Thursday, April 5, 2012

Daftar Email Para Pembuat Spambot

Spambot berguna untuk melakukan auto posting setelah meletakkan email, maupun script ke website kita, kebanyakan spammer berasal dari negara china maupun korea. Sebenarnya apa website kita diserang spammer bisa aja menyerang balik karena email mereka sudah ada pada database kita. Tapi apakah kita harus melakukan yang sama seperti mereka yang menggunakan internet untuk melakukan cara2 promosi brand produk tertentu dengan cara nyepam? sebaiknya gunakan internet secara sehat hehe...

Berikut email domain yang sering digunakan oleh para spambot dapat dilihat contoh :
@126.com, @yeah.net, @hotmail.com de ele ele
sebenarnya hotmail.com tergabung dalam microsoft live dan bukan hosting para spammer, akan tetapi para hacker maupun spammer china sudah lebih dulu membuat emailnya dihotmail dan digunakan untuk melakukan spam.

Cara pencegahannya apabila whm kita memiliki mod_security running? masuk cpanel /usr/local/apache/conf/modsec2.user.conf
letakkan kode di config file tersebut untuk mencegah login atau join :
SecRule ARGS_POST "\@gmx\.com" "log, deny"
SecRule ARGS_POST "\@126\.com" "log, deny"
SecRule ARGS_POST "\@qq\.com" "log, deny"
SecRule ARGS_POST "\@yahoo\.cn" "log, deny"
SecRule ARGS_POST "\@163\.com" "log, deny"
SecRule ARGS_POST "\@mx8168\.net" "log, deny"
SecRule ARGS_POST "\@12gohere.net" "log, deny"
SecRule ARGS_POST "\@boxedchristmascards.net" "log, deny"
SecRule ARGS_POST "\@110mail.net" "log, deny"
SecRule ARGS_POST "\@yeah.net" "log, deny"
SecRule ARGS_POST "\@sohu.com" "log, deny"
SecRule ARGS_POST "\@hotmail.com" "log, deny"
SecRule ARGS_POST "\@free-medicine.net" "log, deny"
SecRule ARGS_POST "\@satiny.co.uk" "log, deny"
SecRule ARGS_POST "\@energyforthehome.com" "log, deny"
SecRule ARGS_POST "\@dunkssb.net" "log, deny"
SecRule ARGS_POST "\@pumpkincarving.org" "log, deny"
SecRule ARGS_POST "\@theory-test-practice.co.uk" "log, deny"
SecRule ARGS_POST "\@cooljordanshoestore.com" "log, deny"
SecRule ARGS_POST "\@betfairmethods.com" "log, deny"

SecRule REQUEST_BASENAME "^join\.php$" phase:2,chain,log,deny
  SecRule ARGS_POST "href="

SecRule ARGS_POST "prada-handbags" "log, deny"
SecRule ARGS_POST "fashion-replica" "log, deny"
SecRule ARGS_POST "replica-prada" "log, deny"
SecRule ARGS_POST "prada\ bag" "log, deny"
SecRule ARGS_POST "designer\ handbag" "log, deny"
SecRule ARGS_POST "prada\ bag" "log, deny"
SecRule ARGS_POST "prada\ purse" "log, deny"
SecRule ARGS_POST "prada\ handbag" "log, deny"
SecRule ARGS_POST "weebly\.com" "log, deny"
SecRule ARGS_POST "vibram-5fingersales" "log, deny"
SecRule ARGS_POST "republic-handbags" "log, deny"

namun jika kita mau mencegah semua email-email diatas mengirimkan link dapat ganti dengan input sbb:
SecRule ARGS_POST "=href" "log, deny"


Cara diatas hanya berlaku bagi yang websitenya VPS (bukan share hosting)


Posted by Syarwan at 6:40 PM
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)