Does anyone have a list of Chinese Ips that can be banned?

I got a lot of gmail spammers also.. I never had those guys and now they seem to pup up every day.

I use a system of Captcha and questions like 1+1=, they still manage to get through.
And like I've said: mostly gmail, since they beat gmail and hotmail it's amazing how many accounts are being abused.

I still get a LOT of badguys using yahoo.com so its not just a gmail issue but then again I get a lot of .ru, .qawab, .info and sina. Beijboy uses sina email addresses as frequently as he does he does gmail, fyi. Many of the post in this thread act like the whole concept of "Asian Market" doesn't exist any maybe it doesn't if your are running a custom home entertainment site in St Joseph, MO but the reality is quite different. I have multiple sites that target the Asian Market so banning blocks of Asian IP address, Chinese or otherwise is not really an option. I still think that a dedicated effort by Jelsoft to find out how this particular group of badguys seem to be able to completely bypass the human verification process that doesn't see to work or is simply being hijacked by their robot code.

regards, mikesz

Tcrubuyggo
[email protected]
222.183.121.125
China
Jan 1, 1980

Thanks Wayne.

And that's why Gmail will remained blacklisted on our site, and every other site I operate.

Life was so much better with Compuserve in the early days - if not a tad expensive!

Free email is free email. I doubt Google does any checking on signups on their system or the emails that are sent out until someone complains about a particular account. Just not enough man-power in the world for that kind of moderation.

I have a GMail account and it gets about 1000 spam emails a day from Chinese accounts. One of the reasons I don't like the service.

Beijboy/girl et al

We've had the same as described in this thread.

Running 3.6.8. with True Type font etc etc etc... I did raise the point in another thread a while back that spammers are getting around True Type Font Captcha in Vb.

I delete the spammer just as soon as it appears, often within a few hours (our email notifications are often date stamped around 3am UK time).
Again, we just keep blacklisting the ISP (and its wildcard string).

We've had the whole range of Beijboy from 1-5 and other such like. Clearly, using the username vbulletingirl/boy he appears to like vb forums - we've had those too. Thankfully, the spammer only managed to post on one occasion - they seem to like placing advertising links spread across the forum. Ours was for some pc game. I am of the belief this is a wannabe spammer - probably contracted by some US spammer.

Yes, there is a pattern: the birthday remains the same (01 Jan 1980) as does the time zone: hong kong, singapore etc. In my experience the spambot registers, and then comes back a couple of days later to post the links.

I think the following link is the real Beijboy from a couple of years back, username: Beijboy - a student! Are we surprised? Perhaps someone could reply to him to be his friend!



The outcome of this is that Gmail along with the most frequently used ISPs have been blacklisted. Unfortunate, as we too see some user-traffic from China. But we can do without this. I simply put a notice below the email entry in the registration form (confirm email string) that users wishing to register using a gmail address should contact us first. A hassle, but much better than spam littering your forum.

On some other non-forum websites I operate, I am also seeing an increase in gmail spam. It's coming from China, Vietnam and South Korea. Google have still not addressed their security issues and spammers are getting hold of email accounts far too easily. Gmail has been banned on all my other sites.

Here is my own personal blacklist so far (could be a lot more if I hadn't recently set up some ISP blockings):

Username: lola1234
Email: [email protected]
IP: 82.128.8.78
Join Date: January 10th, 2008
Birthday: Unspecified
Timezone: (GMT -8:00) Pacific Time (US & Canada)
Receive Admin Emails: Yes

Username: eaterrell37204
Email: [email protected]
IP: 89.111.164.162
Join Date: March 27th, 2008
Birthday: April 18th, 1973
Timezone: (GMT) Western Europe Time, London, Lisbon, Casablanca
Receive Admin Emails: No

Username: michael001
Email: [email protected]
IP: 72.3.137.82
Join Date: April 16th, 2008
Birthday: Unspecified
Receive Admin Emails: Yes

Username: banthony551
Email: [email protected]
IP: 195.209.36.65
Join Date: April 20th, 2008
Birthday: April 18th, 1973
Timezone: (GMT) Western Europe Time, London, Lisbon, Casablanca
Receive Admin Emails: No

Username: Jessie
Email: [email protected]
IP: 128.241.105.0
Join Date: May 2nd, 2008
Birthday: Unspecified
Timezone: (GMT -8:00) Pacific Time (US & Canada)
Receive Admin Emails: No
Notes: Spammed across PMs about a Buddhism portal site

