Blocking IP Address from RUSSIA and Overseas.

Lol, it's your site and you can do what you want, but seriously, there IS a limit to what a bot can do. It sounds easier to just block an IP but I've been on forums where it was filled with spammers and they were more humans (mostly college kids doing it for money)... so even if the bots can't get through, the bot owners can simply send a swarm of kids your way... then of course there's proxy IPs : )

Just keep trying with the tried and true stuff before your country-ban-list gets higher than 5.

 

You don't know what our talking about....go to phpbb and ask about bots.

These days BOTS can read captcha, activate, and EVEN post coherent messages!

I can block as many countries as I see fit, and why not? Mainly all I see is overseas bots and especially from Russian Federation and Netherlands....

So again...don't take it personally man...I am just sick and tired of the bots!

 

phpbb is so riddled with holes... it's like the least secure forum software out there.

I realise there are bots that can read captchas and whatnot, but they are still not in the majority. Yes, you can block whoever you want, it's your site, but magically a lot of other sites with lots of traffic manage to deal with it. I'm just saying, try all the other avenues first. Sure, if I was getting a gazillion bots from some IPs in Rusland I'd likely block them too... but blindly blocking countries is really only going to work for so long, and if you are so under attack it's likely that someone got a bunch of information from you already and are selling it like hotcakes.

Learn server security. Don't build forums out of phpbb-- use vBulliten or Simple Machines Forums-- two of the most secure forum softwares out there. Change your email addresses right now, everyone already has them apparenlty. Set rigid guidelines for signing up-- everyone has some trouble with bots, but usually it's not huge. Yes, there are even bots who can "read" Javascript-- they are also in the minority. Keep your scripting server side and not client side.

Hell, avoid PHP like the plague-- it is NOT a mature language (we're hoping PHP6 changes this) and has security vulnerabilities, mostly due to the lack of any namespaces save global and the fact that it will let you run scripts written like crap-- PHP encourages sloppy programming. Try doing some of this with Perl or Python and it will force you to have better-written code just because of how they are designed.

Anyway, I wish you luck. Bots suck.

 

Do your forum host on type server (linux or MS)?

 

phpbb is free and the best....IMO.

as for bots..they just crawl the web like crazy in the billions!

the reason most forums wont block countries by IP is because they want international traffic and are open to all countries..

my site however is not..and is only intended for Canadians...

 

Steaming pile of garbage with security holes big enough to sail the USS IOWA through. I wouldn't trust phpBB's coders for security any more than I would trust them to use accessable fonts - AKA any more than I would trust a banker, lawyer or link-whore advertising scammer.

I disliked phpBB - right up until neverNoSanity - after that I cannot understand how ANYONE could be DUMB ENOUGH to use it for ANYTHING.

Unless of course you want your site raped so bad that when it happens you drag everyone else hosted on the same server down into the ninth ring of hell.

 

it is useful also for me thanks for your help i was looking for this for a while

 

ummm yea ok there buddy...

 

You can dislike phpBB for whatever reason but opposite to you i like phpBB, i trust phpBB and i use it phpBB for last 5 years and never faced any problem.
phpBB is secure forum if you keep it update with all security patches. It is same with any other software. Keep it up to date and you will never face any security issue.
Looking to your reply i think that you have never used phpBB because there is not any reason to blame phpBB for any security issue more than any other commercial forums like VB or IPB...

 

I agree with CDarklock here:
http://www.theadminzone.com/forums/showthread.php?t=35601

phpbb2 had so many holes and had so many patches released to fix those hole in such a short time... I'm surprised phpbb didn't lost its whole userbase back then. Guess a lot of people were willing to stick it out.

 

Yea I agree with Deny...

I dont think these guys have ever even bothered to use phpbb.

 

Funny guy...

I started out with a dislike for it just because of the raging hardon most theme designers for it have with 9px or smaller fonts. No scaling, useless at default zoom, etc, etc... admittedly it's a petty reason, but eight years ago it was enough.

My experience with phpBB since then has entirely been cleaning up installations other people have either ****ed up or had ****ed up... So it does skew my view a bit - thing is I've NEVER seen VB, IPB, YaBB, SMF, Snitz, or even the fat bloated pig known as UBB/InfoPop, or any other board I can think of get AS royally ****ed as phpBB.

Mind you, a LOT of the following has been addressed and fixed in phpBB3 - but honestly it's like closing the barn door after the horses got out.

1) Lack of separation of database access from output means any serious skinner had to dig into the sources for the simplest of appearance changes - welcome to neutering your upgrade path.

