Forum Spam
- Thread starter Mike
- Start date
Mike
Well-Known Member
Ha! It's almost as easy as adding any country ending in 'stan', 'venia', 'vania' or 'vakia'. If it had a string of at least 4 consanants, unbroken by vowels, it needed to go on the list.
I managed to slow it down for a while. From 12:30 PM throutgh 8:30 PM, we only saw 65 of the bastirts. In the next 9 hours, we picked up another 94. I just started sampling some of the IP addresses and there are located within the U.S. Looks like the English version of the bot script is now available.
On the one hand, I suppose I should be thankful we locked out as many as we have, but it winds me up we're having the problem at all.
It's going to be an unpopular move, but I've disallowed Gmail addresses on new registrations. We're not displaying e-mail addresses to anyone and we're certainly not selling e-mail addresses to spammers (you can see how I feel about spammers), so using Internet servicer provider e-mail addresses is completely safe. Haters gonna hate, but I've broad shoulders.
I managed to slow it down for a while. From 12:30 PM throutgh 8:30 PM, we only saw 65 of the bastirts. In the next 9 hours, we picked up another 94. I just started sampling some of the IP addresses and there are located within the U.S. Looks like the English version of the bot script is now available.
On the one hand, I suppose I should be thankful we locked out as many as we have, but it winds me up we're having the problem at all.
It's going to be an unpopular move, but I've disallowed Gmail addresses on new registrations. We're not displaying e-mail addresses to anyone and we're certainly not selling e-mail addresses to spammers (you can see how I feel about spammers), so using Internet servicer provider e-mail addresses is completely safe. Haters gonna hate, but I've broad shoulders.
madmike8
Member
In most cases for the user, Using a gmail address is a convenience they should have a ISP provided one... but for you to disallow them is a necessity, or this crap will never stop. A lot of people will get that, but some sadly will never look past themselves...
All I can say is, Thanks for the work... I know that everyone will benefit from it.
All I can say is, Thanks for the work... I know that everyone will benefit from it.
Mike
Well-Known Member
Oh, trust me, I take at least one or two cussings every week, because I was already blocking Yahoo and Hotmail. I always wonder if those same people cuss the owners of brick and mortar stores with the 'No shirt, no shoes, no service' signs on the front doors? I do what I do for some very specific reasons and if someone doesn't like the way I do things, they can get on down the road.
I've been watching the denied registration logs pretty carefully. It's funny to see the trends, because it shows the people who know the ins-and-outs of using XRumer and those who do not.
Look at the bottom of the log page. A user trying to register with the username 'ergobgmi' tried to register at 7:04 AM. And the registration was rejected because that e-mail adress and IP address had already been logged into one of the anti-spam databases I'm checking against. But this bampot doesn't know how to set up his script, because he has the script try again, one minute later, but using a different IP address. By the time the second registration was attempted, at least one of the anti-spam databases had already been updated to include the username. So that means this idiot just got started, because we were the first to report that particular username.
Oh. Yeah, Had I forgotten to mention when one of these miscreants tries to register and our system marks them as a spammer, we then send all of the miscreant's details to the spam databases, to help the next forum admin?
I bluidy HATE spammers.Look at the next 6 attempts, just above. All of then using the same e-mail address. That's a total of 8 attempts, by one bot, over a period of 11 miutes. But look at 7:14. This two ties, the script tried registering with the username 'clclpsz', just using two different IP addresses. The bot rapid-fired the username, so the anti-spam database hadn't had time to reflect the username, but it was still getting blockied by both the e-mail address and the IP address. Then at 7:15, the bot tries a new username, but didn't roll to a new e-mail or IP address, so it got trapped again. Then again at 7:15, it tried again, with an new username and another IP address.
At 7:26, a bot tried the username WeiniaVon, but got caught on all three counts. But it tried again with all the same details.
But you can see it was a bot, because there is no way a human can fill out the registration form 5 times in a single minute.Look how the company selling the script explains their shite on their FAQ page -
See, this B.S. isn't being caused by a 'spam-bot'. Because that is somehow different.
And as EX JUNK can attest, the tripe is read 'at least by one moderator'. But I'm betting he wasn't buying what they were selling.
Wouldn't it be nice if Capital (misspelled intentionally) Hill would look at this kind of mayhem and write legislation to prevent it, instead of trying to pander to Hollywood's whims? Anyone want to bet Lamar Smith is going to do something about this mess?
Mike
Well-Known Member
Well, it's hard to call it a victory, but I think we are turning the tide of the battle. We held it down to 254 denied registration attempts in the last 24 hours. We were seeing that many in just 12 hours, a couple days back.
The important part is none of the eejits are getting through and managing to post their junk to the forums.
The important part is none of the eejits are getting through and managing to post their junk to the forums.
Mike
Well-Known Member
Wonderful. Just bluidy wonderful.
StopForumSpam to block Xen Utiles.
A pal in England has contacted SFS to try to get a better idea of what this is all about. Trust me, this is news I did not need to hear.
StopForumSpam to block Xen Utiles.
A pal in England has contacted SFS to try to get a better idea of what this is all about. Trust me, this is news I did not need to hear.
Mike
Well-Known Member
Well, so much for hope.
As much as I hated doing it, I've closed the forum registration down. In the last 24 hours, we've been slammed with feckwits trying to register to post spam. I bust my hump trying to optimize everything to make the site run as fast as possible and to keep load off the server. And over the last 24 hours, load has been averaging 6X what we would be seeing without the bampots hammering on the registration page.
I managed to get enough tools to keep them out of here (finally!), but they're still wasting resources trying to register. <shrug> So for now, we just won't accept any new registrations. Mighty hard to grow a forum without any new blood coming in, but it is what it is.
Here's an example of what I'm running up against -
If you look at the highlighted block and look at the bottom entry, you see an eejit tried to register, but was blocked because his e-mail and IP address were already appearing in at least one of the spam databases I check against. So the script hit the registration page again, with no changes, only to get the same result. So the script hit the registration page again, only this time around, it tried a new username. Same result. So it hit the registration page again, with yet another new username, only to get the same result. So it hit the registration page yet a fifth time, with a fourth username, only to be blocked yet again. And you will notice that all took place in the span of a single minute. And what is enough to make a grown man cry is that IP address resolves to the Russian Federation, a country I am actively trying to block. But the IP address is one that is not in the rules I am using to block Russia, so he slipped right through.
See the five attempts, just below those? Same score, the script was getting blocked because of the IP address and the e-mail address. That one came from Israel. Five stabs, all in less than one minute.
The five attempts below that one? Four usernames, one e-mail address and five different IP addresses, so at least that bampot was smart enough to program the script to use proxy addresses. Of course, we managed to keep him out, but there were five more attempts in less than four minutes. And see the list at the bottom? That's just page 1 of 51 pages in the log. At 20 entries per page and that log being for less than 48 hours, you do the math.
I'll try to re-open registration in a few days and see how it goes, but until then, we're not taking any new members.
As much as I hated doing it, I've closed the forum registration down. In the last 24 hours, we've been slammed with feckwits trying to register to post spam. I bust my hump trying to optimize everything to make the site run as fast as possible and to keep load off the server. And over the last 24 hours, load has been averaging 6X what we would be seeing without the bampots hammering on the registration page.
I managed to get enough tools to keep them out of here (finally!), but they're still wasting resources trying to register. <shrug> So for now, we just won't accept any new registrations. Mighty hard to grow a forum without any new blood coming in, but it is what it is.
Here's an example of what I'm running up against -
If you look at the highlighted block and look at the bottom entry, you see an eejit tried to register, but was blocked because his e-mail and IP address were already appearing in at least one of the spam databases I check against. So the script hit the registration page again, with no changes, only to get the same result. So the script hit the registration page again, only this time around, it tried a new username. Same result. So it hit the registration page again, with yet another new username, only to get the same result. So it hit the registration page yet a fifth time, with a fourth username, only to be blocked yet again. And you will notice that all took place in the span of a single minute. And what is enough to make a grown man cry is that IP address resolves to the Russian Federation, a country I am actively trying to block. But the IP address is one that is not in the rules I am using to block Russia, so he slipped right through.
See the five attempts, just below those? Same score, the script was getting blocked because of the IP address and the e-mail address. That one came from Israel. Five stabs, all in less than one minute.
The five attempts below that one? Four usernames, one e-mail address and five different IP addresses, so at least that bampot was smart enough to program the script to use proxy addresses. Of course, we managed to keep him out, but there were five more attempts in less than four minutes. And see the list at the bottom? That's just page 1 of 51 pages in the log. At 20 entries per page and that log being for less than 48 hours, you do the math.
I'll try to re-open registration in a few days and see how it goes, but until then, we're not taking any new members.
Hey Mike, what's up mate? On 22 Aug at 7:46am, you blocked 'Webcam girls', Bravevor -@ -Gmail.com. I reckon they would have been a deadset asset to the forum mate. Some of them have great bodies to show you know.
