Support

Admin Tools

#9980 No option to import spammer IP complete list.

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by nicholas on Thursday, 28 July 2011 16:00 CDT

Wednesday, 27 July 2011 02:09 CDT

user40848
Mandatory information about my setup:
nothing as such ;-)
Have I read the related troubleshooter articles above before posting (which pages?)? Yes
Have I searched the forum before posting? Yes
Have I read the documentation before posting (which pages?)? Yes
Joomla! version: 1.5.23
PHP version: (unknown)
MySQL version: (unknown)
Host: Hostgator, Baby
Admin Tools version: Latest one


Description of my issue:

Dear Sir,

Is there any option by which we can Import list like this?
http://spam-ip.com/spam-blacklist.php

It will block most of our Form attacks etc.

either we should have CSV import or something like that but problem is that, list is too big. So can we have some database like thing which GEO-IP method do. It releases monthly updates of 30 MB file we just have to put its DAT file in some folder and we are done.

You may take this as my suggestion.

I need it because of continuous attacks on my website. Everytime spammer IP is different and when I trace that IP, it is usually from blocked list.

Thanks in advance..

Wednesday, 27 July 2011 05:09 CDT

nicholas
It is possible, but not through Admin Tools itself. We teamed up with FreakedOut.de to provide this functionality through their awesome Content Uploader Pro software. These guys are experts in data import, so instead of me trying to reinvent the wheel, I thought it was better to let the experts provide the feature. For more information please take a look at this information page.

That said, there is an easier alternative to do IP-blocking of known spammers. Enable the Bad Behaviour integration in the Web Application Firewall configuration page and supply a Project HoneyPot HTTP:BL key (you can get one for free). Believe me, this has cut spam by 99% on every site I tried that. Not too shabby, eh? ;)

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 27 July 2011 05:16 CDT

user40848
But problem is that enabling bad behvior n honeypot block even my good customers many times. Strict mode is on NO, even then it blocks.So what should I exactly do now Sir?

Wednesday, 27 July 2011 05:19 CDT

nicholas
In this case, you have the following alternatives:

1. Use Content Uploader Professional (which requires spending some extra money, but is the easiest method)

2. Export the IP list to a CSV file, then use phpMyAdmin to import the CSV into the jos_admintools_ipblock table.

3. Wait for the next release (2.2) of Admin Tools. I am going to dissect Bad Behaviour and allow you to fine tune its behaviour so that it does not block legitimate visitors.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 27 July 2011 05:26 CDT

user40848
I am waiting for next release. Also in next release, rather than importing option you can also adopt method which is used by. Geoip and geocity softwares of joomla. They even contains information about all worlds ip addresses in just 30 mb file.whose access is also fast!

Wednesday, 27 July 2011 05:52 CDT

nicholas
I don't think I will ever be able to provide something like a GeoIP file. It's not my intention to compile a definitive list of spammer IP addresses and compile them to a binary file. That's simply too much to ask :) Besides, why reinvent the wheel when there is the frequently updated Project Honeypot's HTTP:BL?

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 27 July 2011 05:55 CDT

user40848
Okey then please just disect bad behavoir ion soon Sir. Last option For me.

Wednesday, 27 July 2011 08:40 CDT

nicholas
i just uploaded a new developer's release which separates the HTTP:BL feature from Bad Behaviour and fixes most false positives returned by Bad Behaviour. Feel free to download, install and use. It's very stable, as it is based on Admin Tools Professional 2.1.4 and doesn't have any other changes except those I just mentioned :)

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 27 July 2011 09:46 CDT

user40848
nicholas, you are like God for me type of guys. Thank you so much.

Wednesday, 27 July 2011 09:54 CDT

user40848
nicholas, you are like God for me type of guys. Thank you so much.

I am using following settings now:

Enable HTTP:BL filtering--->YES
Project Honeypot HTTP:BL Key---->My Key
Minimum Threat Rating to block (0-255, default 25): 175
Maximum age of accepted HTTP:BL results--->30
Also block suspicious IPs, not just confirmed spammers-->Yes

Bad Behaviour integration
Enable Bad Behaviour filter--> Yes
Strict Mode-->No
White list IPs (comma separated list)Auto-ban Repeat Offenders-->PayPal's IP
IP blocking of repeat offenders-->Yes
Never block these IPs
Email this address after an automatic IP ban
Block afterattacks, in 3 attackes
Block for this long for 15 days
Show this message to blocked IPs--->My message

Wednesday, 27 July 2011 12:14 CDT

nicholas
Thank you :)

A small note regarding your settings. The threat rating is a logarithmic scale. Putting that to 175 will block almost nobody. A setting of 25 means that this IP has submitted 100 spam messages to the honeypot network (moderately suspicious). A setting of 50 means that this IP has submitted 10000 spam messages (very suspicious). A setting of 75 means that it has submitted a million messages (waaaay off). A setting of 175 means that this IP has submitted several billions of spam messages, which is highly unlikely. A sane setting for this value is, therefore anything between 25 and 50, I recommend 30. Please read this page for further information about the threat level index.

Cheers!

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 27 July 2011 12:18 CDT

user40848
Thankyou so much. I changed it to 30. Thanks again for suggestions and your kind support! ;-) you made me happy.

Wednesday, 27 July 2011 12:35 CDT

nicholas
You're welcome! I am happy when you are happy :)

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 27 July 2011 13:07 CDT

user40848
Just one last question, If I would import Total: 279,514 Spammers in my jos_admintools_ipblock table, Will it slow down my website opening and Joomla operation or will it overload my Joomla or any other problem?

Just few mins ago I got many security exception emails
eg
IP Address: 165.98.116.184
Reason: Bad Behaviour (Header 'Connection' contains invalid values)

IP Address: 157.157.255.85
Reason: Spammer (via HTTP:BL)

etc..

Wednesday, 27 July 2011 13:13 CDT

nicholas
A list of 280K IP addresses will absolutely kill the performance of your site and most likely lead to severe memory outage errors. Please don't do that. It's best to let HTTP:BL do its job - it's far more efficient.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Wednesday, 27 July 2011 13:17 CDT

user40848
Thanks for your immediate reply. Admin tools is must for every joomla website. I will definately recommend it to my all friends.

Wednesday, 27 July 2011 13:21 CDT

nicholas
You're welcome and thank you for your kind words!

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Thursday, 28 July 2011 14:40 CDT

user40848
Hello Again. I found new release out which is saying that it contains Bad Behaviour etc. Is it better than my "developer's release"? Should I update my self to that?

Also I want to know that is it possible to get you funny "Busted Page"?? I liked it very much. I also liked your 404 page. I accidently found 403 page. Also I wanted to get blocked by akeebabackup.com to see what page is there. I am fan of you now. Sorry ;-)

How can I use your Busted image type image on my website?? after 403?? as we can only type HTML in that. Is there is any harm as you hinted there that you should keep this message "small".

Thursday, 28 July 2011 16:00 CDT

nicholas
Hi!

Admin Tools 2.1.5 is the same as the version you have, plus some bug fixes regarding uninstallation issues under Joomla! 1.7 and adds the ability to upgrade from Joomla! 1.6.5/1.6.6 to 1.7.0. I recommend that you upgrade.

Regarding the custom error pages, all I did was to read the fine manual and follow its instructions. Who said that developers don't have to RTFM? ;)

Regarding the length of the error messages, there is a pitfall. If your error page is smaller than 256 bytes then Internet Explorer won't display your custom page but, instead, show its own stock error page. Funny, eh? Microsoft did it again :p

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!