Can't block Senegal spammers using PHP script.

guanche

The spammers from African countries are a real horror on my websites. They are coming every day from different IP addresses, sending hundreds of instant messages per hour. I have set a limit for new users - 1 message in 2 minutes, but it doesn't help - they spent hours to send 30 messages per hour.

So, I decided to block access to my websites from several African countries. I use MaxMind free IP addresses database and php script. My login script starts with this:

include("includes/geo-ip.inc");
$gi = geoip_open("includes/GeoIP.dat",GEOIP_STANDARD);
$ipaddress = getenv ("REMOTE_ADDR");
$ipaddress = filter($ipaddress);

$countrycode = geoip_country_code_by_addr($gi, $ipaddress);
geoip_close($gi);


$blocked = array("SN","NG","GH","TG","CI");

if (in_array($countrycode, $blocked)) {

die;

}

In someway they bypass this part of script. For example, today I see a successful login from IP address 41.208.152.53.

I did make a test by changing my script:

$ipaddress = '41.208.152.53';
echo $countrycode;

So, the echo is SN

So, I don't understand how can they bypass this part of the script which checks country? IP address is written to the DB only in case of successful login. No other scripts are writing IP address to the database. So, they have to excecute this script and bypass the part which checks country.

Any ideas?

djjjozsi

they're using proxy servers to surf and make comments.

registration + cookie counter + ip filter -> email address + with url activation

and new registrant doesn't allowed to send comment in 30 minutes.

And there are several ways to check if your visitor is using proxy servers.

And use the $_SERVER array to get the remote address's IP

guanche

djjjozsi, thank you for your reply.

Yes, I know, very often their are using proxy servers, but in my described situation - not. To make it more clear, happends the following.

$ipaddress = '41.208.152.53';

$countrycode = detectcountry($ipaddress);

if ($countrycode == 'SN') die;

$result = mysql_query("UPDATE users 
SET country='$countrycode', $ipaddress='$ipaddress' 
WHERE id='$id'")or die('MySQL Error');

The inserted data in DB are:
country = SN
ipaddress = 41.208.152.53

As you can see, the inserted IP address is the same as difined in the beginning of the script.

So, they bypass in some way:

$countrycode = detectcountry($ipaddress);
if ($countrycode == 'SN') die;

In my script I am using:

if (in_array($countrycode, $blocked)) die;

but it doesn't make any difference. I was testing the script several times and it stops when detects a forbidden country.

The only way to block spammers is to use:

if ($ipaddress == '41.208.152.53') die;

Then they change IP address or log in using proxy servers.

I am getting crazy - I don't understand why this script doesn't stop them.

djjjozsi

i think you call this program with wrong paramters. If the users using your site in a bigger amount of connections, you're using file system based database, and too much access might cause access violation.

i've made here a little script to get country from ip, download from here,
and test in your server. Change this program to update or insert a test database with the ip's and its result based on your users.

http://phpcode.hu/geoip/geoip.rar

you have to install the db/table for the ip database, the SQL dump is in: geoips.sql.zip.

jjozsi

guanche

thank you.

djjjozsi

i'm waiting the results 🙂)