By LuisCypher on

Situation
My site allows voting, it was set to allow anon voting once per ip every 48 hours or more.
It still allows anon comments.
Voted up items usually indicate a product has user submitted issues and faults that consumers should be aware of or that an article is good.
This means it is good to have your article highly voted but bad if your product is voted up. To see what I mean --> notascoolasitseems.com

The Problem
I had to disable anon voting because someone with a passion for a certain manufacturers products wanted to remove the listing from the front page. Anonomously they voted up other competing products continuously and then voted their favorite companies products down.
I expect some abuse but this was targeted and occured within about an hour, so it was obvious.

The first time I couldn't tell how it was being done so I fixed the affected listings and disabled anon votes, which is bad as the site is just starting to take off.

They came back again today and registered multiple accounts with false info. The user is getting around security and ip checks by using the TOR network, each time they connect to a site the TOR exit point changes so the ip changes.
I went through my logs and a lot of the spam my site gets is also coming out of Tor proxies

My Questions

Is it possible to block ip 's on mass, just add a list somewhere (module available ?), or do I need to do it one at a time with the "Access rules" The list of TOR proxies is large and obviously not just in one ip range.

Will blocking a large number of IP addresses like this effect a site in any adverse way ?
Can anyone think of any other solutions ?
Is there a way to provide a notice/explanation that an ip has been blocked to a user if they try to access the site.

Any help or advice would be great. thanks
I should say that while I do support the idea behind the TOR network, in this case it is being abused and that is the only reason I am trying to prevent access via this method.

Categories: Drupal 6.x

Comments

LuisCypher’s picture

LuisCypher commented

I'd modified account creation behaviour but It happened again today , more spam... this time they/he/she tried creating spam accounts.
I checked my logs, reports and raw server logs. Two minutes befor I hit the report page there was an attempt to create multiple accounts with garbage emails. The accounts couldn't be verified and therefor not validated, that was good for me.
Then it looks like an attempt was made to create multiple accounts using the same valid e-mail and use that for verification - only one of the 12 accounts was created.

I blocked TOR with a list and my htaccess file like this

.....
RewriteCond %{REMOTE_ADDR} ^99\.230\.95\.86$ [OR]
RewriteCond %{REMOTE_ADDR} ^99\.253\.50\.231$
RewriteRule ^.* - [F]

This just brings up a denied error, I wanted to direct to an explanation page but I couldn't get it to work.

I used this

RewriteCond %{REQUEST_URI} !http://www.mysite.com/page/redirected-you-here$
RewriteRule .* http://www.mysite.com/page/redirected-you-here$ [R=301,L]

Without the first line it stops access but it just creates a redirect loop
with it, it just doesn't work or do anything. , any ideas ?