Showing revision 12

Blockierte IP-Adressen wegen Spamming

Navigation

Suche

    September 2023
 Mo Tu We Th Fr Sa Su
              1  2  3
  4  5  6  7  8  9 10
 11 12 13 14 15 16 17
 18 19 20 21 22 23 24
 25 26 27 28 29 30

Difference between revision 11 and revision 12

Summary: IE 6.0 angepasst

Changed:

< RewriteCond %{HTTP_USER_AGENT} "^Mozilla\/4\.0 \(compatible; MSIE 6\.0; Windows NT 5\.2; SV1; \.NET CLR .*$"

to

> RewriteCond %{HTTP_USER_AGENT} "^Mozilla\/4\.0 \(compatible; MSIE 6\.0; Windows NT 5\..*$"

Spammer sind auch für Blogger und Wiki-Betreiber ein echtes Problem.

Identifizierte Spammer kann man über die Datei `.htaccess` aussperren. Hier die Regeln auf tschlotfeldt.de.

Apache-Dokumentation: http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html

Einige hartnäckigen Spammer liefern über offene Proxies Trackbacks in Massen ein. Ich habe diese Proxies über deren User-Agent ausgesperrt: 'libghttp/1.0'.

Überhaupt Trackbacks. Normalerweise werden Trackbacks nicht von Webbrowsern abgeschickt. Dafür kommen Trackback-Spams mit normalen User-Agents rein. Also aussperren, z.B. MS IE 6.0.

Seit einiger Zeit versuchen Spammer Trackbacks und Kommentare einzuliefern, indem sie als Referrer multiple URIs angeben. Die werden auch gleich ausgesperrt.

1. Zunächst mal ein ReWrite, das muss vor den Drupal-Regeln in der htaccess eingetragen werden:

<IfModule mod_rewrite.c>
  RewriteEngine on

  ## spam trackbacks send the unusal user-agent "Opera/8.0"
  RewriteCond %{HTTP_USER_AGENT} ^Opera\/8\.0.*$
  RewriteCond %{REQUEST_METHOD} ^POST
  RewriteRule ^trackback.*$  -  [F]

  ## masses aof spam trackbacks from this ua
  RewriteCond %{HTTP_USER_AGENT} "^Mozilla\/5\.0 \(Windows; U; Windows NT 5.1; ru; rv:1\.8\.0\.4\) Gecko\/20060508 Firefox\/1.5.0.4$"
  RewriteCond %{REQUEST_METHOD} ^POST
  RewriteRule ^.*$  -  [F]

 # User-Agent MISE 6.0 darf keinen Trackback posten, da Trackback-Spammer rein
  RewriteCond %{HTTP_USER_AGENT} "^Mozilla\/4\.0 \(compatible; MSIE 6\.0; Windows NT 5\..*$"
  RewriteCond %{REQUEST_METHOD} ^POST
  RewriteRule ^trackback.*$  -  [F]


  # Posts von  User-Agent libghttp werden ausgesperrt
  RewriteCond %{HTTP_USER_AGENT} ^libghttp\/1.*$
  RewriteCond %{REQUEST_METHOD} ^POST
  RewriteRule ^trackback.*$  -  [F]
  
  # Posts von User-Agent -- WordPress werden ausgesperrt
  RewriteCond %{HTTP_USER_AGENT} "^-- WordPress\/2\.1\-alpha3.*$"
  RewriteCond %{REQUEST_METHOD} ^POST
  RewriteRule ^trackback.*$  -  [F]

  # Posts mit multiplen Referrern werden ausgesperrt
  RewriteCond %{HTTP_REFERER} "^http:[^,]+, http.*"
  RewriteCond %{REQUEST_METHOD} ^POST
  RewriteRule ^.*$  -  [F]

  # temporary block of POSTs with google-referer
  RewriteCond %{HTTP_REFERER} "^http://www.google.com/$"
  RewriteCond %{REQUEST_METHOD} ^POST
  RewriteRule comment/reply  -  [F]


  ...

