« Nouns to Verbs | Main | DealExtreme Affiliate »

Saturday February 26, 2011

Fighting the Russians

For the last couple of months, I have been getting a couple of people a day signing up on my community bulletin board using Russian-sounding names and usually gmail addresses that don't match their usernames. Since the community served is a town nowhere close to Russia, these have to be some kind of spammers. Even though new users have to type in text from an image (Captcha), they can't actually post any messages until they are confirmed by me. And I won't confirm them until they tell me their real name and where they live. For a while, I would send an e-mail when someone signed up asking for this information, but after getting some obviously bogus signups, I just put in the instructions that people needed to e-mail me if they wanted to be authorized to post messages. None of the Russians has done that.


There are computer software "bots" that can read captchas, but lately they have farmed this work to actual people who set up the accounts (or just get fed the captchas and let a bot do everything else), so there is almost no way to stop this, though one way is to make people answer a simple question in English. I could even get specific by asking for their zip code since everyone here has the same one. Doing the question involves installing some additional software, so I'm not sure I'm ready to tackle that.

Another way is try to stop visitors by using their IP addresses, a 4-part number that identifies the network they are using to access the internet. The MyBB software lets me see the IP address of people who have signed up, then I can look these up online, and find out they are in Russia (sometimes the Ukraine). But a person's IP address can change. For instance, if I restart my modem, I generally wind up with a different IP address, though at least the first two or three parts of the four-part number are the same. I wanted to see if there was an easy way to ban all visitors from Russia. For web pages, a Russian site usually ends in .ru, but with IP addresses there isn't one particular number per country. I found a site that listed thousands and thousands of IP addresses for Russia, but that seemed overly complicated. In that list I noticed a lot of the addresses start with 91, so I did a ban on anyone with an IP address starting with 91.

This seemed to work, sort of. The next day instead of getting some Russian signups using gmail addresses, I had some using numerical e-mail addresses @fsq1.com. These came from all over including Brazil and China. So I set up a ban on anyone signing up from fsq1.com and also banned their IP addresses, using the first two numbers of the IP address.

The myBB control panel lets me see all of my IP address and e-mail bans and also tells me the last time they were used. 91 gets used every day, but so do a few of the others. I have 9 banned IP addresses.

Comments (1)

So far, so good. I haven't had any bogus signups the last few days, but the Russians keep trying every day (it only records the latest attempt, but it is usually not only today but in the last couple of hours, so they are trying a few times a day) from IP addresses starting with 91. One of the 91.x.x.x addresses turned out to be France. I don't want to block 91 if there are US IP addresses using that number, but none so far. The fsq1 e-mail addresses haven't tried anything lately.

Post a comment