PDA

View Full Version : Using IP filtering to block spam, etc..



thirdroad
05-06-2007, 10:17 PM
Has anyone experimented with using IP filtering to block spam and access to domains? I say domains because the same IPs that are spamming me are hitting my contact forms (I am guessing here) to harvest my email address.

What I am seeing is about 90% of my spam and bogus hits on my forms are coming from NL (Netherlands), and another big hunk is coming from AU. So, I went into my site manager and set up some filters on everything; http, ftp, pop, smtp and other.

My question is; will blocking particular IPs (or IP ranges) using this method actually block the emails coming from those machines? I am assuming that it will block them from getting to my site, but will it block the emails?

WestHost - MCox
05-09-2007, 10:27 AM
Thirdroad,

IP filtering can be a very effective way of reducing spam on your account. However, this method is risky if you are unfamiliar with retrieving IP address information. It sounds like you've done your research and found where the IP addresses are coming from, so you should be good.

With the IP filtering method, you can select which protocols are blocked. Unchecking all of the boxes in the IP rule will completely block the IP or range of IPs from all protocols on your account.

thirdroad
05-09-2007, 01:45 PM
Thanks Mark!

I have been checking the spam properties for a few weeks now, making notes of the IPs, and checking the ranges at whois. Litterally about 90% is coming from ranges in the 80s; ex: 88.0.0.0. - 88.255.255.255. So on these, I just did the 88.* method and went form there. But... duh, I mistakenly thought the check boxes in the IP filter were to "dis"-allow, and so I wasn't seeing any difference. This morning I realized they are "allow," and made the adjustments to each range. So far, I haven't received any spam from those NL servers.

Too, as I had mentioned, they were submitting to my mailing list form several times a day, and they were all in the same ranges. I am assuming they were bots hitting me. They were the same IP ranges, so it blocked them as well.

For anyone thinking about doing this, like Mark said, it is risky if you don't do the research. You can block out not only people you don't want block, but you could feasably block your own self out if you aren't careful.

For example, a few weeks ago I had moved over to a new reseller account from my old account. In my awstats area I noticed a large number of hits from a certain ISP. I watched it for a couple of days. I was concerned it was a bot or something hammering me. Come to find out it was the system my local ISP uses just over the state line in Texas. duh...

Point being, be careful with the IP blocking. It seems to work great, but use it with caution and do your research first at whois or some thing similar.