Mailing List Archive: IPv4 broken beyond repair

IPv4 broken beyond repair

thelma at sys-concept

May 20, 2021, 10:20 AM

Post #1 of 6 (388 views)

It seems to me IPv4 is broken beyond repair.
I'm trying to block spammers but buy rewrite source IP (that is not checked) so it is impossible to block them.
Example below is from a single source:

189.142.216.209 - - [20/May/2021:09:49:29 -0600] "GET /contact_us.php HTTP/1.0" 200 25552
82.79.97.137 - - [20/May/2021:09:49:31 -0600] "GET /vvc_display.php?vvc= HTTP/1.0" 200 4149
202.138.252.59 - - [20/May/2021:09:49:33 -0600] "POST /contact_us.php?action=send HTTP/1.0" 302 13
91.235.177.140 - - [20/May/2021:09:49:35 -0600] "GET /contact_us.php?action=success HTTP/1.0" 200 24031
41.82.36.214 - - [20/May/2021:09:49:37 -0600] "GET /contact_us.php HTTP/1.0" 200 25725

Re: IPv4 broken beyond repair [ In reply to ]

gentoo at tastytea

May 20, 2021, 12:29 PM

Post #2 of 6 (388 views)

On 2021-05-20 11:20-0600 thelma@sys-concept.com wrote:

> It seems to me IPv4 is broken beyond repair.
> I'm trying to block spammers but buy rewrite source IP (that is not
> checked) so it is impossible to block them. Example below is from a
> single source:
>
> 189.142.216.209 - - [20/May/2021:09:49:29 -0600] "GET /contact_us.php
> HTTP/1.0" 200 25552 82.79.97.137 - - [20/May/2021:09:49:31 -0600]
> "GET /vvc_display.php?vvc= HTTP/1.0" 200 4149 202.138.252.59 - -
> [20/May/2021:09:49:33 -0600] "POST /contact_us.php?action=send
> HTTP/1.0" 302 13 91.235.177.140 - - [20/May/2021:09:49:35 -0600] "GET
> /contact_us.php?action=success HTTP/1.0" 200 24031 41.82.36.214 - -
> [20/May/2021:09:49:37 -0600] "GET /contact_us.php HTTP/1.0" 200 25725

As long as the website is find-able by search engines, it doesn't
matter if it is IPv4 or IPv6.
A good measure against non-targeted spam is a hidden input field with
the name “url”. If the bot put anything in that field, throw it out.
Simple math captchas (like “what is 2 + 3?”) work well too.
If the spam is targeted, you'll probably need a more advanced captcha
solution.

See also:
<https://nearcyan.com/you-probably-dont-need-recaptcha/>
<https://www.nfriedly.com/techblog/2009/11/how-to-build-a-spam-free-contact-forms-without-captchas/>

Kind regards, tastytea

--
Get my PGP key with `gpg --locate-keys tastytea@tastytea.de` or at
<https://tastytea.de/tastytea.asc>.

Re: IPv4 broken beyond repair [ In reply to ]

thelma at sys-concept

May 20, 2021, 2:20 PM

Post #3 of 6 (388 views)

On 5/20/21 1:29 PM, tastytea wrote:
> On 2021-05-20 11:20-0600 thelma@sys-concept.com wrote:
>
>> It seems to me IPv4 is broken beyond repair.
>> I'm trying to block spammers but they rewrite the source IP (that is not
>> checked) so it is impossible to block them. Example below is from a
>> single source:
>>
>> 189.142.216.209 - - [20/May/2021:09:49:29 -0600] "GET /contact_us.php
>> HTTP/1.0" 200 25552 82.79.97.137 - - [20/May/2021:09:49:31 -0600]
>> "GET /vvc_display.php?vvc= HTTP/1.0" 200 4149 202.138.252.59 - -
>> [20/May/2021:09:49:33 -0600] "POST /contact_us.php?action=send
>> HTTP/1.0" 302 13 91.235.177.140 - - [20/May/2021:09:49:35 -0600] "GET
>> /contact_us.php?action=success HTTP/1.0" 200 24031 41.82.36.214 - -
>> [20/May/2021:09:49:37 -0600] "GET /contact_us.php HTTP/1.0" 200 25725
>
> As long as the website is find-able by search engines, it doesn't
> matter if it is IPv4 or IPv6.
> A good measure against non-targeted spam is a hidden input field with
> the name “url”. If the bot put anything in that field, throw it out.
> Simple math captchas (like “what is 2 + 3?”) work well too.
> If the spam is targeted, you'll probably need a more advanced captcha
> solution.
>
> See also:
> <https://nearcyan.com/you-probably-dont-need-recaptcha/>
> <https://www.nfriedly.com/techblog/2009/11/how-to-build-a-spam-free-contact-forms-without-captchas/>
>
> Kind regards, tastytea
>

Simple math captchas might work, but I have to find out how to implement it into current php e-mail form.

