mrchetsteadman Posted July 27, 2014 Share Posted July 27, 2014 I have gotten over 1100 spam emails from China in the last 3 hours. I've tried to block the IP addresses but there are too many. How do I STOP China from sending spam emails to my website? Link to comment Share on other sites More sharing options...
+BudMan MVC Posted July 27, 2014 MVC Share Posted July 27, 2014 Going to need a bit more info here, do you run your own email server. What server? What is the domain they are sending too, are they sending to 1 email address? Can we see the headers of these emails, you say sending to your website - when you don't send mail to a website. You send email to an email server, for a specific address that that server accepts mail for, etc. More than happy to help you - but we have nothing to work with here. goretsky 1 Share Link to comment Share on other sites More sharing options...
mrchetsteadman Posted July 27, 2014 Author Share Posted July 27, 2014 Going to need a bit more info here, do you run your own email server. What server? What is the domain they are sending too, are they sending to 1 email address? Can we see the headers of these emails, you say sending to your website - when you don't send mail to a website. You send email to an email server, for a specific address that that server accepts mail for, etc. More than happy to help you - but we have nothing to work with here. And that is why we have intelligent individuals like yourself, to tell me what I'm missing lol. Now when you say my own email server, I'm guessing yes. My website is hosted by StableHost and yes they are sending to one specific email address. As far as the header of the email, where would I find that? Is this it? Received: from chriscob by ssd10.stablehost.com with local (Exim 4.82) (envelope-from <chriscob@ssd10.stablehost.com>) id 1XBMnG-001O3h-G2 for info@coburnconsultgroup.com; Sun, 27 Jul 2014 07:39:10 -0400 To: info@coburnconsultgroup.com Subject: New inquiry from christian louboutin mistica 60 pumps X-PHP-Script: coburnconsultgroup.com/ajax.php for 120.37.237.21 From: 'christian louboutin mistica 60 pumps' <jjkui778hgtf*@gmail.com> Reply-To: 'christian louboutin mistica 60 pumps' <jjkui778hgtf*@gmail.com> Message-Id: <E1XBMnG-001O3h-G2@ssd10.stablehost.com> Date: Sun, 27 Jul 2014 07:39:10 -0400 Thanks for your help. Link to comment Share on other sites More sharing options...
Art_X Posted July 27, 2014 Share Posted July 27, 2014 depends on your email client/server and operating system Link to comment Share on other sites More sharing options...
+BudMan MVC Posted July 27, 2014 MVC Share Posted July 27, 2014 That for sure is not the full headers, unless it looks like they sent it from script on your site? IP that used your script inetnum: 120.32.0.0 - 120.39.255.255 netname: CHINANET-FJ descr: CHINANET FUJIAN PROVINCE NETWORK Why don't you just block them at your webserver so they can not access that script, you host should be able to help you with that. Could be something as simple as .htaccess to that ajax.php script your using to send the email on the contact section of your website I would assume. Looks like your running litespeed for your webserver. htaccess should be supported something along the lines of Order Deny,Allow Deny from 120.37.237.21 Should block them from your site. So does your hosting company give you access to firewall for your server/site - guessing its just a shared server not dedicated or yours only? you could use say deny from 120. to block anything starting with 120.. You can look up country Ips, here is one resource not sure on how accurate it is http://www.nirsoft.net/countryip/ goretsky and mrchetsteadman 2 Share Link to comment Share on other sites More sharing options...
Art_X Posted July 27, 2014 Share Posted July 27, 2014 expanding on what Budman said, this might help you http://www.parkansky.com/china.htm Link to comment Share on other sites More sharing options...
Night Prowler Posted July 27, 2014 Share Posted July 27, 2014 expanding on what Budman said, this might help you http://www.parkansky.com/china.htm Not sure how that is going to help him with mail spam Link to comment Share on other sites More sharing options...
Art_X Posted July 27, 2014 Share Posted July 27, 2014 add the ips to filter in his mail server Link to comment Share on other sites More sharing options...
+John Teacake MVC Posted July 27, 2014 MVC Share Posted July 27, 2014 I know it sounds daft but just file an abuse report with their ISP? Should have the details on the WHOIS. Report it to the FBI? http://www.fbi.gov/report-threats-and-crime Link to comment Share on other sites More sharing options...
n_K Posted July 27, 2014 Share Posted July 27, 2014 The first thing I do on all my VMs is use iptables to block all chinese and russian IPs... Obviously not all are covered by the online lists, but it covers a lot and you can just add subnets of any that get around it. Do that and watch as you stop getting spam. Link to comment Share on other sites More sharing options...
+BudMan MVC Posted July 27, 2014 MVC Share Posted July 27, 2014 There is not really a mail server involved here, this traffic from the headers is not being sent via smtp.. They seem to be accessing a script that sends the mail to him. So yeah the ArtistX stuff should help - looks to be info an crafting htaccess files to block netblocks. Exactly what the OP should be looking to do to prevent unwanted countries from access his contact me script. Which is what this looks to be using to send the mail X-PHP-Script: coburnconsultgroup.com/ajax.php for 120.37.237.21 mrchetsteadman 1 Share Link to comment Share on other sites More sharing options...
TAZMINATOR Posted July 27, 2014 Share Posted July 27, 2014 (edited) If you have webmail or form on your web pages, you can add the filters as other said that you can block IPs so they can not access or email. Or you can add captcha to the form or webmail login. You can do both if you want. Edited July 27, 2014 by Walid W. Edited wemail to webmail Link to comment Share on other sites More sharing options...
Dick Montage Posted July 27, 2014 Share Posted July 27, 2014 As Budman said, they are using a PHP script on your site to email you. Look at: 1) Catcha 2) Time delays between multiple emails from ip addresses 3) On the script, check that it only receives input from your site There are more but these are 3 easy ones. TAZMINATOR and mrchetsteadman 2 Share Link to comment Share on other sites More sharing options...
MikeChipshop Member Posted July 27, 2014 Member Share Posted July 27, 2014 Get a honeypot set up on your site. They've discovered a form they can easily manipulate and they are. It's an automated bot. Link to comment Share on other sites More sharing options...
Hussam Al-tayeb Posted July 27, 2014 Share Posted July 27, 2014 You may also want to take a look at cloudflare. It blocks a lot of a web based attacks. It obfuscates email addresses on websites so they don't show for bots. The amount of spammers getting to your 'email forms' or 'contact me' forms will be much less. What happened in your case is a bot crawled your website. It saw the email address and the contact form. Add a captcha to the contact form. Link to comment Share on other sites More sharing options...
mrchetsteadman Posted July 27, 2014 Author Share Posted July 27, 2014 Been sleeping since I posted this, thanks guys for all the responses. I tried the .htaccess but it didn't seem to work. I've tried blocking the ips and again, no dice. I'm going to apply this advice and see what results I get. Again, I appreciate all the help, you guys are better than Google, no jokes. goretsky 1 Share Link to comment Share on other sites More sharing options...
farmeunit Posted July 27, 2014 Share Posted July 27, 2014 We block whole countries using .htaccess or our site, and also Honeypot modules as well. It's stopped all spam so far that I've seen. Here is a generator: http://www.ip2location.com/blockvisitorsbycountry.aspx If you're blocking one IP at a time, you might as well give up. They'll use proxies to get around that. If you don't need people outside the US to see your site, I would block most countries. That's how we did it. If you need people outside the US to see it, then be more selective, but block that one countries range at least. goretsky 1 Share Link to comment Share on other sites More sharing options...
+BudMan MVC Posted July 27, 2014 MVC Share Posted July 27, 2014 As to why its not working - that was not the whole code I posted, just a piece that would set deny first then allow and the IP to block that you listed. You would have to incorporate that into your existing .htacess file? If you are using them? I show your site using litespeed which I do believe uses htaccess but there might be some changes to the syntax? I have not worked with that httpd before so not sure. Where did you place the .htacess file, are they enabled in litespeed by default? Your going to have to ask someone that has direct experience with using litespeed - sorry. Link to comment Share on other sites More sharing options...
Night Prowler Posted July 29, 2014 Share Posted July 29, 2014 I'm not sure what is happening, as it appears China is hitting my site for a lot of bandwidth usage. Note: Everything was fine 2 months ago, just before switching to Invision Power board. Pages Hits Bandwidth United States - us 18,273 51,083 5.34 GB China - cn 3,782 10,258 191.03 GB AWstas is showing the below bandwidth usage being attributed to ONE .zip file being downloaded. Note: Before switching to Invision Power Board (in May) China used less than 3GB of bandwidth for the same file. Hits 206 Hits Bandwidth Average size 3,049 157 201.22GB 64.27 I log my downloads in stats on the website and is only shows 265 downloads for this file from users on the website. The file is located in the /data/files/ folder in the root of my website I have my .htaccess file located in the /data/files/ folder. # File: $Id$ # ---------------------------------------------------------------------- # Purpose of file: block any hot linking of .zip or .exe or .msi files # stored under the /data/files/ directory # ---------------------------------------------------------------------- RewriteEngine on RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?mysite.com [NC] RewriteRule \.(zip|exe|msi)$ http://www.mysite.com [NC,R,L] Is there something I'm doing wrong? Link to comment Share on other sites More sharing options...
Krome Posted July 29, 2014 Share Posted July 29, 2014 I never knew Honeypot was for Apache... they have the script to work with Apache server now? I have not run Apache server for a couple years now... Link to comment Share on other sites More sharing options...
Hum Posted July 29, 2014 Share Posted July 29, 2014 I have gotten over 1100 spam emails from China in the last 3 hours. I've tried to block the IP addresses but there are too many. How do I STOP China from sending spam emails to my website? Launch your nukes. Link to comment Share on other sites More sharing options...
Steven P. Administrators Posted July 29, 2014 Administrators Share Posted July 29, 2014 We use HoneyPot/StopForumSpam too, it's very good but can't stop everything. It does save our mods a bunch of headaches though. Link to comment Share on other sites More sharing options...
Recommended Posts