Home

Stats

Wiki

Blogs

File Galleries

Last blog posts

1)	VoIP, telephony: Doorbell 2.0 Fri 11 of Dec, 2009 [03:11 UTC]
2)	VoIP, telephony: Unlimited incoming trunks... Fri 11 of Dec, 2009 [02:50 UTC]
3)	VoIP, telephony: Howto: recognizing one of many phone numbers and routing Fri 11 of Dec, 2009 [00:40 UTC]
4)	Network Security: denyhosts -- almost best thing since sliced bread Thu 19 of Nov, 2009 [07:25 UTC]
5)	Networking: Networking Asterisk with multiple uplinks Thu 19 of Nov, 2009 [07:19 UTC]
6)	Programming: Oracle 10g Express Edition vs. 64 bit client drivers Thu 19 of Nov, 2009 [06:45 UTC]
7)	Programming: C++ programming with Ubuntu 9.10 and Boost 1.40 Thu 19 of Nov, 2009 [06:35 UTC]
8)	Network Security: Using Pion for network security Mon 20 of Jul, 2009 [08:07 UTC]
9)	Network Security: Russian (caravan.ru) link spammers Mon 03 of Sep, 2007 [16:11 UTC]
10)	Network Security: SPAM on the rise... Sun 15 of Oct, 2006 [16:00 UTC]

Last changes

1)	HomePage
2)	VoIP Success Story
3)	Programming Language
4)	Floyd
5)	RoadWarrior
6)	lookupd
7)	Projects
8)	Software Engineering
9)	Etheric
10)	Code Reviews

Viewing blog post - Network Security

Return to blog

Russian (caravan.ru) link spammers

posted by TaneliOtala on Mon 03 of Sep, 2007 [16:11 UTC]

Tiki link spammers

So tired... seriously, first email spam (BTW, how about a presidential candidate that has capital punishment for spammers?) and now trackback link spammers.

There is this russian network, caravan.ru, that is relentlessly pounding on my dozen or so tikiwiki sites, adding a trackback link spam every few second.

Here is what it looks like in your logs:

217.23.147.210 - - 03/Sep/2007:08:53:10 -0700 "POST /tiki-view_blog_post.php/1/1 HTTP/1.1" 200 - "-" "WordPress/1.9"
212.24.48.34 - - 03/Sep/2007:08:53:16 -0700 "POST /tiki-view_blog_post.php/1/2 HTTP/1.1" 200 - "-" "WordPress/2.0"
217.23.143.226 - - 03/Sep/2007:08:53:31 -0700 "POST /tiki-view_blog_post.php/1/2 HTTP/1.1" 200 - "-" "WordPress/2.0"
217.23.133.242 - - 03/Sep/2007:08:53:39 -0700 "POST /tiki-view_blog_post.php/1/5 HTTP/1.1" 200 - "-" "WordPress/1.9"
217.23.151.130 - - 03/Sep/2007:08:53:45 -0700 "POST /tiki-view_blog_post.php/1/5 HTTP/1.1" 200 - "-" "WordPress/1.9"
217.23.143.224 - - 03/Sep/2007:08:53:50 -0700 "POST /tiki-view_blog_post.php/3/19 HTTP/1.1" 200 - "-" "WordPress/2.1.2"
217.23.132.114 - - 03/Sep/2007:08:53:54 -0700 "POST /tiki-view_blog_post.php/3/19 HTTP/1.1" 200 - "-" "WordPress/2.1.2"
212.24.48.31 - - 03/Sep/2007:08:53:58 -0700 "POST /tiki-view_blog_post.php/2/7 HTTP/1.1" 200 - "-" "WordPress/2.0"
217.23.143.26 - - 03/Sep/2007:08:54:02 -0700 "POST /tiki-view_blog_post.php/2/7 HTTP/1.1" 200 - "-" "WordPress/2.0"
212.24.48.52 - - 03/Sep/2007:08:54:04 -0700 "POST /tiki-view_blog_post.php/3/9 HTTP/1.1" 200 - "-" "WordPress/2.1.2"

Let's see, what are the options?

Disallow trackback links? There goes the idea of wiki...
Disallow user registrations? Where's the fun in that?
Require user registrations to be manually approved, and require registration before trackback links are allowed?
All of the above?

Well, let's just first plain block the caravan.ru network out:

iptables -A INPUT -s 212.24.48.170/24 -p tcp --dport www -j droplog
iptables -A INPUT -s 81.176.0.0/15 -p tcp --dport www -j droplog
iptables -A INPUT -s 62.213.64.0/18 -p tcp --dport www -j droplog
iptables -A INPUT -s 212.158.160.0/20 -p tcp --dport www -j droplog
iptables -A INPUT -s 217.23.128.0/19 -p tcp --dport www -j droplog
iptables -A INPUT -s 212.24.32.0/19 -p tcp --dport www -j droplog
iptables -A INPUT -s 85.255.118.92/24 -p tcp --dport www -j droplog
iptables -A INPUT -s 72.232.191.50 -p tcp --dport www -j droplog

Permalink (referenced by: 0 posts references: 0 posts)