Are You Wishing For Spam Free Secure Hosting
Do you wish you could host your WordPress blog (self-hosted) where spam wasn’t a problem, where hackers couldn’t damage your site, where your host took effective steps to keep spammers and hackers away from your blog?
Are you fed-up with all the spam and hacker attacks from China, the former Soviet states and other notorious regions, the sharply rising level of cyber-attacks from the middle east and northern Africa?
Are all the hacking attacks and login attacks from hacked web sites and bad-host web-servers giving you grey hairs?
Web Server Traffic Should be Banned
Opinions will differ about putting a ban on web server traffic. There are those who want their blogs and websites free from malicious activity, safe and secure for genuine valuable visitors. Then there are those who think there should be no restrictions on web traffic and activity (some even think spam is not bad).
Let’s clarify the web traffic we’re talking about. We’re not talking of banning referer traffic i.e. traffic from good back-links from websites resulting in genuine visitors.
A Bunch of Spam Registrations
I’m getting a lot of spam registrations for a WordPress site. Interesting thing is; I’ve only allowed user registrations for about 5 days, but have had subscribe to new posts forms all over the site for ages.
A normal person would think anyone wanting to subscribe to post/page updates would use one of the convenient subscription forms. But no, it seems they want to register accounts 🙂
The other interesting thing is, the only links to the registration/login forms are from a very small forum section, literally less than a handful of pages. So how are these users finding the form?
Spam Comments Even When Comments Off
Spambots are able to bypass WordPress.com comment settings for individual posts and pages, and submit comments even when comments are off for the page. That’s what it looks like, on first impression anyway.
The spam looks like it’s a comment submission, the spammers name, and of course the outgoing link fields are filled in. The content is typical spam rubbish. These spam submissions certainly look like the spammer has bypassed the comment settings, and submitted a comment using wp-comments-post.php.
Looking closer, we see most of the time these spam comments are actually posted using WordPress trackbacks (pings).
Roubaix Ovh Systems – Most Dangerous Host?
Is Roubaix Ovh Systems, a hosting and Internet Service Provider in France, one of the most dangerous ISPs and hosts in the world? We could be justified in thinking so. At least out of ISPs and hosting companies in the Western economic zone, outside of former Soviet Union states.
When you see a spambot active on your site, a hacking attempt, or a trackback spammer, there’s a pretty good chance it’s coming from an IP registered to Roubaix Ovh Systems, or another Ovh Systems IP.
Roubaix Ovh Systems Banned on Sight
We (Graphicline Web & Technology) have seen so much bad activity from IPs traced back to Roubaix Ovh Systems we now ban all their IPs as soon as I find them. Activity from all other OVH Systems networks are watched carefully
Just when I thought I’d seen it all, I get some really weird spam e-mail from a webform response. Every possible field filed in with a website URL, or nonsense text. And there are lot’s of fields. Stranger still, the mail form responds to a promotion that ended in October last 2011…
Banning the Bad Hosts
I’m a no-compromise banner. It doesn’t take much effort to get an IP banned from my websites. A single bad event will normally be enough to block access to my sites from an IP address. Several attempts from a range of IP’s with a common service provider will get the entire IP range banned, the hostname or domain banned.
Currently there are about 700 entries in the banned list – representing millions of IPs, and the list gets longer daily. I cannot recall a day this year when at least one new bad IP was not added to the list.
Sharing the Bad IP Info
Mostly these IP’s were simply denied access, and no record was kept about the reason for the ban. At one time I started keeping a record, then lost interest and lacked time to continue. So I decided to start again, this time publishing the info where I can get to it, and other bloggers can also find the details. So now it’s published as a page on this blog…
MWEB IPs used by Spammers and Hackers
Checking an IP record for 188.8.131.52 after noticing a minor offence this morning – the ubiquitous and quite stupid practice of adding “/undefined” to the end of actual URLs – brought up a list of IPs in the neighbourhood. All the IP’s included below belong to MWEB. (whois.domaintools.com IP lookup records.)
MWEB, a South African Internet Service Provider, has previously had IP’s under their control listed in several databases as a source of spam e-mails. According to Project Honeypot a range of IP’s managed by MWEB is (or was) used by Spammers and Dictionary Attackers.