Powertrax Locker, Innovate LC-1, GUFB, Moates QuarterHorse tuned using BE&EA

Member V8-Ranger.com

User avatar
EDS50
Administrator
Posts: 3733
Joined: Sun Apr 05, 2009 9:17 am
Location: Tampa Bay, FL
Contact:

Re: Spamming with Private VPNs

Post by EDS50 » Mon Aug 19, 2019 12:28 pm

I have seen a majority of spam ip's from India as well here which I have deleted their accounts and have not seen them return. Maybe you are getting to them faster than I do. Can we not set up the registration process for new accounts/members to be approved by a moderator before their accounts/memberships are activated? I am sure there are other measures to prevent spam accounts like captcha security protocols or some type of security/screening questions that can be administered.
1992 LX - 25.1c Chassis, Vortech Blown Dart 332, Lentech Trans, TRZ Backhalf, A9L, Moates QH/SL v1.9, BE, EA, TunerView

User avatar
cgrey8
Administrator
Posts: 10710
Joined: Fri Jun 24, 2005 5:54 am
Location: Acworth, Ga (Metro Atlanta)
Contact:

Re: Spamming with Private VPNs

Post by cgrey8 » Mon Aug 19, 2019 12:32 pm

Yeah I see a number of them from India too. Unfortunately India's IP ranges are so scattered and narrow, that it doesn't surprise me that you see a lot from there.
...Always Somethin'

89 Ranger Supercab, 331 w/GT40p heads, ported Explorer lower, Crane Powermax 2020 cam, 1.6RRs, FMS Explorer (GT40p) headers, Slot Style MAF, aftermarket T5 'Z-Spec', 8.8" rear w/3.27s, Powertrax Locker, Innovate LC-1, GUFB, Moates QuarterHorse tuned using BE&EA

Member V8-Ranger.com

User avatar
EDS50
Administrator
Posts: 3733
Joined: Sun Apr 05, 2009 9:17 am
Location: Tampa Bay, FL
Contact:

Re: Spamming with Private VPNs

Post by EDS50 » Mon Aug 19, 2019 12:57 pm

If we want to take on the extra work we can just set the user account registration from "by user (email verification)" to "By admin" so every registration has to go through our hands....probably a lot of work but any spam would be nipped in the bud sort of speak.
1992 LX - 25.1c Chassis, Vortech Blown Dart 332, Lentech Trans, TRZ Backhalf, A9L, Moates QH/SL v1.9, BE, EA, TunerView

User avatar
cgrey8
Administrator
Posts: 10710
Joined: Fri Jun 24, 2005 5:54 am
Location: Acworth, Ga (Metro Atlanta)
Contact:

Re: Spamming with Private VPNs

Post by cgrey8 » Mon Aug 19, 2019 1:10 pm

Yeah, we set it that way a few years back. And that worked. It was just inconvenient for the people registering because they had to wait until we got around to reviewing the requests and approve them. But if it gets bad like it did back then, we may have to do that.

Right now, it's only a spammer once a week or so which is quite manageable. Back then, we could get multiple spammers an hour just because the authentication was so weak that unmanned bots were able to register and post. I'd go to bed with the forum clear and the next morning, there'd be a hundred spam posts. So yeah, we had to resort to that back then until something better could be put in place.

An update to phpBB allowed us to put into place a "pass phrase" to get registered. We pointed people trying to register to forum rules FAQ and told them about 1/2 way down the page what the pass phrase is to get registered. So presumably only a human would be able to figure it out. But I don't see that setting anymore.
...Always Somethin'

89 Ranger Supercab, 331 w/GT40p heads, ported Explorer lower, Crane Powermax 2020 cam, 1.6RRs, FMS Explorer (GT40p) headers, Slot Style MAF, aftermarket T5 'Z-Spec', 8.8" rear w/3.27s, Powertrax Locker, Innovate LC-1, GUFB, Moates QuarterHorse tuned using BE&EA

Member V8-Ranger.com

User avatar
EDS50
Administrator
Posts: 3733
Joined: Sun Apr 05, 2009 9:17 am
Location: Tampa Bay, FL
Contact:

Re: Spamming with Private VPNs

Post by EDS50 » Mon Aug 19, 2019 1:18 pm

I know our current phpbb is 3.2 and the latest is 3.2.7. Not sure if an update is required. Anyway to restrict registration by email protocol such as anything other than .com, .org or .net is not able to be registered?
1992 LX - 25.1c Chassis, Vortech Blown Dart 332, Lentech Trans, TRZ Backhalf, A9L, Moates QH/SL v1.9, BE, EA, TunerView