2. IP-Adressen aussperren: 

# added by timfly 2005-10-22 -- kaputter Google-Desktop
SetEnvIf Request_URI "\/atom\/atom\/atom"   isevil=yes
# added by timfly 2006-05-24                
SetEnvIf Remote_Addr "61.11.120.62"  isspamhost=yes
SetEnvIf Remote_Addr "72.232.10.10"  isspamhost=yes
# Fasthosts UK
SetEnvIf Remote_Addr "88.208.205.[0-9]+"  isspamhost=yes
# added by timfly 2006-06-10: most active spammer at tschlotfeldt.de
SetEnvIf Remote_Addr "202.75.49.133"  isspamhost=yes
SetEnvIf Remote_Addr "202.75.49.131"  isspamhost=yes
SetEnvIf Remote_Addr "202.75.49.130"  isspamhost=yes
SetEnvIf Remote_Addr "202.75.49.134"  isspamhost=yes
SetEnvIf Remote_Addr "202.76.235.6"  isspamhost=yes
SetEnvIf Remote_Addr "202.71.106.121"  isspamhost=yes
# caran.ru
SetEnvIf Remote_Addr "212.24.3[2-9].[0-9]+"  isspamhost=yes
SetEnvIf Remote_Addr "212.24.[45][0-9].[0-9]+"  isspamhost=yes
SetEnvIf Remote_Addr "212.24.6[0-3].[0-9]+"  isspamhost=yes
SetEnvIf Remote_Addr "212.24.37.12[0-7]"  isspamhost=yes
SetEnvIf Remote_Addr "212.24.4[89].[0-9]+"  isspamhost=yes
SetEnvIf Remote_Addr "212.24.5[01].[0-9]+"  isspamhost=yes
SetEnvIf Remote_Addr "212.158.16[0-9].[0-9]+"  isspamhost=yes
SetEnvIf Remote_Addr "212.158.17[0-5].[0-9]+"  isspamhost=yes
SetEnvIf Remote_Addr "217.23.1[2-9][89].[0-9]+"  isspamhost=yes
SetEnvIf Remote_Addr "217.23.2[0-9][0-9].[0-9]+"  isspamhost=yes
SetEnvIf Remote_Addr "217.23.12[89].[0-9]+"  isspamhost=yes
SetEnvIf Remote_Addr "217.23.1[3-9][0-9].[0-9]+"  isspamhost=yes
SetEnvIf Remote_Addr "217.23.2[0-9]+.[0-9]+"  isspamhost=yes
# 195.225.177.6 (NetcatHosting)
SetEnvIf Remote_Addr "195.225.177.6"  isspamhost=yes
# nodek.ru
SetEnvIf Remote_Addr "81.177.1[45].[0-9]+"  isspamhost=yes
# matoto.com
SetEnvIf Remote_Addr "82.146.53.87"  isspamhost=yes
# TrackBack/1.02 Spammer
SetEnvIf User-Agent "TrackBack/.*" isevil=yes
# OpenHosting UK Network
SetEnvIf Remote_Addr "195.242.215.30"  isspamhost=yes
# TIME Telecommunications Sdn Bhd, Kuala Lumpur
SetEnvIf Remote_Addr "203.121.6[4-9].[0-9]+"  isspamhost=yes
SetEnvIf Remote_Addr "203.121.[7-9][0-9].[0-9]+"  isspamhost=yes
SetEnvIf Remote_Addr "203.121.[12][0-9]+.[0-9]+"  isspamhost=yes
# PQC Service, LLC, UA
SetEnvIf Remote_Addr "70.85.251.114"  isspamhost=yes
# some Spammer-IPs from Affinity Internet IP Management Group
SetEnvIf Remote_Addr "207.234.131.237"  isspamhost=yes
SetEnvIf Remote_Addr "207.36.181.212"  isspamhost=yes
SetEnvIf Remote_Addr "207.36.209.108"  isspamhost=yes
# install-ip-2.euselect.com: über 250 trackbacks an einem Tag von diesem offenen Proxy
SetEnvIf Remote_Addr "62.212.83.94"  isspamhost=yes
# und noch ein Proxy
SetEnvIf Remote_Addr "62.212.81.166"  isspamhost=yes
# Louden County/Dept. of Information Technology
SetEnvIf Remote_Addr "208.27.212.24"  isspamhost=yes