Username: kwhurley160
Email: [email protected]
IP: 89.111.165.167
Join Date: May 5th, 2008
Birthday: April 18th, 1973
Timezone: (GMT) Western Europe Time, London, Lisbon, Casablanca
Receive Admin Emails: No

Username: KaiyureBoy
Email: [email protected]
IP: 121.234.237.74
Join Date: May 17th, 2008
Birthday: January 1, 1980
Timezone: (GMT +8:00) Beijing, Perth, Singapore, Hong Kong
Receive Admin Emails: No

Username: beijmanli
Email: [email protected]
IP: 58.17.147.112
Join Date: May 20th, 2008
Birthday: January 1, 1980
Timezone: (GMT +8:00) Beijing, Perth, Singapore, Hong Kong
Receive Admin Emails: No

Username: klmn857
Email: [email protected]
IP: 59.173.226.84
Join Date: May 20th, 2008
Birthday: January 1, 1980
Timezone: (GMT +8:00) Beijing, Perth, Singapore, Hong Kong
Receive Admin Emails: No

Username: lovebeijgo
Email: [email protected]
IP: 222.183.122.18
Join Date: May 20th, 2008
Birthday: January 1, 1980
Timezone: (GMT +8:00) Beijing, Perth, Singapore, Hong Kong
Receive Admin Emails: No

Username: dreamath
Email: [email protected]
IP: 116.234.10.169
Join Date: May 20th, 2008
Birthday: January 1, 1980
Timezone: (GMT +8:00) Beijing, Perth, Singapore, Hong Kong
Receive Admin Emails: No

Username: goleveling
Email: [email protected]
IP: 61.191.23.238
Join Date: May 21st, 2008
Birthday: January 1, 1980
Timezone: (GMT +8:00) Beijing, Perth, Singapore, Hong Kong
Receive Admin Emails: No

Username: 080522jk
Email: [email protected]
IP: 218.240.13.108
Join Date: May 23, 2008
Birthday: January 1, 1980
Timezone: (GMT +8:00) Beijing, Perth, Singapore, Hong Kong
Receive Admin Emails: No

Username: kevin7901
Email: [email protected]
IP: 58.37.254.100
Join Date: May 25th, 2008
Birthday: January 1, 1980
Timezone: (GMT +8:00) Beijing, Perth, Singapore, Hong Kong
Receive Admin Emails: No

Username: lrdldu
Email: [email protected]
IP: 221.201.98.74
Join Date: May 25th, 2008
Birthday: January 1, 1980
Timezone: (GMT +8:00) Beijing, Perth, Singapore, Hong Kong
Receive Admin Emails: No

Username: joshnjob
Email: [email protected]
IP: 122.194.25.131
Join Date: May 25th, 2008
Birthday: January 1, 1980
Timezone: (GMT +8:00) Beijing, Perth, Singapore, Hong Kong
Receive Admin Emails: No

Username: loveumaryii
Email: [email protected]
IP: 222.183.121.201
Join Date: May 26th, 2008
Birthday: January 1, 1980
Timezone: (GMT +8:00) Beijing, Perth, Singapore, Hong Kong
Receive Admin Emails: No

Username: Isabella219
Email: [email protected]
IP: 222.92.140.249
Join Date: May 26th, 2008
Birthday: Unspecified
Timezone: (GMT -8:00) Pacific Time (US & Canada)
Receive Admin Emails: Yes
Notes: They used the Contact Administrator form, after they were banned. It was an admittance that what they would post if I unbanned them now, would have the same problem as before - "free iPods" are not what my community is about.

Username: KevinFlys
Email: [email protected]
IP: 220.178.42.42
Join Date: May 30th, 2008
Birthday: January 1, 1980
Timezone: (GMT +8:00) Beijing, Perth, Singapore, Hong Kong
Receive Admin Emails: No

Username: ultimatewarrior8888
Email: [email protected]
IP: 220.249.163.229
Join Date: June 2nd, 2008
Birthday: January 1, 1980
Timezone: (GMT +8:00) Beijing, Perth, Singapore, Hong Kong
Receive Admin Emails: No

Username: usagirl19735
Email: [email protected]
IP: 61.174.135.63
Join Date: June 2nd, 2008
Birthday: January 1, 1980
Timezone: (GMT +8:00) Beijing, Perth, Singapore, Hong Kong
Receive Admin Emails: No

Username: weiwei
Email: [email protected]
IP: 221.221.173.160
Join Date: June 2nd, 2008
Birthday: January 1, 1980
Timezone: (GMT +8:00) Beijing, Perth, Singapore, Hong Kong
Receive Admin Emails: No

Username: KaiyureGirl
Email: [email protected]
IP: 117.95.220.225
Join Date: June 7, 2008
Birthday: January 1, 1980
Timezone: (GMT +8:00) Beijing, Perth, Singapore, Hong Kong
Receive Admin Emails: No
Notes: Registered while I was in the middle of previewing this post.

