spam traffic and registration and how to deal with it
Written by Eli Aschkenasy
Monday, 31 January 2011 14:02
I came across an interesting question on one of the forums I frequent. The question was: "Lately I've been getting a lot of users signing up with clearly inexplicable email addresses, most likely spam (yet, I'm using re-captcha together with alpharegistration), I just don't understand what they are gaining out of enrolling, there's no forum or blog to post their spam and I haven't had complaints yet from other genuine users. Any clue? What more can I use other than captcha?"
The phenomenon is actually wider spread than initially assumed. Going over my internal spam logs, DOS attempt logs and a bunch of other security logs, I discovered "malicious" intent on even the most insignificant and mundane services. What I started to implement to alleviate above problem was exactly what i suggested to the asker:
do you know where they are coming from? (either via ip on your host CP or maybe via google analytics) if it is from a specified region that you don't really serve, you can try blocking access by IP ranges...
unfortunately his answer was:
No, I don't know where they're coming from, I see from Google Analytics that some visit the website even if they couldn't possibly make any use of it (because targeted to only one country), but can't say if they are spammers.. Ho do I block by IP ranges?
The truth is, that if you really serve only a targeted audience that doesn't include all kinds of "suspicious" countries, i.e. you have 15 French customers and want to give them access to your ERP portal, you can easily block an entire range of addresses via your htacess filewhich will block all (most) Ethiopian IP adresses...
a good site where you can find specific IP ranges is http://www.find-ip-address.org/ip-country/