WordPress.org

Ready to get started?Download WordPress

Forums

AVH First Defense Against Spam
[resolved] It did NOT block SPAM but it did block ME! (8 posts)

  1. 1001 Webs
    Member
    Posted 3 years ago #

    I installed the plug-in and I keep receiving the same amount of SPAM as before.
    Now I try to access my own web site or login and I get a message that says:

    "Access has been blocked.
    Your IP [XXX.XXX.XX.XX] is registered in the Stop Forum Spam or Project Honey Pot database.
    If you feel this is incorrect please contact them
    Protected by: AVH First Defense Against Spam"

    I tried to contact both the Stop Forum Spam or Project Honey Pot database,
    Project Honey Pot has a contact form with a "Mistaken Listing" option, that I used, I hope they do something about it.

    I was going to fill in the form at Stop Forum Spam but I saw this:
    Think about your question as questions like "why am I blocked?" will simply be ignored. Seriously, Im sick of the people that go "Im not a spammer, why am I listed?". Save yourself the time and me the effort of blocking you by not being stupid, use the search page. Our collective mind reading powers only cover a distance of several miles and not the entire planet. If you dont put in your email, username and IP details with a query, if relevant, then you will get a rather terse reply."

    I clicked on the link to Project Honey Pot's removal request page and I got a 404.

    Ridiculous. So, in other words, you are blocked (unfairly) and that's it

    What's the point of this, if SPAM keeps coming in and legitimate users are blocked without option to appeal???

    P.S.
    I'm just guessing the problem lies in that this is a shared IP address because that's how some ISPs operate in the Philippines, so I'm forced to use it. No other choice. It's not my fault and I shouldn't be blocked for that. You should find a better way of implementing this, this is absolutely ridiculous.

    http://wordpress.org/extend/plugins/avh-first-defense-against-spam/

  2. nv1962
    Member
    Posted 3 years ago #

    • You are posting a request with a topic label set in relation to the AVH First Defense Against Spam (AFDAS) plugin.
    • Your issue is not due to a malfunction of the AFDAS plugin; in fact, it is because you activated the so-called Third-Party remote blacklist option.
    • I can assure you that both the http:BL blacklist (of ProjectHoneyPot) and the StopForumSpam blacklist have a good delisting procedure, doing their level best to weed out false positives.
    • It depends entirely on the code shown to you (you can look yourself up in the Project Honey Pot site; just punch in the IP address that got you locked out) what the reason was for the lockout. (Edited to add: you can also look up your IP at the StopForumSpam site of course.)
    • If it is IP address related, time will heal all wounds. Eventually the time-out for that IP will expire, unless it is caught reoffending. Usually though, a faster method is to simply use a clean ISP provider, preferably one that actually responds to abuse reports.
    • If it is behavior-related, just stop it. If you didn't cause it voluntarily, then quadruple scan and check all your systems hooked to the internet via that IP address. Then check them again, and don't trust a 13-year old housemate's word for "not having installed anything out of the ordinary." If you didn't deliberately exhibit the blocked behavior, odds are that you have malware, or worse, putting you at the mercy of international criminal organizations.
    • If you encounter a less than impeccably mannered system and site administrator, especially one that is fending off all sorts of @#$% thrown at his/her site, look past the gruff attitude and connect to a point you should have in common: a profound dislike for spammers, botnets and skiddies. I bet that "even" the SFS admin, Pedigree, will warm to such a positive attitude.
    • No offender is blocked "unfairly." There could be unwitting attackers and ill-behaved netizens. But with http:BL and SFS I can assure you that the ratio of good kills versus false positives is so astronomically high, that you can use it as a badge of honor.
    • ISPs are not "bad" just because they share IP addresses; they become known as filthy ISPs when they don't take action after report upon report. To give you two examples, the companies that are former state-owned / operated phone companies in Spain (branched out all over Latin America) and in Italy are notorious for their lax attitude. Hence, they are on a very short leash; their customers are learning the hard way that the internet is shrinking to them. Eventually money talks louder, so they'll catch up eventually. Yet there are tons of "good" ISPs out there that use a sharing or pooling system of their limited IP address space. Even AOL, although they are a separate case of trouble for reasons that go to far here.
    • Overall, I sympathize. It's not a very nice experience to get a page shoved in your face that says "We don't want you in here." But please realize that this is a result of a problem that has grown far past pandemic proportions, to one that is a real threat to free expression world wide. And so, please bear with the efforts to clean up the internet, alternatively to shrink it to the exclusion of the @#$% heads out there that cost all of us system and site admins tons of time and money that we rather spend on creating content.
    • Contact them - SFS or PHP - via a different ISP; make sure you provide the dates, times and the IP address you used, so they can look into it. Knocking on their door with anything less is an invitation to get a more or less polite variant of "go away".
    • The only thing ridiculous here is that skiddies, botnets and spammers aren't prosecuted like the terrorists they are. Here in the US where I am now, you get in worse trouble for opening someone else's ordinary mailbox. Also ridiculous: software / IP piracy, driving traffic to criminal sites where malware greets the unsuspecting albeit somewhat naive surfer expecting free lunches. And finally, not educating fellow WP netizens on how to secure their websites with a wee bit more than just the Akismet plugin, that is ridiculous too. Mind you: Akismet is a truly fantastic and highly recommendable plugin - no disrespect whatsoever intended, quite the contrary. I mean that site security is a complex discipline, requiring different tools and patches and solutions applied simultaneously. Ridiculous or not, that is the world we live in. You'll face the same with any of the "Big Scripts" out there; WordPress is no exception to that.

