Pligg Spam From India And How To Stop It

spammer_shirt_art_300.pngWe already know from a previous article i wrote about a pycurl vulnerability that pligg is a heaven for spammers, it seems that the country of India is becoming a particular nuisance for user submitted spam though. We thought it would be good to cover what options you have to cut down on user submitted spam, we will be concentrating on India but these techniques can be applied to any spammers IP Address or an entire Country IP Range in extreme cases.

First off lets start with the lack of some basic features in pligg makes spam hard to eradicate 100%, this is due to several factors and limitations within the pligg system.

1. KillSpam – The killspam feature is a poorly though out affair, when you perform the killspam feature on a user it changes their password, email address and sets their stories to Discarded. Here are the downfalls of this method, most spam users also place a spam link in their pligg profile page in the homepage field, they then link to their profile any way they can, spam blogs, social bookmarking sites, directories etc. Also the fact that pligg stories that have been discarded can still be linked to and crawled by Google even after killspam makes no real difference to a spammer who’s looking for a link-back. And in case your thinking i will just delete the discarded story link, you cant as pligg doesn’t have that simple feature?

2. Delete User – You cant. Pligg doesn’t have that essential feature?

Tackling spam on a pligg based project can prove to be a time consuming affair for the staff especially if your site is becoming popular and trafficked, as these sites tend to attract more spammers for obvious reasons. The first thing you will notice about user submitted spam is similar IP Address’s for the registered users who submit spam, most IP Address’s will be from the same range. Human spammers also use mail accounts like googlemail.com or yahoo.com, there is a purpose behind this in the fact that a webmaster is highly unlikely to ban two of the most popular free mail services from registering at his site.

The only real way to stop spam is by IP Address and there are several ways we can achieve this, pligg has spam modules available like Askimet, Bad Behavior, reports however on these modules signify that they really don’t work. Askimet like so many things pligg was never fully finished as a module and bad behavior has a habit of locking webmasters out of their own website. That leaves us with little option as far as easy solutions go, so we will have to settle for a combination of .htaccess rules and a pligg module titled blacklist to stop spammers.

The reason i base this article on India is because of the reports and experience i have had with pligg spam over the past few months originating from India. Lets get started then.

First thing to do is make a decision how bad your spam problem is? could you block a few IP Address’s or does it require a entire IP Range to be blocked.

Examples Of Indian IP Ranges Of Confirmed Pligg Spammers
122.162.*.*
122.163.*.*

Method To Block Individual IP Address
For this method we will use the pligg blacklist module and is best suited if you plan to manually ban any offending IP address’s you collect on your site. Blacklist cannot be used for banning entire ranges.

1. Download the blacklist module from Pligg Blacklist Module
2. Extract and upload the blacklist folder to your pligg /modules folder.
3. Goto you Administration / Modules Management section and enable the blacklist module.

Now you have blacklist installed lets see how to add new IP’s you want to ban. In every pligg profile that is viewed from the Administration section “User Management” will show that users IP Address when they registered and last accessed. Copy that IP Address.

Now the downside of this module is the lack of any administration and you will need to add IP’s by using FTP or you host’s online file editor. Use your preffered method and goto /modules/blacklist/blacklist.php, this is where you place the IP address you copied from the users profile. save the file and upload it.

Now anyone visiting your site from the IP address you pasted into the blacklist.php will receive a 404 error.

Blocking An Entire Range Because of Spam With .htaccess
There are several effective ways to block a range of IP addresses via htaccess. This first method blocks an IP range specified by their CIDR (Classless Inter-Domain Routing) number. This method is useful for blocking mega-spammers such as RIPE, Optinet, and many others. If, for example, you find yourself adding line after line of Apache deny directives for addresses beginning with the same first few numbers, choose one of them and try a whois lookup. Listed within the whois results will be the CIDR value representing every IP address associated with that particular network. Thus, blocking via CIDR is an effective way to eloquently prevent all IP instances of the offender from accessing your site. Here is a generalized example for blocking by CIDR (edit values to suit your needs):

# block IP range by CIDR number
<Files *>
order allow,deny
allow from all
deny from 10.1.0.0/16
deny from 80.0.0/8
</Files>

Note: It is recommended that you use <Files *> instead of <Limit GET POST PUT>.

According to an expert on this matter:

I would suggest a container, rather than a container, unless it is your intent to allow these unwelcome user-agents to make PUT, DELETE, CONNECT, OPTIONS, PATCH, PROPFIND, PROPPATCH, MKCOL, COPY, MOVE, LOCK, and UNLOCK requests to your site. If it is your intent to allow these other methods, then is sufficient.

