当前位置: 文江博客话题详情

验证码和数学问题足以预防垃圾邮件吗?

发布于 2024-10-12 08:43:38 字数 2173 浏览 4 评论 0原文

我的一个网站收到了大量注册垃圾邮件。我的注册表上有验证码和数学问题,但似乎没有多大帮助。我是否可能遇到手动垃圾邮件发送者或者我的预防机制不够好?

注册表在这里:

http://peaksoverpoverty.org/wp-signup.php

更新

过去一周我一直在更仔细地跟踪行为,这就是访问日志中的典型请求:

174.132.130.194 - - [18/Jan/2011:07:24:55 -0600] "GET / HTTP/1.1" 302 20 "http://peaksoverpoverty.org/wp-signup.php" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET CLR 3.0.04506; Media Center PC 5.0; SLCC1; Tablet PC 2.0)"

经过一番研究后,用户代理字符串不一定看起来是恶意的 - 此工具能够解释整个字符串。话又说回来,我已经很久没有真正关注过用户代理字符串了。我知道它们很容易被欺骗,但这就是垃圾邮件发送者发送的内容。

另外,这是我在过去一周收集并阻止的违规 IP 地址列表:

174.120.203.66
174.120.245.194
174.122.107.138
174.122.175.162
174.123.101.98
174.132.130.194
174.142.241.137
175.41.168.169
184.154.74.21
187.63.208.241
195.56.42.131
199.16.130.53
200.17.56.7
201.22.130.66
201.59.175.2
201.59.175.29
205.186.184.10
208.100.27.143
208.100.27.154
208.100.27.159
208.100.27.186
208.101.30.165
208.43.73.29
209.151.224.235
209.151.224.240
212.227.119.47
213.251.189.204
213.251.189.205
216.108.225.220
216.108.225.242
220.181.94.212
222.237.79.242
24.252.62.57
62.215.5.66
64.22.89.70
66.172.42.11
66.232.112.144
66.232.112.168
66.249.71.217
66.96.219.38
67.109.124.170
67.18.19.194
67.18.5.2
67.18.72.2
67.225.184.5
69.117.20.174
69.117.22.237
69.117.24.21
69.117.26.195
69.147.240.90
69.147.249.161
69.147.249.22
69.147.249.99
69.167.175.27
69.28.58.35
69.56.228.130
69.89.31.240
71.208.210.208
72.18.157.147
74.220.215.68
74.53.28.2
74.54.131.82
74.54.95.210
77.235.37.41
79.125.33.136
79.172.242.144
80.252.171.68
82.80.235.146
84.16.243.243
85.17.199.46
85.214.92.15
85.92.83.164
86.196.41.15
86.208.68.211
88.191.126.212
88.208.33.130
90.18.14.167
90.47.218.215
90.59.74.139
91.121.203.226
91.184.49.210
91.207.254.234
93.174.95.153
94.125.27.20
95.133.38.238

攻击者似乎提供了相当动态的 IP 地址。任何进一步的想法都会很棒。我真的开始认为这些是手动攻击,但仍然不是 100% 确定,因为我从未处理过如此严重的垃圾邮件问题。

原文

One of my websites gets a ton of registration spam. I have a Captcha and a math question on the registration form but it doesn't seem to help much. Am I likely experiencing manual spammers or are my prevention mechanisms not good enough?

The registration form is here:

http://peaksoverpoverty.org/wp-signup.php

Update

I've been tracking behavior a bit closer over the past week and this is what a typical request looks like in the access logs:

174.132.130.194 - - [18/Jan/2011:07:24:55 -0600] "GET / HTTP/1.1" 302 20 "http://peaksoverpoverty.org/wp-signup.php" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET CLR 3.0.04506; Media Center PC 5.0; SLCC1; Tablet PC 2.0)"

After poking around a bit, the user agent string doesn't necessarily look malicious - this tool was able to explain the entire string. Then again, I haven't ever really stared at user agent strings for a long time. I know they can easily be spoofed, but this is what the spammers are sending.

Also this is a list of offending IP addresses I have gathered over the past week and blocked:

174.120.203.66
174.120.245.194
174.122.107.138
174.122.175.162
174.123.101.98
174.132.130.194
174.142.241.137
175.41.168.169
184.154.74.21
187.63.208.241
195.56.42.131
199.16.130.53
200.17.56.7
201.22.130.66
201.59.175.2
201.59.175.29
205.186.184.10
208.100.27.143
208.100.27.154
208.100.27.159
208.100.27.186
208.101.30.165
208.43.73.29
209.151.224.235
209.151.224.240
212.227.119.47
213.251.189.204
213.251.189.205
216.108.225.220
216.108.225.242
220.181.94.212
222.237.79.242
24.252.62.57
62.215.5.66
64.22.89.70
66.172.42.11
66.232.112.144
66.232.112.168
66.249.71.217
66.96.219.38
67.109.124.170
67.18.19.194
67.18.5.2
67.18.72.2
67.225.184.5
69.117.20.174
69.117.22.237
69.117.24.21
69.117.26.195
69.147.240.90
69.147.249.161
69.147.249.22
69.147.249.99
69.167.175.27
69.28.58.35
69.56.228.130
69.89.31.240
71.208.210.208
72.18.157.147
74.220.215.68
74.53.28.2
74.54.131.82
74.54.95.210
77.235.37.41
79.125.33.136
79.172.242.144
80.252.171.68
82.80.235.146
84.16.243.243
85.17.199.46
85.214.92.15
85.92.83.164
86.196.41.15
86.208.68.211
88.191.126.212
88.208.33.130
90.18.14.167
90.47.218.215
90.59.74.139
91.121.203.226
91.184.49.210
91.207.254.234
93.174.95.153
94.125.27.20
95.133.38.238

It seems like the attackers are providing fairly dynamic IP addresses. Any further thoughts would be great. I'm really starting to think these are manual attacks but still not 100% sure because I've never dealt with a spam issue this bad.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据

关于作者

や莫失莫忘

暂无简介

0 文章
0 评论
25 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

Gabu-gabumon

文章 0 评论 0

qq_CgiN62

文章 0 评论 0

荔枝明

文章 0 评论 0

赏烟花じ飞满天

文章 0 评论 0

独守阴晴ぅ圆缺

文章 0 评论 0

¤→小豸慧

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文