    Good luck.

  3. nv1962
    Member
    Posted 3 years ago #

    Afterthought: I hope you didn't put your own IP address in the blacklist field of AFDAS. It's a very long shot, considering you're aware that your ISP uses dynamically allocated IP addresses, but that's another surefire way of getting AFDAS to tell you to talk to the hand. There's one way to find out if you're locked out by AFDAS: go in with FTP, rename (don't delete) the AFDAS plugin folder, then log in - your AFDAS plugin will be deactivated after its location has been renamed - and then delete it from the Plugins page in the wp-admin section. Then, reinstall it again, and make sure you don't exclude yourself.

    As I said: it's a long shot but at least we have all bases covered.

    Finally, before I forget: don't forget to show your appreciation for anti-malware plugin developers to them, just as for WP and other open software developers in general. All that hard work and little but complaints in return make a darn lousy motivational appeal to them to continue their hard work. Throw them a few coin if you can.

  4. pedigree@sfs
    Member
    Posted 3 years ago #

    Ive just checked the emails and I dont have a delisting request from anyone. The reason you get told not to ask "why am I listed" is because the admins have NO idea why youre listed. Someone submitted a record that might happen to have your email or IP address. We have no idea why they added it nor are the admins mind readers.

    Ask to be removed if you want to be removed and provide the details of your IP when you ask but before you ask for a delisting, please search for your details first as over 90% of people that send very hostile and threatening emails about being delisted, arent even listed.

    We are happy to delist old or incorrectly listed data... when asked to.

  5. 1001 Webs
    Member
    Posted 3 years ago #

    Thank you for your reply, nv1962.

    It seems that I should have paid more attention when installing the plugin and activating the Third-Party remote blacklist option. I manage over 20 different WordPress installations these days and I'm testing different anti-Spam software, as I'm more than fed up of having to waste my time with this garbage.

    I will delete the plugin via FTP and reinstall it again, see how it goes.

    By the way, this is the removal link at Stop Forum Spam:
    http://www.stopforumspam.com/removal
    It isn't working for me. I get a:
    "Service Temporarily Unavailable
    The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later."
    Perhaps someone should let them know, but I'm just afraid of upsetting them some how.

    Anyway, thanks again, all clear now. My bad, there was an option to whitelist oneself and I didn't notice it.

  6. nv1962
    Member
    Posted 3 years ago #

    I'm glad you solved it. One tip: there's a reason I recommended to rename, not delete via FTP, and after you have been readmitted (because AFDAS will have been deactivated upon login) to delete it from the backend.

    If you delete the plugin directly via FTP, your IP address that got you locked out is still in the AFDAS internal cache of "bad" IP addresses. So, it's tricky to deactivate / delete from FTP and then having to rely on your memory to disable the remote blacklist options. If you delete the plugin "properly" i.e. from the backend, AFDAS will also delete its database table, and thus clear out your IP address. Upon reinstalling it, you'll have a clean slate again. That's why I recommended it in that order.

    As to dealing with the garbage: don't expect silver bullets. They don't exist. You have to apply a combination. I'll copy and paste something said elsewhere:

    don't use one method. Use four. Or five. Use one from the trio of Akismet, TypePad AntiSpam and Defensio. Use something like WP HashCash. Use something like Bad Behavior. Use a tighter htaccess regime, e.g. by using BulletProof Security (it's quite harmless in that it only deals with htaccess, not your WP install scripts). And use something wholly outside the WP box, like ZB Block (it's very easy to set up in WP, just one snippet in two core files, drop a "WP compatibility file" in and you're done.) Yet another option is CloudFlare, I can warmly recommend that, too. And finally, apply SSL certs to pages where people access your site via a login, forcing login sessions through encrypted tunnels (and if you really can't afford SSL, use alternatives like Semisecure Login Reimagined together with login attempt limiters to thwart brute force attacks).

    Dealing with the garbage is unpleasant for sure. But not dealing with it is even more unpleasant.

  7. 1001 Webs
    Member
    Posted 3 years ago #

    @pedigree
    Thank you pedigree, I'll be sending you an e-mail in a short while

    @nv1962
    Thank you for the advice again

    Cheers

  8. 1001 Webs
    Member
    Posted 3 years ago #

    @pedigree
    No need, I can access the site fine now, which must mean it was listed at the Project Honey Pot database, which I contacted earlier.

    Thank you again both,

    All the best

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic