Mass subscribe attack on phplist

Seahawk · March 4, 2021, 7:57pm

On one of my PHPlists I have a massive attack from somewhere in Russia, it seems trying to register false Gmail and dot ru extension. When the orbit registers these emails, the system would send a mail to the “user” to confirm, which then bounce.

I then checked the log files and had 860 223 bounces from various of these fake addresses. I then tried to see the IP’s on my system and tried to block them in Cpanel but without success. It just kept on coming. I implemented a captcha and now gets the following message: captcha verification failure: for example loooda2010@gmail .com

My system has now been blacklisted as a spammer, and I am out of option since I cannot communicate important messages to my clients. I cleaned out the logfiles two days ago and have another 65 653 events with simular fake addresses.

I am desperate since I have blocked robots through my robots.text file but that does not seem to help. I do not know if I should make a clean install and see if that would resolve the problem.

Any help would be appreciated…

Seahawk · March 4, 2021, 8:33pm

I have now changed the folder where PHPlist is installed. when I check the visitors on the Cpanel, the attack continues on the lists folder. I have now again blocked those IP’s.

Dougster · March 4, 2021, 8:33pm

I had massive issues like that but my cloud provider set up blocking for a large portion of the IP addresses from France and Russia. We have not had any issues since then. Perhaps hiding your sign up page would be the way to go. Have someone with experience using the .htaccess settings help you out.

Doug

Seahawk · March 8, 2021, 4:23pm

What happened to the “Bad Behaviour” plugin. IT seemed to work on earlier versions.