I cannot log in through a T-Mobile network

[RicharD]

I just got one of them there fancy pants telephones with the internets all built in.  If I'm connected through my wifi network, there's no problem but If I used the T-Mobile 4G network, I get asked 2 algebra questions and promptly get booted off.  My money is on operator error (me) at this point but there's no harm is asking.

Thanks!
-richard

[EL34]

You are getting booted by the anti-spam anti-bot mod.

This is you in the log screen shot
Looks like you made it in once but two times it failed?

Your IP seems to be targeted.
I put the question to the author of the mod to see what he says cause I don't know.

I'll get back to you when I know more

[RicharD]

Hmmm... I tried at least 3 times,  but all around 8:00 ish.  IIRC, I tried twice, then I fingered out the wifi thang, logged in, jumped off wifi, and got booted again.  It's not even important to me because honestly I find it cumbersome to surf on a telephone. I was curious is I was messing up or not.  Much more important to keep the spam bots out.  Truth be known, I spend too much time on the internet as it is w/o the assistance of an Android.

[PRR]

You got an IP which has been used for bad-stuff within the last 30-90 days.

Most many-shared IPs, ones which turn-over several times a day, "have been used for badstuff".

http://www.el34world.com/Forum/index.php?topic=10515.0

For one time: after you take the quiz, there is a small link to the logging site where you can say "I am clean, whitelist me". This will work until you lose the connection (maybe just cellfone sleep), because you normally get a random (different) IP on your next connection. (Or if you lie, and act bad, that IP gets double-demerits.)

I did not know the forum admin could whitelist a specific member. You must still hoop-jump to get TO the forum log-in, and every time you lose/renew the IP. But that may avoid finding the self-whitelist page.

[PRR]

Just one of the three filthy IPs that T-Mobile gave you within 8 hours:

http://www.projecthoneypot.org/ip_208.54.86.56

208.54.86.56
The Project Honey Pot system has detected behavior from the IP address consistent with that of a mail server and dictionary attacker.

Spider First Seen approximately 4 months, 2 weeks ago  
Spider Last Seen within 2 weeks  
First Received From approximately 7 months, 4 weeks ago  
Last Received From within 2 weeks  
Number Received 25 email(s) sent from this IP  
Dictionary Attacks 12 email(s) sent from this IP  
---------------
Example Messages Sent From 208.54.86.56  
From: <ejemeyoza8166@tmodns.net>
Subject: All the love you need
From: <fedoqoyz9930@tmodns.net>
Subject: Bang her till she passes out
From: <arouk6737@tmodns.net>
Subject: Change your life -- enlarge your organ
From: <isaic3252@tmodns.net>
Subject: Improve your physical wellbeing
From: <sudeevoxag1567@tmodns.net>
Subject: Male supplements direct from America
From: <cogyqooa9894@tmodns.net>
Subject: Original sex videos of Britney released
From: <leazo2045@tmodns.net>
Subject: She's lovin it
From: <aroncanzio@email.halla-aho.net>
Subject: Accessories that dazzle, full bling on all watches

(I am leaving those email addresses exposed: I hope spam-bot spiders harvest them and return the favor.)

There's little to nothing T-Mobile can do about their users.

They can't give you your "own" IP because the world ran out last week, everybody without a business reason to be fix-IP has to share and share alike.

Doug feels the drastic reduction in forum abuse (and admin over-work) justifies the annoyance to honest visitors who happen to use highly-shared IPs.

[EL34]

I can't whitelist a specific member

What I did in PRR's case was white list the whole moderator group, of which there are only a few members.
I can't whitelist the whole regular members group, that's unsafe.

Not much I can do about it when you are trying to connect through a dirty IP
The guys on the httpBL mod board were saying that wireless IP's are amonst the dirtiest IP's out there.

The httpBL mod has been awesome since I installed it
It has stopped ovber 10,000 spam bots and harvesters from viewing the forum.

you are showing up in the human log that was offered the chance to prove they are human
You get a screen where you answer a couple simple questions and then you get access to the forum.

If you don't answer, you don't get in

 

[RicharD]

I did answer both the questions and I'm fairly certain I answered them correctly.  All this schoolin' I get here at the Amp forum has helped my math skills.  After the 2nd question, it boots me to the parts catalog.  Seriously I don't need to be surfing Hoffman from my phone and it's much more important to keep d1rty b0tz outta here.  It is nice to know that T-Mobile has so much internet scum.  That comes as no surprise.

[DummyLoad]

if t-mobile blocked port 25 inbound and outbound from mobile IPs this would cease to be a problem.

[mrr3000gt]

Yes, I have T Mobile phone as my *ONLY* internet (wireless hub on my 'MyTouch' to a PC) and I have about had it with being told I need to go to the Honeypot because I am a spambot. I am sure this PC is safe: its my work laptop and my company is over-the-top with security.
I have had to answer my quiz atleast two times or more to get in and even then I can get booted out. 

Dynamic reallocation of IP addresses - even 'reused' ones - with a providers DHCP on these type of internet connections is something here to stay that is not going away. Issueance of an IP address (a 'lease' that has an expiration date) is a more robust form of computer security than a fixed IP address. I would think that even spammers know this and rotate IP addresses as well...

That means measuring the efficacy of blocking may be only identifying sites that WERE used but might now being used by non-bots - perhaps not a true indication of security as much as a measure of a growing list of IP addresses that will eventually be ALL OF THEM on the Internet. ..

The anti-spam bot needs to be more robust, as the nature of a decentalized network seems to not favor fixed IP addresses as a means to determine friend or foe. Myself, as a computer scientist/software engineer, think that a better way would be to use an intellegent agent whose friend-or-foe determination must be by the nature of the inbound use trend. This is more than just parsing out HTML packets for key words (like a spam filter). I have written real production AI stuff professionally, so I know this is possible.

Just my $0.02 because I feel like a salmon swimming upstream and being in a 1-in-1000 number to finally get in one of my favorite sites... 

[EL34]

The httpBL mod works great.
Update 06/162011 - 34047 bots and spammers blocked as of this morning.

There used to be about 5 spammers and auto bots trying to register for the forum every day.
That has stopped completely because of the httpBL mod and project honeypot.

In the humans log that were presented with the capcha challenge, mrr3000gt is the only human listed, so it is not blocking tons of forum members.

The only thing I can suggest is to go to the project honey pot web site/forum and see if anyone there has any advice.
http://www.projecthoneypot.org/board/

Besides the usual advice, which is to log in through a clean IP address.

[mrr3000gt]

Doug,

When you say a clean IP address: IP addresses are used and re-issued. Eventually, many IP addresses will be identified as 'bad' (if not all). When a service provider has a huge pool of IP addresses that are issued and reissued to people when they logon to the internet, the providers have no idea who is using them or for what.
The enforsement of bad IPs is at the wrong end of the equation: the service providers need to determine how they are being used (such as for spam or illegal purposes). I work for a fortune 100 company and they thwart such attacks too (though I am not sure, but I am sure source IP is not how they are stopped).

I can say that 13210 attacks stopped is impressive and is a big number. I had no idea that there was that much preassure on public forums - I can say that I have seen a couple instances where spammers have gotten into forums, but this is the exception and not the norm based on what I have seen.

If you can stop them with the HTML bot, thats great. I know on the Laney Amplifier forum some moron got on and started posting tons of replies to posts about deals on custom printed T shirts that had little to do with amplifiers. It was like finding a pile of dog crap on the living room rug when I logged on and everyone was P.O.'d. The only recourse was to drop the persons memborship and clean off the posts.

I was able to get to the forum without being interrogated, so I must have an IP addressed issued that has not yet been issued to a spammer: 

[EL34]

Any comments about the IP's, etc have to be made to the honey pot forum
I have nothing to do with how their system works and what IP's are on the list.

That T-shirt guy would have never got into this forum.

Unless of course, that was the very first time he had ever done anything like that.
As soon as there is an event, the data goes to the Honeypot database.
The httpBL forum mod checks that database, so these idiots are cut short very quickly.


New members here are automatically checked in two different spammer databases
3 different items are checked, IP, email address and user names.
I get colored flags indicating how each of those 3 items scored.
The spammers used to line up every day to get into the forum.

They don't even get to see the registration page anymore with the httpBL mod.

[RicharD]

>I had no idea that there was that much pressure on public forums

It's bad.... real bad.  I recently joined one of mt gal pal's private forum.  I am the 10th member, but my database number is 7246.  I offered to help her fit thangs up so she made me an admin.  I maxed out the Captha and added the same "math question" mod.  This stopped the 20+ per day registration requests.  There are over 6000 errors in the log.  This has also stopped since I stepped in.  All of the offending addresses I have reviewed resolve back to China.  Big surprise there.  I joined project honeypot.  I intended to add the httpBL mod but when I FTP into her site, I see nothing.... no directories, no files, nuthin.  It just dawned upon me as I type this that her host may require the use of a SFTP client.  Sheesh.... I'm rusty.

[EL34]

Yes, you are always on the HttpBL humans list as well as several others .
It always seems to be the same people.

The forum will not let me approve just one person, I have to approve a whole user group.