# Bezeq International: Trackback-Schleider
SetEnvIf Remote_Addr "84.108.132.207"  isspamhost=yes
# Telecommunicationcompany Suriname - TeleSur: Trackback-Schleider
SetEnvIf Remote_Addr "200.2.167.7"  isspamhost=yes
# Dongguk University Seoul: Trackback-Schleuder
SetEnvIf Remote_Addr "210.94.178.29"  isspamhost=yes
# Korea Telecom: Trackback-Schleuder
SetEnvIf Remote_Addr "61.78.56.133"  isspamhost=yes
# Shaw Communications Inc., Calgary: Trackback-Schleuder
SetEnvIf Remote_Addr "24.86.152.158"  isspamhost=yes
# Comcast Cable Communications: Trackback-Schleuder
SetEnvIf Remote_Addr "68.57.169.11"  isspamhost=yes
# CHINANET Jiangxi province network: Trackback-Schleider
SetEnvIf Remote_Addr "202.109.187.122"  isspamhost=yes
# GWBN-CD-SHUANGLINSANQU: Trackback-Schleider
SetEnvIf Remote_Addr "211.162.152.206"  isspamhost=yes
# Bluefiber Networks: Trackback-Schleider
SetEnvIf Remote_Addr "64.40.103.8"  isspamhost=yes
# Meisei University, Japan: Kommentarspam
SetEnvIf Remote_Addr "202.232.192.35"  isspamhost=yes
#  Regione Toscana: Kommentarspam
SetEnvIf Remote_Addr "159.213.248.8"  isspamhost=yes
#  Universita di Palermo: Kommentarspam
SetEnvIf Remote_Addr "147.163.15.5"  isspamhost=yes
# Business Network, Panama
SetEnvIf Remote_Addr "81.95.146.227"  isspamhost=yes
# Korea Network Information Center
SetEnvIf Remote_Addr "61.253.10.18"  isspamhost=yes
# Hanaro Telecom Inc.
SetEnvIf Remote_Addr "218.39.97.233"  isspamhost=yes
# Yeouido-dong, Seoul
SetEnvIf Remote_Addr "203.247.156.16"  isspamhost=yes
# Oman Tel
SetEnvIf Remote_Addr "62.231.243.136"  isspamhost=yes
# ColdFusion Hungary Ltd.
SetEnvIf Remote_Addr "193.202.63.138"  isspamhost=yes
# COMUNE Di Faeto / Infostrada
SetEnvIf Remote_Addr "151.2.171.205"  isspamhost=yes
# Inhoster hosting company, Ukraine
SetEnvIf Remote_Addr "85.255.113.51"  isspamhost=yes
# CHINA RAILWAY TELECOMMUNICATIONS CENTER
SetEnvIf Remote_Addr "61.23[2-7].[0-9]+\.[0-9]+"  isspamhost=yes
# Interbusiness infrastructural
SetEnvIf Remote_Addr "217\.141\.109\.[0-9]+"  isspamhost=yes
SetEnvIf Remote_Addr "217\.141\.251\.[0-9]+"  isspamhost=yes
# VITO Teledetectie en Aardobservatie Processen, CVB
SetEnvIf Remote_Addr "193\.191\.168\.158"  isspamhost=yes
# CHINANET Hubei province network
SetEnvIf Remote_Addr "221\.232\.159\.112"  isspamhost=yes
# CNCGROUP Henan province network
SetEnvIf Remote_Addr "125\.46\.36\.223"  isspamhost=yes
# Abitcool(China) Inc.
SetEnvIf Remote_Addr "59\.151\.29\.136"  isspamhost=yes
# Digital United IF,220,gangchi road Taipei Taiwan 114
SetEnvIf Remote_Addr "192\.72\.124\.[0-9]+"  isspamhost=yes
# Shanghai Municipal People's Prosecution Service
SetEnvIf Remote_Addr "222\.66\.48\.253"  isspamhost=yes
# China Railcom Liaoning Branch
SetEnvIf Remote_Addr "61\.235\.241\.114"  isspamhost=yes
# VAAN Dangsandong 5-ga Yeongdeungpo-gu SEOU
SetEnvIf Remote_Addr "211\.232\.92\.231"  isspamhost=yes
# SonicWall Inc
SetEnvIf Remote_Addr "217\.149\.45\.68"  isspamhost=yes
# Chunghwa Telecom Digital Telecom Branch Company
SetEnvIf Remote_Addr "203\.69\.39\.250"  isspamhost=yes
# CHINANET Guangdong province network
SetEnvIf Remote_Addr "202\.96\.189\.45"  isspamhost=yes
# CNC Group CHINA169 Henan Province Network
SetEnvIf Remote_Addr "218\.28\.207\.44"  isspamhost=yes
# Xiamen University Zhangzhou Campus
SetEnvIf Remote_Addr "59\.77\.16\.170"  isspamhost=yes
# ZheJiang Province Telecom Co.,Ltd. LinAn City Branch
SetEnvIf Remote_Addr "60\.190\.249\.66"  isspamhost=yes
# Xiamen University
SetEnvIf Remote_Addr "210\.34\.14\.186"  isspamhost=yes
# Everyones Internet, Houston TX
SetEnvIf Remote_Addr "207\.44\.238\.95"  isspamhost=yes
# Emirates Telecommunications Corporation
SetEnvIf Remote_Addr "195\.229\.241\.180"  isspamhost=yes
# Karel Sokol - KASO, CZ
SetEnvIf Remote_Addr "82\.113\.63\.92"  isspamhost=yes
# Eurociber, ES
SetEnvIf Remote_Addr "193\.127\.7\.58"  isspamhost=yes
# CHINANET Hubei province network
SetEnvIf Remote_Addr "221.232.159.112"  isspamhost=yes
# CNCGROUP Beijing province network
SetEnvIf Remote_Addr "221\.21[6-9]\.[0-9]+\.[0-9]+"  isspamhost=yes
SetEnvIf Remote_Addr "221\.22[0123]\.[0-9]+\.[0-9]+"  isspamhost=yes
# CHINANET-ZJ Hangzhou node network
SetEnvIf Remote_Addr "125.12[01]\.[0-9]+\.[0-9]+"  isspamhost=yes
# ChinaNetCenter Ltd.
SetEnvIf Remote_Addr "210\.192\.9[6-9]+\.[0-9]+"  isspamhost=yes
SetEnvIf Remote_Addr "210\.192\.1[01][0-9]\.[0-9]+"  isspamhost=yes
SetEnvIf Remote_Addr "210\.192\.12[0-7]\.[0-9]+"  isspamhost=yes
# Layered Technologies, Inc.
SetEnvIf Remote_Addr "72\.36\.134\.242"  isspamhost=yes
# CHINANET beijing province network
SetEnvIf Remote_Addr "219\.141\.12[89]\.[0-9]+"  isspamhost=yes
SetEnvIf Remote_Addr "219\.14[23]\.[0-9]+\.[0-9]+"  isspamhost=yes
# CNC Group CHINA169 Shandong Province Network
SetEnvIf Remote_Addr "124\.129\.108\.185"  isspamhost=yes
# ShenZhen Topway Video Communication Co. Ltd.
SetEnvIf Remote_Addr "222\.248\.[0-9]+\.[0-9]+"  isspamhost=yes
#  Keymachine.de komplett aussperren, reagiert nicht auf Beschwerden
SetEnvIf Remote_Addr "62\.141\.5[6-9]\.[0-9]+"  isspamhost=yes
SetEnvIf Remote_Addr "62\.141\.6[0123]\.[0-9]+"  isspamhost=yes
# keyweb/keymachine.de DE-KEYWEB-III
SetEnvIf Remote_Addr "87\.118\.9[6-9]\.[0-9]+"  isspamhost=yes
SetEnvIf Remote_Addr "87\.118\.1[01][0-9]\.[0-9]+"  isspamhost=yes
SetEnvIf Remote_Addr "87\.118\.12[1-7]+\.[0-9]+"  isspamhost=yes
#keyweb/keymachine.de  DE-KEYWEB-II
SetEnvIf Remote_Addr "84\.19\.17[6-9]\.[0-9]+"  isspamhost=yes
SetEnvIf Remote_Addr "84\.19\.18[0-9]\.[0-9]+"  isspamhost=yes