User avatar
cgrey8
Administrator
Posts: 10710
Joined: Fri Jun 24, 2005 5:54 am
Location: Acworth, Ga (Metro Atlanta)
Contact:

Re: Spamming with Private VPNs

Post by cgrey8 » Mon Aug 19, 2019 1:20 pm

You'd have to figure out what all the extensions are that are legitimate, like .edu, .au, .uk, etc etc.
...Always Somethin'

89 Ranger Supercab, 331 w/GT40p heads, ported Explorer lower, Crane Powermax 2020 cam, 1.6RRs, FMS Explorer (GT40p) headers, Slot Style MAF, aftermarket T5 'Z-Spec', 8.8" rear w/3.27s, Powertrax Locker, Innovate LC-1, GUFB, Moates QuarterHorse tuned using BE&EA

Member V8-Ranger.com

User avatar
EDS50
Administrator
Posts: 3733
Joined: Sun Apr 05, 2009 9:17 am
Location: Tampa Bay, FL
Contact:

Re: Spamming with Private VPNs

Post by EDS50 » Mon Aug 19, 2019 1:23 pm

Makes sense. Probably best to keep proceeding as we are.
1992 LX - 25.1c Chassis, Vortech Blown Dart 332, Lentech Trans, TRZ Backhalf, A9L, Moates QH/SL v1.9, BE, EA, TunerView

User avatar
tvrfan
Tuning Addict
Posts: 417
Joined: Sat May 14, 2011 11:41 pm
Location: New Zealand

Re: Spamming with Private VPNs

Post by tvrfan » Mon Aug 19, 2019 3:23 pm

It's a catch-22, like much of the internet.

me -
I don't have a fixed IP on my account, and don't use a VPN for this site.
As default, I use Firefox with NoScript to switch off most/all of the JavaScript to stop ads,popups,trackers, which it does well, but it does stop some things working on many sites (like signing in !!)


I guess you guys (the mods) can only watch and weed out offenders and hacks.

Either it's a bulletin board, open to possible abuse, or it's not.
I can't see any way unless you review all new members, (via email acceptance/special password, or such like) which I can see is a PITA.

I reckon as long as any abuse is cleaned up fairly quickly, then that's just fine (for me at least!).

Having worked in a Govt dept for a long while, I was amazed at the number of pings, email probes, bot attempts, which occur EVERY SECOND on the dept's web servers, they had two guys who monitored it more or less continuously for hacks. I saw the logs as they rolled up the screen....


Keep up the good work !!
TVR, kit cars, classic cars. Ex IT geek, development and databases.
https://github.com/tvrfan/EEC-IV-disassembler

User avatar
EDS50
Administrator
Posts: 3733
Joined: Sun Apr 05, 2009 9:17 am
Location: Tampa Bay, FL
Contact:

Re: Spamming with Private VPNs

Post by EDS50 » Mon Aug 19, 2019 8:37 pm

Watch n weed seems to be working fairly well up to this point. It appears to me that leaving my most current abuser (Cyeargz) active has kept them from returning...lol.
1992 LX - 25.1c Chassis, Vortech Blown Dart 332, Lentech Trans, TRZ Backhalf, A9L, Moates QH/SL v1.9, BE, EA, TunerView

User avatar
cgrey8
Administrator
Posts: 10710
Joined: Fri Jun 24, 2005 5:54 am
Location: Acworth, Ga (Metro Atlanta)
Contact:

Re: Spamming with Private VPNs

Post by cgrey8 » Tue Aug 20, 2019 6:11 am

Another thing I've noticed that helps is not deleting the user, but banning it and changing the password of the account. At the very least, it keeps the bot from reusing the email address to register another account (the forum won't allow a new user to register with an email address already used by another registered user). I don't know that this slows them down any today, but I did notice back when we were getting spammed hourly that I'd delete a user and the same exact username would come right back, registering with the same email address.
...Always Somethin'

89 Ranger Supercab, 331 w/GT40p heads, ported Explorer lower, Crane Powermax 2020 cam, 1.6RRs, FMS Explorer (GT40p) headers, Slot Style MAF, aftermarket T5 'Z-Spec', 8.8" rear w/3.27s, Powertrax Locker, Innovate LC-1, GUFB, Moates QuarterHorse tuned using BE&EA

Member V8-Ranger.com

Post Reply

Who is online

Users browsing this forum: No registered users and 3 guests