Username: gprunescaper2
Email: [email protected]
IP: 218.106.154.107
Join Date: June 15, 2008
Birthday: January 1, 1980
Timezone: (GMT +8:00) Beijing, Perth, Singapore, Hong Kong
Receive Admin Emails: No

Some Chinese/Russian spammers are going to slip through the cracks I've left open, because I've limited some of the ISP blocking for a few of my legitimate users, and a minority of the spammers may fall within that range.

KaiyureGirl
[email protected]
222.187.239.10

New bot

95% of the spammer usernames/emails that people here have mentioned so far, I too have come across. I noticed in late May that the birth date was the most common factor, but I have a feeling that the more we talk about it, or the sooner we come up with an automated solution based on the birth date...

the sooner the spambots will either stop using that birthdate, or start using random birth dates. We should assume the worst - that we can't count on this birth date red flag, for forever.

Nearly every time a new spambot (or a revisit of an old spambot) appears on my site, I've manually ISP blocked it, which involves a WHOIS to find the complete IP range.

I have to be very careful when I do this, because although my site is English language, it attracts legitimate users from all over the world - including a few from China. So every time I ISP block another Chinese range, I always check it against the very few legitimate Chinese members my site already has. This tactic will eventually stop another legitimate Chinese user from joining my site, but the spam is so out-of-hand right now, that I'm considering this to be a small price to pay. I don't feel comfortable with ISP blocking as a longterm solution though.

I'm probably going to introduce a subforum for New Member Introductions. When you confirm your email address for registration, you're shifted into a phase-one custom usergroup that can only post, in the manner of starting new thread(s) in New Member Introductions. Until you've done this, you can't start threads in any other subforums, or reply to any threads other than your own. After that, if you have at least one post, eventually you get auto-promoted, and can post/reply in any subforum. However, that promotion could come real quick, so to make sure it's always at least an hour, you introduce another intermediary custom usergroup, whose sole purpose is to exist one hour before the promotions CRON triggers again.

Once a spammer starts posting, they'll do it in waves. They aren't going to sit around and wait 1-2 hours until they can post in other subforums, and that's if they're not banned by then. What I like about the New Member Introductions idea, is that all of the spam will originate in one place, and you can safely appoint a legion of moderators solely for that board, with custom permissions so they can only move posts, and you have a trash/spam subforum that's not public, as evidence for a higher-up staff member to eventually issue a banning.

I can understand why some vB owners here would want to block their Member Lists, because a little-talked-about problem right now, is spam across Private Messages. Though I don't know how much good it does to block the Member List, because a smart spambot could build its own index of usernames, by brute forcing all of the User ID numbers. I'm thinking of reserving the Private Messaging privilege for users who have already posted at least 10 times, and same with being able to view the Member List or any individual User Profile. That ought to solve some problems.

Now, I'm not deeply knowledgeable about the repercussions with robots.txt, so for anyone who is more familiar with how it works, will spambots being able to access robots.txt, in any way foil any of my ideas here?

I had all kinds of spammers then I configured "Akismet" in admincp and it has captured all spammers ever since. It does all the work for you.


This is the best solution!


Try it!

This is most likely human... They reloaded the image verification three times. You're not even using recaptcha.

This is not a vB 3.7.x issue. I am running vB 3.6.10 and I've banned every username mentioned in this thread so far.

I just ran through my members list and deleted every suspicious username with a birthdate of Jan 1, 1980 and also did a quick scan of gmail.com, 21cn.com, and sina.com email addresses. I deleted about 30 members, all with 0 posts, who were either "User Awaiting Email Confirmation" or were approved but hadn't posted yet.

I've installed Prevent Spam and I've set it to flag any post that contains a URL. I also have new member moderation turned on so that I have to approve each new registration manually.

Between these two options I hope to stop a lot of this nonsense. This has only become a problem in the last week or two.

I have a guest lurking around trying the permissions pretty hard. they have yet to try and register. Their ip is 150.70.84.41 shows it's origin is Japan.

i enable only picture verification

and also the same

there r many of them in my forum

and i dont know how to do?