Completely Ban India From Accessing Your Website
Add this code below to your .htaccess file.

<Files *>
order allow,deny
deny from 58.2.0.0/16
deny from 58.68.0.0/17
deny from 58.146.96.0/19
deny from 59.88.0.0/13
deny from 59.96.0.0/14
deny from 59.144.0.0/15
deny from 59.160.0.0/14
deny from 59.164.0.0/15
deny from 59.176.0.0/13
deny from 59.184.0.0/15
deny from 60.243.0.0/16
deny from 60.254.0.0/17
deny from 61.0.0.0/16
deny from 61.1.0.0/16
deny from 61.2.0.0/15
deny from 61.8.128.0/19
deny from 61.11.0.0/19
deny from 61.11.32.0/19
deny from 61.11.64.0/18
deny from 61.12.0.0/17
deny from 61.16.128.0/17
deny from 61.17.0.0/17
deny from 61.17.128.0/17
deny from 61.95.128.0/18
deny from 61.95.192.0/19
deny from 61.95.224.0/20
deny from 61.95.240.0/20
deny from 61.246.0.0/16
deny from 61.247.224.0/19
deny from 116.50.0.0/21
deny from 116.50.64.0/18
deny from 116.66.128.0/19
deny from 116.68.64.0/18
deny from 116.68.240.0/21
deny from 116.72.0.0/14
deny from 116.90.240.0/20
deny from 116.119.0.0/16
deny from 116.193.128.0/21
deny from 116.193.160.0/21
deny from 116.212.176.0/21
deny from 116.214.24.0/21
deny from 121.50.0.0/21
deny from 121.50.8.0/21
deny from 121.240.0.0/13
deny from 122.50.8.0/21
deny from 122.50.128.0/17
deny from 122.98.0.0/16
deny from 122.144.16.0/21
deny from 122.160.0.0/12
deny from 122.200.16.0/21
deny from 122.252.224.0/19
deny from 122.255.72.0/21
deny from 123.108.32.0/19
deny from 123.108.200.0/21
deny from 123.108.224.0/21
deny from 123.136.16.0/21
deny from 123.136.128.0/17
deny from 123.176.32.0/20
deny from 123.201.0.0/16
deny from 123.236.0.0/14
deny from 123.242.240.0/20
deny from 123.252.128.0/18
deny from 124.4.0.0/16
deny from 124.7.0.0/18
deny from 124.7.64.0/18
deny from 124.7.128.0/17
deny from 124.30.0.0/16
deny from 124.47.128.0/18
deny from 124.124.0.0/15
deny from 124.153.64.0/18
deny from 125.16.0.0/13
deny from 125.62.96.0/19
deny from 125.62.128.0/18
deny from 125.63.64.0/18
deny from 125.99.0.0/16
deny from 144.16.0.0/16
deny from 157.227.0.0/16
deny from 158.144.0.0/16
deny from 163.122.0.0/16
deny from 164.100.0.0/16
deny from 164.164.0.0/16
deny from 192.136.141.0/24
deny from 192.136.142.0/24
deny from 192.136.143.0/24
deny from 192.151.129.0/24
deny from 196.1.1.0/24
deny from 196.1.68.0/24
deny from 196.1.104.0/24
deny from 196.1.105.0/24
deny from 196.1.106.0/24
deny from 196.1.108.0/24
deny from 196.1.109.0/24
deny from 196.1.110.0/23
deny from 196.1.113.0/24
deny from 196.1.114.0/24
deny from 196.1.134.0/24
deny from 196.3.65.0/24
deny from 196.12.32.0/19
deny from 196.15.16.0/20
deny from 202.1.120.0/21
deny from 202.3.75.0/24
deny from 202.3.76.0/24
deny from 202.3.77.0/24
deny from 202.3.80.0/20
deny from 202.3.112.0/20
deny from 202.4.25.0/24
deny from 202.6.80.0/24
deny from 202.6.99.0/24
deny from 202.7.52.0/22
deny from 202.7.56.0/22
deny from 202.9.112.0/20
deny from 202.9.128.0/19
deny from 202.9.160.0/19
deny from 202.9.192.0/20
deny from 202.10.32.0/19
deny from 202.12.16.0/24
deny from 202.12.101.0/24
deny from 202.14.69.0/24
deny from 202.14.72.0/24
deny from 202.21.129.0/24
deny from 202.21.134.0/23
deny from 202.21.147.0/24
deny from 202.38.180.0/22
deny from 202.40.6.0/24
deny from 202.41.0.0/23
deny from 202.41.2.0/23
deny from 202.41.4.0/22
deny from 202.41.8.0/23
deny from 202.41.10.0/24
deny from 202.41.11.0/24
deny from 202.41.12.0/23
deny from 202.41.16.0/20
deny from 202.41.32.0/19
deny from 202.41.64.0/24
deny from 202.41.65.0/24
deny from 202.41.66.0/24
deny from 202.41.67.0/24
deny from 202.41.68.0/24
deny from 202.41.69.0/24
deny from 202.41.70.0/24
deny from 202.41.71.0/24
deny from 202.41.72.0/22
deny from 202.41.76.0/22
deny from 202.41.80.0/24
deny from 202.41.81.0/24
deny from 202.41.82.0/24
deny from 202.41.83.0/24
deny from 202.41.84.0/24
deny from 202.41.85.0/24
deny from 202.41.86.0/23
deny from 202.41.88.0/22
deny from 202.41.92.0/22
deny from 202.41.96.0/19
deny from 202.41.128.0/24
deny from 202.41.129.0/24
deny from 202.41.130.0/24
deny from 202.41.131.0/24
deny from 202.41.132.0/24
deny from 202.41.133.0/24
deny from 202.41.148.0/22
deny from 202.41.192.0/24
deny from 202.41.204.0/22
deny from 202.41.224.0/20
deny from 202.44.56.0/22
deny from 202.44.137.0/24
deny from 202.45.6.0/23
deny from 202.45.10.0/23
deny from 202.46.19.0/24
deny from 202.46.22.0/23
deny from 202.46.192.0/20
deny from 202.46.208.0/20
deny from 202.47.124.0/24
deny from 202.47.127.0/24
deny from 202.52.2.0/23
deny from 202.53.8.0/21
deny from 202.53.64.0/19
deny from 202.53.96.0/20
deny from 202.54.0.0/22
deny from 202.54.4.0/22
deny from 202.54.8.0/21
deny from 202.54.16.0/20
deny from 202.54.32.0/19
deny from 202.54.64.0/18
deny from 202.54.128.0/17
deny from 202.55.0.0/19
deny from 202.56.0.0/22
deny from 202.56.96.0/19
deny from 202.56.192.0/19
deny from 202.56.224.0/19
deny from 202.57.0.0/22
deny from 202.58.132.0/22
deny from 202.59.2.0/23
deny from 202.60.128.0/19
deny from 202.60.208.0/20
deny from 202.62.64.0/19
deny from 202.62.116.0/23
deny from 202.62.224.0/20
deny from 202.62.252.0/24
deny from 202.63.96.0/19
deny from 202.63.160.0/20
deny from 202.63.176.0/20
deny from 202.63.252.0/23
deny from 202.65.128.0/19
deny from 202.67.4.0/22
deny from 202.68.128.0/19
deny from 202.70.192.0/20
deny from 202.71.128.0/19
deny from 202.72.248.0/22
deny from 202.75.192.0/20
deny from 202.77.137.0/24
deny from 202.78.160.0/20
deny from 202.78.232.0/21
deny from 202.79.248.0/22
deny from 202.80.48.0/20
deny from 202.81.128.0/19
deny from 202.81.192.0/20
deny from 202.83.16.0/20
deny from 202.83.32.0/19
deny from 202.86.4.0/22
deny from 202.86.251.0/24
deny from 202.87.32.0/19
deny from 202.88.128.0/19
deny from 202.88.160.0/20
deny from 202.88.176.0/20
deny from 202.88.208.0/20
deny from 202.88.224.0/20
deny from 202.88.240.0/20
deny from 202.89.64.0/20
deny from 202.90.96.0/20
deny from 202.91.64.0/19
deny from 202.91.132.0/22
deny from 202.91.136.0/21
deny from 202.92.8.0/21
deny from 202.92.224.0/20
deny from 202.95.251.0/24
deny from 202.122.16.0/21
deny from 202.122.134.0/23
deny from 202.123.32.0/20
deny from 202.124.248.0/21
deny from 202.131.96.0/19
deny from 202.131.128.0/19
deny from 202.133.48.0/20
deny from 202.134.144.0/20
deny from 202.134.160.0/20
deny from 202.134.176.0/20
deny from 202.134.192.0/20
deny from 202.136.248.0/22
deny from 202.137.208.0/20
deny from 202.137.232.0/21
deny from 202.137.248.0/22
deny from 202.138.96.0/19
deny from 202.140.32.0/20
deny from 202.140.48.0/20
deny from 202.140.128.0/19
deny from 202.141.0.0/24
deny from 202.141.1.0/24
deny from 202.141.2.0/23
deny from 202.141.4.0/22
deny from 202.141.8.0/21
deny from 202.141.16.0/20
deny from 202.141.32.0/19
deny from 202.141.64.0/18
deny from 202.141.128.0/19
deny from 202.141.224.0/19
deny from 202.142.0.0/22
deny from 202.142.4.0/22
deny from 202.142.64.0/19
deny from 202.142.96.0/19
deny from 202.143.0.0/23
deny from 202.143.4.0/22
deny from 202.144.0.0/19
deny from 202.144.32.0/19
deny from 202.144.64.0/18
deny from 202.146.192.0/20
deny from 202.148.192.0/20
deny from 202.149.32.0/19
deny from 202.149.192.0/20
deny from 202.149.208.0/20
deny from 202.151.128.0/19
deny from 202.153.32.0/20
deny from 202.154.160.0/20
deny from 202.157.64.0/19
deny from 202.159.192.0/18
deny from 202.160.160.0/20
deny from 202.162.48.0/20
deny from 202.162.224.0/19
deny from 202.164.32.0/20
deny from 202.164.48.0/20
deny from 202.164.128.0/19
deny from 202.172.7.0/24
deny from 202.174.5.0/24
deny from 202.177.44.0/22
deny from 202.177.128.0/20
deny from 202.177.144.0/20
deny from 202.177.160.0/19
deny from 202.177.224.0/19
deny from 202.179.64.0/19
deny from 202.183.64.0/20
deny from 202.189.224.0/19
deny from 202.191.64.0/19
deny from 203.12.222.0/23
deny from 203.13.168.0/22
deny from 203.14.18.0/24
deny from 203.18.26.0/24
deny from 203.19.3.0/24
deny from 203.21.7.0/24
deny from 203.24.87.0/24
deny from 203.27.235.0/24
deny from 203.31.8.0/23
deny from 203.32.4.0/23
deny from 203.32.221.0/24
deny from 203.33.198.0/23
deny from 203.34.69.0/24
deny from 203.34.116.0/24
deny from 203.34.117.0/24
deny from 203.34.246.0/24
deny from 203.55.173.0/24
deny from 203.56.241.0/24
deny from 203.62.172.0/22
deny from 203.76.128.0/20
deny from 203.76.176.0/20
deny from 203.77.177.0/24
deny from 203.77.192.0/20
deny from 203.78.4.0/24
deny from 203.78.128.0/19
deny from 203.78.208.0/20
deny from 203.82.4.0/22
deny from 203.82.248.0/23
deny from 203.82.250.0/23
deny from 203.86.96.0/19
deny from 203.88.0.0/19
deny from 203.88.128.0/19
deny from 203.89.4.0/24
deny from 203.90.4.0/23
deny from 203.90.64.0/19
deny from 203.90.96.0/22
deny from 203.90.100.0/22
deny from 203.90.104.0/21
deny from 203.90.112.0/20
deny from 203.91.192.0/19
deny from 203.92.32.0/19
deny from 203.92.192.0/20
deny from 203.94.192.0/20
deny from 203.94.208.0/21
deny from 203.94.216.0/22
deny from 203.94.220.0/22
deny from 203.94.224.0/19
deny from 203.98.96.0/19
deny from 203.99.40.0/21
deny from 203.99.192.0/19
deny from 203.100.64.0/20
deny from 203.101.0.0/17
deny from 203.104.16.0/21
deny from 203.105.160.0/19
deny from 203.109.64.0/19
deny from 203.109.96.0/19
deny from 203.110.80.0/20
deny from 203.110.208.0/20
deny from 203.110.240.0/21
deny from 203.112.128.0/19
deny from 203.115.64.0/20
deny from 203.115.80.0/20
deny from 203.115.96.0/19
deny from 203.119.49.0/24
deny from 203.119.50.0/24
deny from 203.122.0.0/18
deny from 203.123.32.0/20
deny from 203.123.128.0/18
deny from 203.124.16.0/21
deny from 203.124.128.0/20
deny from 203.124.144.0/20
deny from 203.124.160.0/20
deny from 203.124.192.0/19
deny from 203.124.224.0/19
deny from 203.129.192.0/20
deny from 203.129.208.0/21
deny from 203.129.216.0/21
deny from 203.129.224.0/19
deny from 203.132.128.0/19
deny from 203.132.208.0/20
deny from 203.134.192.0/19
deny from 203.134.224.0/21
deny from 203.134.248.0/22
deny from 203.143.176.0/20
deny from 203.144.96.0/19
deny from 203.145.128.0/21
deny from 203.145.136.0/21
deny from 203.145.144.0/20
deny from 203.145.160.0/19
deny from 203.153.32.0/20
deny from 203.158.64.0/19
deny from 203.163.128.0/24
deny from 203.163.129.0/24
deny from 203.163.130.0/23
deny from 203.163.132.0/22
deny from 203.163.136.0/21
deny from 203.163.144.0/20
deny from 203.163.160.0/19
deny from 203.163.224.0/19
deny from 203.171.240.0/21
deny from 203.187.192.0/20
deny from 203.187.208.0/20
deny from 203.187.224.0/20
deny from 203.187.240.0/20
deny from 203.188.224.0/21
deny from 203.189.5.0/24
deny from 203.189.176.0/21
deny from 203.190.128.0/20
deny from 203.190.144.0/20
deny from 203.190.248.0/24
deny from 203.191.34.0/23
deny from 203.192.192.0/20
deny from 203.192.208.0/20
deny from 203.192.224.0/19
deny from 203.193.128.0/19
deny from 203.193.160.0/19
deny from 203.194.96.0/20
deny from 203.196.128.0/20
deny from 203.196.144.0/20
deny from 203.196.160.0/19
deny from 203.196.192.0/19
deny from 203.196.224.0/19
deny from 203.197.0.0/16
deny from 203.199.0.0/16
deny from 203.200.0.0/16
deny from 203.201.192.0/18
deny from 203.212.64.0/24
deny from 203.212.65.0/24
deny from 203.212.66.0/23
deny from 203.212.68.0/22
deny from 203.212.72.0/21
deny from 203.212.192.0/18
deny from 210.7.64.0/19
deny from 210.18.0.0/17
deny from 210.18.128.0/19
deny from 210.18.160.0/19
deny from 210.56.96.0/19
deny from 210.89.32.0/19
deny from 210.210.0.0/17
deny from 210.211.128.0/17
deny from 210.212.0.0/16
deny from 210.214.0.0/17
deny from 210.214.128.0/17
deny from 218.248.0.0/16
deny from 219.64.0.0/15
deny from 219.83.128.0/17
deny from 219.90.96.0/20
deny from 219.91.128.0/18
deny from 219.91.192.0/19
deny from 219.91.224.0/19
deny from 220.156.184.0/21
deny from 220.224.0.0/14
deny from 221.120.104.0/21
deny from 221.128.128.0/18
deny from 221.128.192.0/18
deny from 221.134.0.0/18
deny from 221.134.64.0/18
deny from 221.134.128.0/17
deny from 221.135.0.0/16
allow from all
</Files>

Pligg isn’t really built for combating spam and with lot’s of basic features missing can be a really time intensive choice for your project. Hopefully the information above will help you fight any unwanted guests and make your site a little more manageable time wise.

If you enjoyed this post, make sure you subscribe to my RSS feed!

Article Details

#

Author: on May 31st, 2008

Category: Pligg

Tags: , , ,

  1. amarsimha says:

    i suggest you to take back your story because it is too harsh for you to blame india. i feel sorry to read this kind of article.

  2. denny says:

    Block any country that doesn’t fit your target market. I’m not selling car insurance in India unfortunately, but until I block it, somehow 90% of my blog comments came from there? For me its a no brainer.

  3. webdire says:

    It looks like some bunch of spammers are putting the whole country reputation at risk.

    You also cant deny the fact that almost more than 25% of visitors for most of the sites are from India and they are not spammers.
    Even this site gets 12% visitors from India and I think they contitute an important part in your overall site earnings.

  4. capnasty says:

    Blocking a whole country is extreme: not everyone in India is a spammer. And more than likely, they’re the hired guns for some questionable company in the U.S., which is simply tapping in the cheap labour market found in India.

    I wasn’t happy about having to block several major Indian ISPs, but the amount of spam we were receiving by these Mechanical Turks, had become more than just an occasional nuisance. Although 90% of my traffic is generated from North America, with the remaining from the UK, Australia and NZ, I hope that in the future I will be able to remove these limitations.

    I’ve added a page 403 explaining why they are being blocked.