Black list for emails and IPs, problems with spammers

[MiP1]

Hello,

if I want to ban a few dozens of emails, should I create a separate filter for each of them? (the same question about IPs) Is there a way to simply paste a list like this:
*@domain1.com
*@domain2.com
*@domain3.com

I'm getting a lot of spammers (most likely not bots, but real people) from one a certain country. I have about 3 new registrations from this country almost every day, sometimes they post something in a language no one on my forum can even read, sometimes they only add links to their profiles, sometimes they do nothing. They use many different IPs, but almost all of the IPs can be traced back to this country. What would be the best way to prevent these registrations?

Moderation of all new posts doesn't seem to bother those people. And it adds a lot of work. I would rather like to prevent them to register.

Is it possible to ban this single country completely? At least temporary until they forget about my forum. Or maybe there are better solutions?

[-FP]

You can't ban a country in the ACP... but you could block a range of IPs in .htaccess if you use apache for instance. There are websites that list what are the ranges for a given country, I don't know how accurate that is though.

[Cyboman]

2 hours ago, -FP said:

I don't know how accurate that is though.

Unfortunately not very accurate....

On my former system I did it as follows:

1. login to your server as root!
2. alter the IP tables:

   iptables -A INPUT -s 37.1.207.0/24 -j DROP

   
   ^^this one was the former address with last section range
    
3. if you want to check your IP tables:

   iptables -L

    

 

This works until you reboot!

As described above, it locked the address + range (in russia in the example above), but I received complaints afterwards from other european member countries, that other users weren't able to login anymore...

 

IPs are not really accurate all the time...  

 

 

[MiP1]

Thanks for the answers!

But yes, the problem with the IPs is that the spammer use more than a dozen different 1st octets and it happened a few times that a regular member had an IP from the spammers ranges e.g. being on vacation or on a business trip in that region or the first octets of the IP range were used in a different country. Also if I ban an IP on the server, the user can't even read the forum anymore but I just want to not allow them to register. So I would like to ban the IP range on the server only in worst cases like I had a year ago - some crazy bots attacked my forum shutting down the server over and over again, so I banned their IPs on the server and it was fine.

Many of unwanted registrations use those one-minute-emails, so I've banned them and those spammers disappeared. But it was easy to do so with vbulletin - I could just paste a huge list into the blacklist field. Now I'm migrating to IPS and see that I need to add those domains one by one, which doesn't make much sense with a list of a few dozens domains. So I just hope, I'm missing something obvious and I can add lists to the filters, not just single entries?

[MADMAN32395]

1 hour ago, MiP1 said:

Many of unwanted registrations use those one-minute-emails, so I've banned them and those spammers disappeared.

I did the same with ips. Was easier for me to go into the database and add each *@disposable.tld and just used the same Unix timestamp for each since I could care less what time I did it lol.

[MiP1]

oh, yes, that's also a way to do it, but will you then get 100 filters in the Admin CP if you add 100 domains this way?

[MADMAN32395]

Yes

[Cyboman]

21 hours ago, MiP1 said:

Many of unwanted registrations use those one-minute-emails, so I've banned them and those spammers disappeared. But it was easy to do so with vbulletin - I could just paste a huge list into the blacklist field. Now I'm migrating to IPS and see that I need to add those domains one by one, which doesn't make much sense with a list of a few dozens domains.

Indeed! An import/export list for one-minute/temporary/disposal/spam/trash email domains would be highly appreciated!

I'm running more than one community, and, in my biggest community, there are already more than 800 temporary domains blacklisted or even more! And I can't migrate them to another community. That's very annoying as you waste days () with this process. Concerning this fact, the IPS implementation isn't really satisfying to customers, that are continuously attacked by spammers...

And with the IPS version 4.x I also experienced, that you can insert double entries now (trashmail.com & trashmail.com = twice)! That shouldn't be as the list will grow even more with duplicate entries.

My current workaround is to already ban top-level domains like *.pro, *.tv ... to at least spare me additional work for rising spam domains every day on new tld.