<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Thu, Sep 19, 2013 at 5:24 PM, Eli Billauer <span dir="ltr"><<a href="mailto:eli@billauer.co.il" target="_blank">eli@billauer.co.il</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><u></u>
<div style="direction:ltr" bgcolor="#ffffff" text="#000000">
<p>Hi all,</p>
<p></p>
I'm running a little phpBB forum, which is being bomarded by attempts
to submit spam posts. I've solved the core problem already (i.e.
preventing the spamming itself and the flood of new users) down to
zero, but I've noticed a huge amount of attempts -- I'm at ~800,000
hits per month, and it's not getting any better.<br>
<br>
It's quite easy to tell a spammer's IP watching the HTTP logs, so it's
not a big deal to write a simple script and find the offending IPs, and
block the worst of them individually. In fact, I've already done that.<br>
<br>
But now I want revenge: I'd like to make the spammers' hosting
providers aware of their user activity. Is there any convention on how
to automatically track down who should be contacted for each and every
IP? Or maybe some database, where hosting providers are really looking?<br>
<br>
I expect some dozens of these every month. So an automated reporting
method should be possible.<br>
<br>
Thanks in advance,<br>
Eli<span class="HOEnZb"><font color="#888888"><br>
<br>
<p></p>
<p></p>
<pre cols="72">--
Web: <a href="http://www.billauer.co.il" target="_blank">http://www.billauer.co.il</a>
</pre>
</font></span></div>
<br>_______________________________________________<br>
Haifux mailing list<br>
<a href="mailto:Haifux@haifux.org">Haifux@haifux.org</a><br>
<a href="http://haifux.org/mailman/listinfo/haifux" target="_blank">http://haifux.org/mailman/listinfo/haifux</a><br>
<br></blockquote></div><br></div><div class="gmail_extra">As a wikipedia controller I used to do exactly that, but I had to do this manually. I would track each IP and find its owner by a combination of host, whois and traceroute. Then I would check out the owner, and decide (on a hunch, mostly) if this was a private machine connected by an ISP or a bad company’s machine. In the first case I would report the machine to the abuse address of the ISP, and in the second - to the police in that country (this was usually done by people who had more time than me - I just supplied them with the evidence).<br>
<br></div><div class="gmail_extra">Sadly, I do not remember any effect that these operations ever had. <br clear="all"></div><div class="gmail_extra"><br>-- <br>Orna Agmon Ben-Yehuda.<br><a href="http://ladypine.org">http://ladypine.org</a>
</div></div>