2) Lack of a consistant mod application system or plugin hooks means most mods make changes that are unlikely to be usable on your next upgrade unless you or the mod maintainer rewrites it - welcome to neutering your upgrade path. (though I have a basic distrust of mods, portals or anything else that runs this RISK - If a feature you want isn't built in, you are using the wrong software)

3) What is considered basic functionality before phpBB even existed is nowhere to be found until phpBB 3.0 - meaning almost everything USEFUL has to be applied by mods - see the above two items for the problem with this. Seriously this page:
http://www.phpbb.com/about/features/

Says a LOT about phpBB - Serious game of catch-up for them since 99% of what's 'new' in 3 has been in every other forum software since, well... since before phpBB was a twinkle in a floss fanboy's eye.

4) separate directly callable .php files for all functions is a security risk when you have no 'throw' method to verify calling them - this was only recently addressed in the past YEAR in phpBB2, when it's a simple matter of setting a variable and checking it. Prior to 2.0.9 you could call admin.php directly and easily fake it's required info to sieze complete control.

5) perl execution exploits and script injections - took down two thirds of the internet when NeverNoSanity (aka perl/santy.a - http://www.sophos.com/security/analyses/perlsantya.html ) hit - I had clients who got screwed by this when THEY weren't even running phpBB, but were simply on a shared host where somebody else was. Those of us who lived through and had to clean up that mess are a hard sell on EVER trusting phpBB ever again. YES, the patch that closed the vulnerabilty had been available for close to six months BEFORE, but 90% of the people using phpBB couldn't upgrade to that patch - see #1, #2 and #3 (this applies in particular to dumbasses running portal mods)

Now as I said above, phpBB3 addresses almost all of these issues - Mod manager, basic functionality (attachments, time limited bans, user logging, advanced registration, per forum rights, etc, etc) are now included in the baseline... I'm evaluating it for the handful of clients I have who have not switched to other softwares right now - but for me, the trust just isn't there. phpBB has been such total garbage in the past that I can't see how anyone could put the least bit of trust in it moving forward.

Unless of course one is a dirty hippy obsessed with GPL at all costs - nothing like limiting one's freedom of choice in the name of freedom.

 

Funny statements where i ask myself of we talk about same board here?
Never mind back to my opinion.
Regarding upgrading... There was not any problem since i run phpBB for a last 5 years with upgrading of phpBB with more than 50 Mods from one build to another or simple change anything regarding codes if you would like to change skins or add code etc... It was always trouble-free!

Upgrading from phpbb V2.x to phpBB V3.x is another story but you have marked here simple build upgrading or simple appearance changes and it is
so easy that i can not believe that you have mention it as difficult task

There are a lot trusted Mod from phpBB that give you freedom to make phpBB your dream board with many uniques skins. Please see above my reply that there is not any problem with this.

ooppss.... Let's see something about commercial Vbulletin and IPB:
http://secunia.com/search/?search=vBulletin (23 Vulnerability last one from 2007-11-28 )
http://secunia.com/search/?search=Invision+Power+Board (28 Vulnerability - last one from 2008-02-21)


Why i show you this above (you probably already know it but never mind)?
It is ridiculous to mention patches, hacking because every board have own weakness as you can see from example above for 2 big commercial board where you need to pay a couple hundred dollars and then again take a risk to be screwed up.

It is question of taste between commercial board with all their weakness and free phpBB on another side with all weakness and everybody must to chose what he want.
phpBB3 is new board generation that include many addon what was before available for phpBB2 by Mods (piece of cake to install mods with automated system of installation) and it is true but difference commercial and free board does not exist in my opinion.
Only big difference is of you gonna to spend a couple hundred dollars on commercial board that give you nothing more than you can get with free phpBB.
Finally here is obviously difference in meaning between us but simple blaming phpBB for everything what "board do not have" and other well or "because of security risk" and others not is what i can not accept and what is so far from true.

 

I'd just like to mention that Simple Machines Forums are free as well, and are tighter security-wise. I'm sure there are others as well. Were I to set up a forum now, even though I hear good things about vBullitin, price would be my main reason not to use it. Same would go for IPB. You don't HAVE to buy a commercial product to have quality. : )

Heh, thanks for the message microtekblue... I actually have an aunt who's Canadian but she lives in the US (Michigan).

 

Find the range of ip addresses coming from Russia and add it in the option in the platform you use.

 

Hi, I use IPDeny.com lists:

wget -4 --no-proxy --no-cookies --no-cache http://ipdeny.com/ipblocks/data/countries/ru.zone # RUSSIA

Code (markup):

Once downloaded, block that IP list in the firewall.

 

I have the opposite problem. On the contrary, I'm from Russia, and on many websites for some reason my ip blocked. I'm already a little tired of paying for a proxy (advanced.name) that would just use the Internet outside of Russia.