Re: IPv4 broken beyond repair [ In reply to ]

May 20, 2021, 2:28 PM

Post #4 of 6 (388 views)

On Thu, 2021-05-20 at 21:29 +0200, tastytea wrote:
>
> A good measure against non-targeted spam is a hidden input field with
> the name “url”. If the bot put anything in that field, throw it out.

And be sure to put a paragraph of (hidden) explanatory text above it so
that blind users with screen readers don't attempt to fill it in.

Another efficient trick is to change the "Submit" button to "Preview",
and have the real submit button visible only on the following page --
while they're looking at the preview. Most bots aren't smart enough to
follow the result of the first "click." For bonus annoyance, you can
add a "Cancel" button before the "Send" button; most bots just use the
first button on the form without regard for what it does.

Re: IPv4 broken beyond repair [ In reply to ]

May 20, 2021, 2:35 PM

Post #5 of 6 (388 views)

"thelma@sys-concept.com" <thelma@sys-concept.com>, 20.05.2021, 23:20:

> On 5/20/21 1:29 PM, tastytea wrote:
>> On 2021-05-20 11:20-0600 thelma@sys-concept.com wrote:

>>> It seems to me IPv4 is broken beyond repair.
>>> I'm trying to block spammers but they rewrite the source IP (that is not
>>> checked) so it is impossible to block them.

>> A good measure against non-targeted spam is a hidden input field with
>> the name “url”. If the bot put anything in that field, throw it out.
>> Simple math captchas (like “what is 2 + 3?”) work well too.
>> If the spam is targeted, you'll probably need a more advanced captcha
>> solution.

> Simple math captchas might work, but I have to find out how to implement it into current php e-mail form.

I have a feedback form collecting customer comments, where the customer
has to acknowledge that their data will be evaluated and published.
Motivated by the GDPR, so a meh effort on my part at best.

In the last twelve months _no_ form spambot has give me the permission
to publish their spam, so it goes straight to the great bit-composter
in my backyard.

Very satisfied :-)
s.

Re: IPv4 broken beyond repair [ In reply to ]

lists_gentoo at linuxkompis

May 20, 2021, 8:05 PM

Post #6 of 6 (388 views)

On May 20, 2021 11:20:27 PM GMT+02:00, thelma@sys-concept.com wrote:
>On 5/20/21 1:29 PM, tastytea wrote:
>> On 2021-05-20 11:20-0600 thelma@sys-concept.com wrote:
>>
>>> It seems to me IPv4 is broken beyond repair.
>>> I'm trying to block spammers but they rewrite the source IP (that is not
>>> checked) so it is impossible to block them. Example below is from a
>>> single source:
>>>
>>> 189.142.216.209 - - [20/May/2021:09:49:29 -0600] "GET /contact_us.php
>>> HTTP/1.0" 200 25552 82.79.97.137 - - [20/May/2021:09:49:31 -0600]
>>> "GET /vvc_display.php?vvc= HTTP/1.0" 200 4149 202.138.252.59 - -
>>> [20/May/2021:09:49:33 -0600] "POST /contact_us.php?action=send
>>> HTTP/1.0" 302 13 91.235.177.140 - - [20/May/2021:09:49:35 -0600] "GET
>>> /contact_us.php?action=success HTTP/1.0" 200 24031 41.82.36.214 - -
>>> [20/May/2021:09:49:37 -0600] "GET /contact_us.php HTTP/1.0" 200 25725
>>
>> As long as the website is find-able by search engines, it doesn't
>> matter if it is IPv4 or IPv6.
>> A good measure against non-targeted spam is a hidden input field with
>> the name “url”. If the bot put anything in that field, throw it out.
>> Simple math captchas (like “what is 2 + 3?”) work well too.
>> If the spam is targeted, you'll probably need a more advanced captcha
>> solution.
>>
>> See also:
>> <https://nearcyan.com/you-probably-dont-need-recaptcha/>
>> <https://www.nfriedly.com/techblog/2009/11/how-to-build-a-spam-free-contact-forms-without-captchas/>
>>
>> Kind regards, tastytea
>>
>
>Simple math captchas might work, but I have to find out how to implement it into current php e-mail form.
>

I use Antispam Bee[1] for my contact form on my WordPress website. It works very well without any annoying capcha or anything. You could have a look at how they do it.

1. https://antispambee.pluginkollektiv.org/documentation/

--
Hund