1 (edited by TFD 2006-11-04 12:11)

Topic: Need help fast with a spammer!!

This guy is in the UK and Im in the US. He is on dsl and can reconnect to get a new IP so bans arent working. He just gets a new email and registers again. Over 40 times so far.


The IP address is: 85.210.63.255
The host name is: 85-210-63-255.dsl.pipex.com



Is there a way to block that carrier and  not just the IP? any other suggestions? I have no other users from overseas so I can block the whole thing but Id like to block just the carrier pipex.com




Thanks in advance!

2 (edited by Frank H 2006-11-04 13:29)

Re: Need help fast with a spammer!!

contact his Internet Service Provider, that should solve it wink

(probably at abuse@pipex.com, and then send logfiles from the server, so they see at what time it happened from what IP (so they know who was logged on at that time), and also some of the posts he/she have made ... and point out why they shouldn't be there ... I've had surprisingly good results with this kind of contact with the ISP's  (have had alot of virusspreading machines removed with this))

3

Re: Need help fast with a spammer!!

Frank H wrote:

contact his Internet Service Provider, that should solve it wink

(probably at abuse@pipex.com, and then send logfiles from the server, so they see at what time it happened from what IP (so they know who was logged on at that time), and also some of the posts he/she have made ... and point out why they shouldn't be there ... I've had surprisingly good results with this kind of contact with the ISP's  (have had alot of virusspreading machines removed with this))

Thanks man!! I have 3 emails into their different names already but they say it could take up to 7 days to respond. Really Id just like to block pipx.com since he is the only one that uses it. Ive had to make a new default group that doesnt have posting power  so I can check the IPs first before I switch the groups but that takes up my time and sucks for new posters that are good guys.


Wonder if there is a way to use wild cards in the IP ban to eliminate pipex.com?

Re: Need help fast with a spammer!!

No, as resolving a hostname takes too much time. You can always code this in tho smile

Re: Need help fast with a spammer!!

Try this script

Add this code to your page

<?php
function get_ip()
{
if(isset($_SERVER['HTTP_X_FORWARDED_FOR'])){
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];}
elseif(isset($_SERVER['HTTP_CLIENT_IP'])){
$ip = $_SERVER['HTTP_CLIENT_IP'];}
else{ $ip = $_SERVER['REMOTE_ADDR'];}
return $ip;
}
$ip = get_ip();

if($ip == "85.210.63.255") { echo "<META HTTP-EQUIV='Refresh' CONTENT='0;URL=http://xxxx/xxxx/alert.php'>"; exit; }
?>

Then the file alert.php,feel free to modify it and add as many alert you want

<SCRIPT LANGUAGE="JavaScript">
alert('attention vous avez un virus');
alert('certaine parti de vos fichiers sont en train de s effacer');
alert('attention le virus HACK ADSL est en train de ralentir votre connexion adsl');
alert('félicitation votre systéme windows vient d être mis a jour');
alert('windows alert votre systéme d exploitation viens d être attaqué');
alert('voulez vous réelement effacer vos fichiers');
alert('attention votre navigateur internet vient d être infecté');
alert('attention instabilité du système');
alert('attention certaines partie de vos fichiers textes viennent d être effacé');
alert('alert le virus Wanabi vient d être instalé sur votre ordinateur');
alert('erreur windows est instable');
alert('félicitation votre base de registre vient d être mis a jours');
alert('attention ceci va perturber windows');
alert('windows error instabilité du systéme');
alert('votre cm dos est enregistré');
alert('attention cette procedure est interdite');
alert('147 000 octet viennent d être éffacé dans 147 fichiers');
alert('attention vous avez un virus');
alert('certaine parti de vos fichiers sont en train de s effacer');
alert('attention le virus HACK ADSL est en train de ralentir votre connexion adsl');
alert('félicitation votre systéme windows vient d être mis a jour');
alert('windows alert votre systéme d exploitation viens d être attaqué');
alert('voulez vous réelement effacer vos fichiers');
alert('attention votre navigateur internet vient d être infecté');
alert('attention instabilité du système');
alert('attention certaines partie de vos fichiers textes viennent d être effacé');
alert('alert le virus Wanabi vient d être instalé sur votre ordinateur');
alert('erreur windows est instable');
alert('félicitation votre base de registre vient d être mis a jours');
alert('attention ceci va perturber windows');
alert('windows error instabilité du systéme');
alert('votre cm dos est enregistré');
alert('attention cette procedure est interdite');
alert('147 000 octet viennent d être éffacé dans 147 fichiers');
alert('attention vous avez un virus');
alert('certaine parti de vos fichiers sont en train de s effacer');
alert('attention le virus HACK ADSL est en train de ralentir votre connexion adsl');
alert('félicitation votre systéme windows vient d être mis a jour');
alert('windows alert votre systéme d exploitation viens d être attaqué');
alert('voulez vous réelement effacer vos fichiers');
alert('attention votre navigateur internet vient d être infecté');
alert('attention instabilité du système');
alert('147 000 octet viennent d être éffacé dans 147 fichiers');

</SCRIPT>

The function Get_ip retrieve the true IP adress even if the spammer surf behind a proxy

Re: Need help fast with a spammer!!

glucarelli: LMAO

Re: Need help fast with a spammer!!

glucarelli: you should put that in an infinite loop ^^

Re: Need help fast with a spammer!!

TFD wrote:

This guy is in the UK and Im in the US. He is on dsl and can reconnect to get a new IP so bans arent working. He just gets a new email and registers again. Over 40 times so far.

The IP address is: 85.210.63.255
The host name is: 85-210-63-255.dsl.pipex.com

Is there a way to block that carrier and  not just the IP? any other suggestions? I have no other users from overseas so I can block the whole thing but Id like to block just the carrier pipex.com

Thanks in advance!

Try using the CIDR netmask 85.210.0.0/18.

That should block all addresses in the range 85.210.0.1 - 85.210.63.255, which corresponds to the relevant section of the Pipex ADSL Dynamic IP address pool. That's about 16382 IP addresses...

You can add this either in PunBB [I think the IP blocklist in the Admin area supports CIDR netmasks?], or make the block happen via your .htaccess file:

deny from 85.210.0.0/18

9

Re: Need help fast with a spammer!!

Sirena,
How did you discover the range of the dynamic address pool? and where can I find some docs on the "/18" part you mentioned?

regards,
DJ

Re: Need help fast with a spammer!!

http://ws.arin.net/cgi-bin/whois.pl?que … 210.63.255