Feedback for Restricted Registration plugin
If a bunch of savvy users implemented this and could tell me what is more effective in determining bots (first ip address column or second) and times of day and patterns. and maybe get a consolidated list of problem ips and patterns, I be we could make a pretty effective filter.
But it takes a community - so log results (or partial summarization of log results of problem ips and patterns would be useful in creating a better plugin to hone in on things.
possible Future plans - make the log readable from dashboard (provided forum admins find the whole concept of value). clearing log by date or time or keeping only last 200 entries or some such thing, and a stat page on registration attempts.
A consensus of good ideas can direct this project.
also if a lot of forums get problem bots from the same ip octets or first two or three octets, we could create a master list of of bad bot ips and keep a running list for people to add to their forums .htaccess list or whatever method they want to block or readable from this plugin and autoblock.
thx @shadowdare for feedback. figured I'd open up the gates.
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
Comments
Another top effort from your good self.
I shall put it into action tomorrow!
cool. there is a better read me in version 1.3
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
@peregrine
It is working well, and has already logged a couple of hundred attempts.
There seem to be two kinds of 'attack'.
One Bot applies the brute force method, applying as the same user from the same IP address multiple times.
Another Bot uses the same reason for joining, but seems to switch user names and IP each time it is rejected.
@whu606 would you be interested in sharing a dump of your log?
If you don't want to post it here, feel free to PM me.
Search first
Check out the Documentation! We are always looking for new content and pull requests.
Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.
@hgtonight
Happily.
Anything that makes their job less easy or successful.
First file wasn't complete...
Take two
thanks Whu606.
if more people were like you, we might be able to put a damper on this.
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
@whu606
this ip is using brute force 218.86.50.58
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
edited. will add this plugin today.
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
@whu606
I added some new features - and based on your results. I think you will like it.
It also skips logging attempts by know spammers, thus reducing size of your log file.
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
you could add these ip's to block also.
IP Address: 220.250.58.171 Autonomous System #: AS4837 Organization: CHINA169-BACKBONE CNCGROUP China169 Backbone Network CIDR Block: 220.248.0.0/14 Network IP Range: 220.248.0.0 to 220.251.255.255 Country of Origin: CN (CHINA) Org. Address: fuzhoucity,Fujianprovince,China CN 110.80.109.17 Autonomous System #: AS4134 Organization: CHINANET-BACKBONE No.31,Jin-rong Street Private Network? No Network CIDR Block: 110.80.0.0/13 Network IP Range: 110.80.0.0 to 110.87.255.255 IP Address Registrar: APNIC whois.apnic.net Country of Origin: CN (CHINA) Org. Address: 7,East Street,Fuzhou,Fujian,PRC No.31 ,jingrong street,beijing CN IP Address: 27.154.9.4 Autonomous System #: AS4134 Organization: CHINANET-BACKBONE No.31,Jin-rong Street Network CIDR Block: 27.152.0.0/13 Network IP Range: 27.152.0.0 to 27.159.255.255 IP Address Registrar: APNIC whois.apnic.net Country of Origin: CN (CHINA) Org. Address: 7,East Street,Fuzhou,Fujian,PRC CN IP Address: 72.52.116.232 Autonomous System #: AS6939 Organization: HURRICANE - Hurricane Electric, Inc. Network CIDR Block: 72.52.64.0/18 Network IP Range: 72.52.64.0 to 72.52.127.255 IP Address Registrar: ARIN whois.arin.net Country of Origin: US (UNITED STATES) Org. Address: 760 Mission Court Fremont, CA 94539 US IP Address: 59.60.120.223 Autonomous System #: AS4134 Organization: CHINANET-BACKBONE No.31,Jin-rong Street Network CIDR Block: 59.60.0.0/15 Network IP Range: 59.60.0.0 to 59.61.255.255 IP Address Registrar: APNIC whois.apnic.net Country of Origin: CN (CHINA) Org. Address: 7,East Street,Fuzhou,Fujian,PRC No.31 ,jingrong street,beijing CNI may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
@peregrine
Thanks for all your efforts.
Just added it.
That's going to open up a whole new
on those pesky spammers!
http://forums.riskyinternet.com/viewtopic.php?f=9&t=23
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
you could comment out line 130 if you don't want to see that either. and it will reduce log size
but then again, you could leave it in for false positives.
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
I would help. What exactly do you need me to do?
do exactly what whu606 did, install the latest version of the plugin and post the log of applicants who you think are spammers.
this is what whu did:
copy your registrationrestrictlog.php remove the first 3 lines and remove any valid applicants and post it here.
update to newest version 1.5 so far
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
too bad you don't get mention notifications - because you have a space in your name.
but that's a topic for a different discussion.
I meant version 1.6 is latest version as of this moment.
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
It's doing a grand job, @Peregrine!
The ability to add in terms and ips is very useful.
Thanks again.
it's good to get feedback for this plugin. I don't plan to do anything more (unless you have more thoughts @whu606), since no one else is providing patterns or ips and since i don't run a forum, i don't need it.
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
@peregrine
I think it is probably pretty much as good as you need to make it.
Whilst people could share a blacklist of IPs, they change so quickly that it might be easier just to manage our own.
The 1.6 version is currently logging far fewer attempts to register, which I guess is the impact of the plugin rejecting them out of hand.
Haven't had one get through to actually register today.
Huzzah.