SetEnvIf Remote_Addr "84\.19\.19[01]\.[0-9]+"  isspamhost=yes
# CHINANET Guangdong province network
SetEnvIf Remote_Addr "59\.3[2-9]\.[0-9]+\.[0-9]+"  isspamhost=yes
SetEnvIf Remote_Addr "59\.4[0-2]\.[0-9]+\.[0-9]+"  isspamhost=yes
# Spam from ITBN - IT Broadband Network 8/F Taifu Building, 10 Yi Dewai Road Beijing, China
SetEnvIf Remote_Addr "202\.46\.22[4-9]\.[0-9]+"  isspamhost=yes
SetEnvIf Remote_Addr "202\.46\.23[0-9]\.[0-9]+"  isspamhost=yes
#  Spam from CNCGROUP-LN - CNCGROUP Liaoning province network
SetEnvIf Remote_Addr "60\.1[6-9]\.[0-9]+\.[0-9]+"  isspamhost=yes
SetEnvIf Remote_Addr "60\.2[0-3]\.[0-9]+\.[0-9]+"  isspamhost=yes
# Trackback-Spam from DO-CODE-LACNIC - Compa??a Dominicana de Tel?fonos, C. por A. - CODETEL
SetEnvIf Remote_Addr "200\.88\.114\.166"  isspamhost=yes
# Trackback SPAM from CMNET-henan - China Mobile Communications Corporation - henan
SetEnvIf Remote_Addr "211\.142\.116\.205"  isspamhost=yes
# Trackback-spam from TC Communications, LLC HTCC
SetEnvIf Remote_Addr "66\.153\.12[89]\.[0-9]+"  isspamhost=yes
SetEnvIf Remote_Addr "66\.153\.1[3-9][0-9]\.[0-9]+" isspamhost=yes
SetEnvIf Remote_Addr "66\.153\.2[0-9][0-9]\.[0-9]+"  isspamhost=yes
# trackback-spam from CMNET China Mobile Communications Corporation, 29, Jinrong Ave., Xicheng district, Beijing
SetEnvIf Remote_Addr "211\.13[6-9]\.[0-9]+\.[0-9]+"  isspamhost=yes
SetEnvIf Remote_Addr "211\.14[0-3]\.[0-9]+\.[0-9]+"  isspamhost=yes
# Spam from ISP "CARAVAN", Moscow, RU-CARAVAN-990216
SetEnvIf Remote_Addr "212\.24\.3[2-9]\.[0-9]+"  isspamhost=yes
SetEnvIf Remote_Addr "212\.24\.[45][0-9]\.[0-9]+"  isspamhost=yes
SetEnvIf Remote_Addr "212\.24\.6[0-3]\.[0-9]+"  isspamhost=yes
SetEnvIf Remote_Addr "212\.23\.13[01]\.[0-9]+"  isspamhost=yes
SetEnvIf Remote_Addr "212\.23\.136\.20[0-7]"  isspamhost=yes
SetEnvIf Remote_Addr "212\.23\.151\.[0-9]+"  isspamhost=yes
# Spam from  Makati, 12/F Valero Telepark
SetEnvIf Remote_Addr "222\.127\.228\.[0-9]+"  isspamhost=yes
# Spam from Heilongjiang Telecom Corporation
SetEnvIf Remote_Addr "222.17[01]\.[0-9]+\.[0-9]+"  isspamhost=yes
SetEnvIf Remote_Addr "222.172\.[0-9][0-9]\.[0-9]+"  isspamhost=yes
SetEnvIf Remote_Addr "222.172\.1[01][0-9]\.[0-9]+"  isspamhost=yes
SetEnvIf Remote_Addr "222.172\.12[0-7]\.[0-9]+"  isspamhost=yes
# Spam from LG DACOM Corporation
SetEnvIf Remote_Addr "211.119.242.4[0-9]"  isspamhost=yes
# Spam from TurkTelekom, Turk Telekom 06103 ANKARA
SetEnvIf Remote_Addr "85\.105\.20[89]\.[0-9]+"  isspamhost=yes
SetEnvIf Remote_Addr "85\.105\.2[12][0-9]\.[0-9]+"  isspamhost=yes
# Spam from Net AE-DU-20060815, Emirates Integrated Telecommunications Company PJSC (EITC-DU) 502666 Dubai
SetEnvIf Remote_Addr "91\.7[3-5]\.[0-9]+\.[0-9]+"  isspamhost=yes



order deny,allow
deny from env=iseval
deny from env=isspamhost

Tags: