EvilZone
Hacking and Security => Hacking and Security => : prowler421 August 29, 2015, 03:30:11 AM
-
Assuming i have a website where i can block users by their ip. Some of the users use TOR in order to flood the website with inappropriate content. They change the ip from time to time using softwares and proxies.
What are the best and most effective ways to block such users, or at least make them difficult time in an attempt to access the website and write comments?
-
If spamming comments is your problem, i can only think of afew things.
First, maybe require a login or something to comment hence you block by user and they have to go register again, blah, blah[not a good solution]
Second, turn off comments after X number of days.
Value commenters by first comment and if abused, mark them.
-
Assuming i have a website where i can block users by their ip. Some of the users use TOR in order to flood the website with inappropriate content. They change the ip from time to time using softwares and proxies.
What are the best and most effective ways to block such users, or at least make them difficult time in an attempt to access the website and write comments?
Implement a captcha into the commenting system. This won't block users, although it will slow down automated spaming attacks. Then if you do what kenjoe said and also make it logon only and implement the captcha to register, they will probably not want to keep registering to do it. Not a sure shot way honestly. If someone wants to spam they are going to spam. Although, this will probably help the best IMO.
-
If it's a blog, like Wordpress, then Akismet is the only way to go.
-
If spamming comments is your problem, i can only think of afew things.
First, maybe require a login or something to comment hence you block by user and they have to go register again, blah, blah[not a good solution]
Second, turn off comments after X number of days.
Value commenters by first comment and if abused, mark them.
Implement a captcha into the commenting system. This won't block users, although it will slow down automated spaming attacks. Then if you do what kenjoe said and also make it logon only and implement the captcha to register, they will probably not want to keep registering to do it. Not a sure shot way honestly. If someone wants to spam they are going to spam. Although, this will probably help the best IMO.
If it's a blog, like Wordpress, then Akismet is the only way to go.
I thought about something - i can make any new user to insert an authentic mail address - this could work like thatt:
The system checking the email -> the email found in the database and doesn't linked to the block list -> system approves.
The system checking the email -> the email found in the database and linked to the block list -> the system doesn't approve.
The system checking the email -> the email wasn't found -> the system sends a mail to the address with a request to approve by the user.
-
You'd have to block all the throw-away-email services like Guerrilla Mail (https://www.guerrillamail.com/), and there are tons of them out there...
I'd also suggest to go at least for a CAPTCHA system, as it makes flooding spam way harder.
-
Have htaccess rules to deny entry from particular ips. If you're being botted, set up a vpn and country blacklist, add in a captcha.
-
You can use cookies and fingerprint js to identificate account created from same machines and made some auto-rules to detect and block them. That's good for some spammers creating many accounts.
Shared Ips works in some countries and detect if requests comes from a proxy it's always good to know.