SPAM WAR

Discission about the future of Aardvark Topsites PHP.

SPAM WAR

Postby toplist » 2008-05-15 02:36 pm

Uffff.... another SPAM brainless turkish site !!! :|

Take a look at this link: www __ . __ vecih __ . __ com __ / __ toplistler __ / __ sohbet1.html

Sorry for strange URL format ... is only for mask it to robot and so on ... I don't want to give to this SPAM site more indexing return by ATP board.

So, in this case, this page is only a collector of TOPLIST site button ... sometime the spammer register his real site and then put on a collector page your button code.

Then, some users thinking that on the original registered site there's a masked page !! Wow .. where is the code !! ... but is not true.
Spammers have set your code on another site and call your ATP from it an then charge hits on the original ranking site.

Is simple to understand this ... put this command on your button.php:

$referer = getenv('HTTP_REFERER');

This function return Browser REFERER... explain for newbe: "The site URL where come from the GET request to your toplist's button.php file" :D

If you know a little of PHP ...you can try to collect and tracking these results in a MySQL table.

You can view the real site where your button code was published. :D

Yes ... I know that exist some tricks to mask REFERER ... and some browser do not return this ... but is sufficient only one hits ... and you can understand the joke !! :wink:

So, how can we stop it ??

Mmmm... there are more than one solution ... try to analyze someone:

1) Check if the REFERER is equal to the URL registered ... or with some special PHP function analyze it and understand if it is similar to the registered ( some regular site could be use for the same website a lot of different domain prefix:

http://www.abcd.com
http://www.abcd.it
http://www.abcd.net
....and so on ....

or

http://www.abcd.com
forum.abcd.com
shop.abcd.com

we don't want to block it.....but ... is true that some hosting release web space like:

myforum.somehosting.com
yourforum.somehosting.com
....

it seems to be the same site ... but is not true... it's different forums. (is a rare case ... but possible ... and if webmaster is the admin of 2 level domain ... he can workaround our control routine)

Well, we can accept the risk and then apply this solution.


2) .... in the next post ... later ... it's diner time !! :D
toplist
Advanced Member
 
Posts: 99
Joined: 2007-02-21 04:59 pm
Location: Italy

Re: SPAM WAR

Postby toplist » 2008-05-24 03:51 pm

Hi all,

take a look at this site: http:// ____ www __ . __sanahasret__ . __ com/rr/r6/2.htm

(remove underscore from url to see the real site ... is only for not indexing this site on this forum)

Another collecting page of toplist button !! :twisted:

Well ... how to stop this ? We working on our .htaccess APACHE file.

Here an example based on the REFERER and reliable to stop all the client that surf above site:

_____________________________________________________
<Files 403.shtml>
order allow,deny
allow from all
</Files>
# stop Referer's spam
SetEnvIfNoCase Referer sanahasret\.com spammer=yes

deny from env=spammer
_____________________________________________________



Mod your ".htaccess" file and insert the lines above. If you want to block other spam sites, just add more lines...

SetEnvIfNoCase Referer spammersitedomain1\.com spammer=yes
SetEnvIfNoCase Referer spammersitedomain2\.net spammer=yes
SetEnvIfNoCase Referer spammersitedomain3\.org spammer=yes
...
...
and so on. :D :D :D

Bye. 8)
Max
toplist
Advanced Member
 
Posts: 99
Joined: 2007-02-21 04:59 pm
Location: Italy

Re: SPAM WAR

Postby toplist » 2008-05-24 04:03 pm

I forgot ....

if you want, you can modify your .htaccess to stop all TURK TELEKOM client !! :(

Many hit are generated from TURK TELEKOM client on TURK spammer site !! :(

So we can stop all TURK TELEKOM IP address spaces !! :)

Add these lines to your .htaccess:

deny from 85.97.158.0/23
deny from 212.174.48.0/21
deny from 81.214.29.0/24
deny from 81.214.30.0/24
deny from 85.98.48.0/20
deny from 81.213.64.0/21
deny from 81.213.72.0/22
deny from 81.213.80.0/22
deny from 81.213.84.0/22
deny from 81.213.88.0/21
deny from 81.213.96.0/21
deny from 81.213.104.0/22
deny from 81.213.112.0/21
deny from 81.213.120.0/22
deny from 81.213.108.0/22
deny from 81.213.112.0/20
deny from 81.213.128.0/17
deny from 81.213.64.0/19
deny from 212.156.160.0/19
deny from 212.156.192.0/18
deny from 81.214.104.0/21
deny from 81.214.112.0/20
deny from 81.214.190.0/23
deny from 81.214.192.0/18
deny from 81.214.24.0/21
deny from 81.214.32.0/19
deny from 81.214.64.0/19
deny from 81.214.96.0/21
deny from 85.96.40.0/21
deny from 85.96.48.0/20
deny from 85.96.64.0/19
deny from 85.96.96.0/22
deny from 85.96.100.0/22
deny from 85.96.104.0/21
deny from 85.96.112.0/20
deny from 85.96.128.0/21
deny from 85.96.136.0/22
deny from 85.96.142.0/23
deny from 85.96.144.0/20
deny from 85.96.160.0/21
deny from 85.96.168.0/22
deny from 85.96.172.0/23
deny from 85.96.0.0/22
deny from 85.96.208.0/20
deny from 85.96.224.0/21
deny from 85.96.232.0/22
deny from 85.96.236.0/23
deny from 85.97.132.0/22
deny from 85.97.136.0/21
deny from 85.97.144.0/20
deny from 85.97.160.0/20
deny from 85.97.176.0/21
deny from 85.99.0.0/21
deny from 85.99.16.0/20
deny from 85.99.32.0/19
deny from 85.99.64.0/21
deny from 85.99.8.0/21
deny from 85.97.0.0/20
deny from 85.97.16.0/20
deny from 85.97.32.0/19
deny from 85.97.64.0/19
deny from 85.97.96.0/21
deny from 85.96.244.0/22
deny from 85.96.248.0/21
deny from 85.96.28.0/22
deny from 85.96.32.0/21
deny from 85.96.4.0/22
deny from 85.96.8.0/22
deny from 85.97.104.0/22
deny from 85.97.112.0/22
deny from 85.97.124.0/22
deny from 212.174.16.0/22
deny from 212.174.20.0/23
deny from 212.174.22.0/24
deny from 212.174.68.0/23
deny from 212.175.170.32/27
deny from 212.175.64.0/22
deny from 81.214.15.0/24
deny from 81.214.22.0/24
deny from 85.96.240.0/23


These are all subnet managed from TURK TELEKOM (dial-up, DSL client and so on ...)

A lot of SPAM is reduced and stopped and a lot of unusefull traffic to your topsite will be blocked. :D :D :D

Bye. 8)
Max
toplist
Advanced Member
 
Posts: 99
Joined: 2007-02-21 04:59 pm
Location: Italy


Return to Development

Who is online

Users browsing this forum: No registered users and 0 guests

cron