[thelist] Spambots IP restriction

Benjamin kalos at carolina.rr.com
Thu Oct 24 08:49:01 CDT 2002


(Note: Normally I would have trimmed this more but I wanted to respond to
points in both messages)

You would end up blocking legitimate visitors, and in the case of AOL users
that unfortunately kills a large percentage of the internet (they are
global now after all).  Blocking IP addresses or ranges can be affective
but only to an extent.  If you don't know anyone that uses AOL (just
continuing with them since the original example was using them) then it
would be pretty safe to block them.  The same thing holds true of .cn, .fr,
and .kr domains (China, France, and Korea) [other country tlds apply, my
list was not intended to be all inclusive].

You could parse through either the document referrer information, their
IP/domain name, or the "browser type" before you load any page (or just
your contact info page) and redirect on that to avoid any restarts.  Each
of these are easily spoofed however so use with a very large grain of
salt.  It would take roughly five to ten minutes to hack out a script that
could have access to a valid email list given it's URL that could pretty
much bypass conventional countermeasures.

cest la vie.

-ben

At 10:54 PM 10/23/2002 -0500, you wrote:
>Message: 27
>From: "Andrew Maynes" <andrew at humanbehaviour.co.uk>
>To: <thelist at lists.evolt.org>
>Subject: RE: [thelist] Spambots IP restriction
>Date: Wed, 23 Oct 2002 23:15:51 +0100
>Reply-To: thelist at lists.evolt.org
>
>I now seems to have worked out what is different with this method, but
>still not
>sure.  Presumably, only a spidert will try to get into the honey-pot
>dir.... but
>surely their ip's are changing all the time!  What if your site is getting 400
>Visits a day and your spider has used the ip address of an isp surely you
>end up
>blocking many legitimate visitors?  Or have i read this completely the wrong
>way?
>
>Is there a way to do this without having to change the httpd.conf file restart
>Apache?
>
>My host provider is sooo lame :(
>
>Andrew
>
>-----Original Message-----
>From: thelist-admin at lists.evolt.org
>[mailto:thelist-admin at lists.evolt.org]On Behalf Of David U.
>Sent: Wednesday, October 23, 2002 09:44
>To: thelist at lists.evolt.org
>Subject: Re: [thelist] Spambots IP restriction
>
>
>Andrew Maynes wrote:
> > I have just read the excellent article by Daniel Cody (djc) and
> > realised that banning one IP that belongs to a server such as aol
> > freeserve etc etc is a major flaw was there anything that went
> > furthewr after these end comments?
>
>There is no flaw in my view...
>
>When you block access you are taking the false positives along with the
>negatives.
>
>It's a choice you have to make, personally my comfort level is pretty high
>with regard to blocking others to improve my inbox.  Others are not.
>
>-davidu




More information about the thelist mailing list