I updgraded to 4.7.2 and not sure if there is a setting I missed. The last 3 nights, I get a lot of comment replies where this person does not write anything on the subject and body. He does this like2-4 times in the same minute. So in a few minutes I see about 10 or more of these annoying emtpy comments.
I'm not sure if there is a way to block this specific IP. I noticed it's from the same IP. I allow anonymous users to post comments on my site so I cannot change that. I'm thinking is this is a bot from this site that goes and does this? If it is a bot what is it trying to do by with these annoying comments? Or is it trying to hack my site?
I have his IP and it is 195.225.177.6
It also comes up like this when I do a whois
NetType: Allocated to RIPE NCC
NameServer: NS-PRI.RIPE.NET
NameServer: NS3.NIC.FR
NameServer: SUNIC.SUNET.SE
NameServer: NS-EXT.ISC.ORG
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
NameServer: TINNIE.ARIN.NET
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at http://www.ripe.net/whois
RegDate: 1996-03-25
Updated: 2005-08-03
RTechHandle: RIPE-NCC-ARIN
RTechName: RIPE NCC Hostmaster
RTechPhone: +31 20 535 4444
RTechEmail: search-ripe-ncc-not-arin@ripe.net
Comments
How did you get those stats?
How did you get those stats? That phone number is from a place in Amsterdam, The Netherlands, but when I do a lookup I get one from Ukraine...
I haven't had to use it yet...
...but I think you need to go to admin > access control > access rules > add rule.
For "access type", select "deny", and for "rule type", choose "host".
Enter the IP address in the "mask" field and click "add rule".
Your mysterious visitor should now be blocked. (I think. Like I said, I haven't had the need yet. Please let us know if it works.)
Thanks phow4rd, it's
Thanks phow4rd, it's working. So far last night no mysterious empty comments. Unfortunately, I'm near SF California and if I didn't allow Anonymous comments, my site would be dead.
Also, I did a who is lookup to that IP by using ARIN.NET and that is how I got that information.
Thanks again for everyone's help. Hopefully this guy won't change his IP because I'll have to hunt for it again. :)
Thanks it's work
thanks it's really work without installing addition module.
Banning IP
Should work from admin/logs/visitors
There is the operation ban available, too.
Thomas Narres
Keep the sunny side up
Same IP is hitting my site...
this person needs to get outside more ..
but I have anon comments turned off
Joe Moraca
http://www.moraca.org
omg the same exact IP is
omg the same exact IP is also doing that to you? It's amazing that this user/company is attacking drupal powered sites? Oh well, you're lucky you can turn off anonymous.
Spambot
This IP is running a spambot. Because of the strange submissions (empty instead of spam), the person behind the spambot is either 1) testing, 2) having trouble with drupal or 3) really stupid.
See
http://incredibill.blogspot.com/2006/06/stupid-spammers-snared.html
Search google for the IP and you'll see some typical spam posts.
--
The Manual | Troubleshooting FAQ | Tips for posting | Make Backups! | Consider creating a Test site.
You are right, I have
You are right, I have spambots hitting my site. At least 2-5 a day. Is there a way to stop them? I have been adding their IP to my list of denied IP's. Is there a better way to battle these idiots?
Whois n Spam
Just install or enable a captcha on your comment post page as that seems to stop the automated spam dead but you'll still get the occassional hand made spam.
FYI, when you run whois and it whos RIPE or APNIC or something like that you're not looking at the actual source, you're looking at the registrar of internet numbers for tha area.
To further refine your query, if done from command line, needs be the following:
whois -h whois.ripe.net 195.225.177.6
You can also go to ripe.net's website and do the whois from their website.
inetnum: 195.225.176.0 - 195.225.179.255
netname: NETCATHOST
descr: NetcatHosting
country: UA
admin-c: VS1142-RIPE
tech-c: VS1142-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-HM-PI-MNT
mnt-lower: RIPE-NCC-HM-PI-MNT
mnt-by: NETCATHOST-MNT
mnt-routes: NETCATHOST-MNT
source: RIPE # Filtered
remarks: ****************************************
remarks: * Abuse contacts: abuse@netcathost.com *
remarks: ****************************************
person: Vsevolod Stetsinsky
address: 01110, Ukraine, Kiev, 20Á, Solomenskaya street. room 206.
phone: +38 050 6226676
e-mail: vs@netcathost.com
nic-hdl: VS1142-RIPE
source: RIPE # Filtered
% Information related to '195.225.176.0/22AS31159'
route: 195.225.176.0/22
descr: NETCATHOST (full block)
origin: AS31159
mnt-by: NETCATHOST-MNT
remarks: ****************************************
remarks: * Abuse contacts: abuse@netcathost.com *
remarks: ****************************************
source: RIPE # Filtered
Modules or build in Drupal
Comparison of contributed modules for dealing with troublesome users http://drupal.org/node/645216
Or build in Drupal http://drupal.org/node/645218