Creative web design & development

Make some web!

Tired of junk messages in your forum and receiving spam emails?

If you run a website, either a simple blog or a larger online shop, you surely have been confronted to the issue of spamming

 

It is so irritating to have one's email box flooded by spam emails at the beginning of the day, or to discover the support forum (like the one on Klixo) has been once again polluted with junk links to porn sites or other dodgy online stores.
There is no miracle solution to this, still there are a few counter attack measures you can use to fight these troublemakers.

Install a honeypot on your site!

honeypot and Teddy bear

Ok, now the guy is talking about honey? Sounds delicious... But weren't we supposed to discuss spam fitghting techniques here? Miam.. Yes, right but I love honey and just had my breakfast, sorry about that.

No just kidding! A honeypot is actually a trap for spammers.

How does a honeypot work?

It works by inserting hidden links inside the code of the pages that no regular users will see (unless they look at the source code), but spam and roguebots will explore when they scan through the pages.

When a malbot visit one of these links, it will be sent to a trap (a honeypot) and its ip address will be blacklisted from the site.

You can of course write your own custom code to perform this, but I recommend to subscribe to Projecthoneypot.org a free service that provides tools to install efficient honey pots on web sites.

I will detail on a next article how to install a honeypot on your Joomla site.

More reading about honeypots on Wikipedia

 

Manual blacklisting of IP addresses

blacklist

As I wrote at the beginning of this article, there is no miracle 100% trouble free solution to fight spams, malware bots and hackers.

In addition to the honeypots, I systematically ban ips that post junk messages in the forum or send spam messages using the contact form of the site.

Anti Forum spamming

The kunena forum component used on Klixo site has a built-in functionality that will record the IP used for each post written on the forum, so that administrators can check the IP used: ip screenshot Actual data is blurred here, but it's visible in reality!

 

Recording sender's IP when a form is submitted

Spammers often use contact forms available on websites to send their junk mails. It had become such a plague, that I would sometimes receive a batch of 10 or more mails in one go. Not only it's a waste of time but one could also miss important messages lost in the middle of spams. To protect against this, I wrote a small utility plugin that automatically adds the sender's IP to the content of the message. When we receive spam messages sent through the contact form, we can block the IPs used by the spammers.
The Klixo IP form plugin for Joomla 2.5 and 3.x is available as a free download:

 

 

Now you detemined that some robot or maybe a degenerated low IQ human being is using IP address 123.123.123.123 (this is just an example of course) to post junk messages on your forum or send you spam emails. How to effectively block it?

 

Using .htaccess to block Ips.

If you use an Apache server the .htaccess file becomes very handy. This file located at the root of your site gives you a lot of control on the server. So much control that you can even crash your site and generates a dreadful ERROR 500 INTERNAL SERVER ERROR, if  misconfigured.

We won't go into all the details here, since it would require an entire book, but let's focus on the basics.

Among others, the .htaccess file tells the server who is authorized to access and who should be kicked out.

This is defined using the directive:

Order Deny,Allow

Implicitely everybody is allowed to access, but you can still add the directive:

allow from all

To block the IP 123.123.123.123  we simply add the line:
Deny from 123.123.123.123

Now the computer using IP 123.123.123.123 won't have access anymore to the server.

Good? Maybe. But not good enough! Because these spam people are creative and will regularly change the IPs of their spam severs to keep wasting your time. Luckily for us,  when an identified spammer changes its IP, it will usually stay in the same IP range.

If the spammer was previously using 123.123.123.123 and this IP is now blocked, it will probably pick another IP in the same range like

123.123.123.128 for instance.

What we are going to do, is to block all the 256 IPs ranging from 123.123.123.0 to 123.123.123.255
Am I going to ask you to write 256 deny statements? Yes you could do that, it would work, but there is a much more efficient syntax to use:

Deny from 123.123.123.0/24

The complete code will be:

Order Deny,Allow
allow from all
Deny from 123.123.123.0/24

These directives will deny access to all IPs ranging from 123.123.123.0 to 123.123.123.255. No more spambot using these IP will access anymore... Until a new spambot comes around or that the previous one starts using another IP range...
Unfortunately, this can also block innocent users from accessing your site. Therefore it's important to check the country of origin of a spammer IP before blocking an entire range.

 

Radical solution?

no entry sign

If spamming on your site becomes a big issue, maybe it's time to strike even stronger. As you may also have noticed, most spam is coming from Chinese IPs. This is sad but a true reality. Now, it's time to ask yourself:
- "Do I gain something if my site is accessible from China?"

Let's consider the situation of a small community site, like a local sport club. They have an online forum used to publish upcoming events and discuss between members. But the same forum is regularly targeted by spambots and flooded with junk messages.

In addition the spammers also use the contact forms available on the site to send junk emails.
Does this site really need to be accessible from China? Is it relevant to them? Not really.

If you are in this case, you can consider to block the entire traffic coming from China (or another country). The list of IPs to block is going to be very long but the principle is exactly the same as the one described above.

There are several sites like incredibill.me that provide online tools to generate the lists of IPs to block for an entire country.

This is one true radical solution. Before using it you must know that this will also block access to your site for all legitimate users from the country you blacklisted.
Another drawback is that you are likely to cut a significant amount of page hits on your site, and therefore reduce its page ranking, popularity and possibly source of income if you use advertising banners.