Must be a true PITA and I don't envy you your job, keeping all the spammers out of our lounge room. Thanks for keeping our pleasure pure, mate.
Must be a true PITA and I don't envy you your job, keeping all the spammers out of our lounge room. Thanks for keeping our pleasure pure, mate.
Mike
Well-Known Member
A quick update on this ongoing and very frustrating problem. To be succinct, it is getting worse.
I'm getting a lot of complaints from the Contact Us form, people griping that I am blocking Gmail registrations. Sorry that it seems to be a huge obstacle for so many people, but I do not see that we will ever be lifting that restriction, particularly with the way things have been going in the last 6 weeks. We're currently blocking an average of 16 spam registrations an hour, and blocking Gmail is playing a large part in that.
Everyone is asking for a simple solution and it is actually quite simple. If you are new and wanting to register an account, please read our Privacy Policy before you do anything else. We have no intention of selling, or otherwise providing anyone's e-mail address for any reason. So your best bet is to simply register with the e-mail address you received from your Internet Service Provider. If that is simply too much of a risk for you, I certainly understand. But I respectfully request you not bother asking me to make concessions for you.
In the last couple weeks, I've heard from a couple people they are having issues trying to get registered and logged into the forums, because they have skipped the reCAPTCHA step. I disabled reCAPTCHA some time back, so please clear your browser's cache history and give it another try. As we increase our security efforts, there are going to be times when a cached cookie might create problems, so it's going to amount to everyone practicing better browsing techniques.
My only option to all of this is to simply remove all the restrictions we now have in place and start allowing a new spammer in the door, every 3 minutes, 45 seconds. Is that really an acceptable alternative for any of us?
I'm getting a lot of complaints from the Contact Us form, people griping that I am blocking Gmail registrations. Sorry that it seems to be a huge obstacle for so many people, but I do not see that we will ever be lifting that restriction, particularly with the way things have been going in the last 6 weeks. We're currently blocking an average of 16 spam registrations an hour, and blocking Gmail is playing a large part in that.
Everyone is asking for a simple solution and it is actually quite simple. If you are new and wanting to register an account, please read our Privacy Policy before you do anything else. We have no intention of selling, or otherwise providing anyone's e-mail address for any reason. So your best bet is to simply register with the e-mail address you received from your Internet Service Provider. If that is simply too much of a risk for you, I certainly understand. But I respectfully request you not bother asking me to make concessions for you.
In the last couple weeks, I've heard from a couple people they are having issues trying to get registered and logged into the forums, because they have skipped the reCAPTCHA step. I disabled reCAPTCHA some time back, so please clear your browser's cache history and give it another try. As we increase our security efforts, there are going to be times when a cached cookie might create problems, so it's going to amount to everyone practicing better browsing techniques.
My only option to all of this is to simply remove all the restrictions we now have in place and start allowing a new spammer in the door, every 3 minutes, 45 seconds. Is that really an acceptable alternative for any of us?
all-world1
Member
Great work Mike. Too bad you can't send 10,000 volts thru the line and fry the little turds...lol.
If you have to block further registration, so be it.....keeps it safe for the rest of us serious builders who are really getting a lot out of the site.
Craig
If you have to block further registration, so be it.....keeps it safe for the rest of us serious builders who are really getting a lot out of the site.
Craig
Mike
Well-Known Member
The script these miscreants are using has been updated, yet again. The last few releases managed to completely crack the reCAPTCHA method we used to stop robotic registration. So I inserted a few questions that appear on the registration page, in a random order. The new script now has answers to 70,000+ questions that have been found on various sites. Which means it is only a matter of time before we start seeing the spammers slipping back in here.
I've considered going to a manual verification method, where I get notification of every new registrant and I then have to decide whether or not to let them in. I'm not wanting to make that move, because I simply cannot be here, every minute of every day.
I've always tried to live by the illegitmi non carborundum creed, but it's getting more difficult with each passing day.
Which means it is only a matter of time before we start seeing the spammers slipping back in here.I've considered going to a manual verification method, where I get notification of every new registrant and I then have to decide whether or not to let them in. I'm not wanting to make that move, because I simply cannot be here, every minute of every day.
I've always tried to live by the illegitmi non carborundum creed, but it's getting more difficult with each passing day.
Telman2
Active Member
I don't know if this would work here but I run a small forum myself and it finally got to the point where I had to turned the new membership off. I posted a notice saying that anyone that wanted to join the forum has to send a request to an email account I created for it. They send the user name they want and I create the account. So far it's been working great.
Mike
Well-Known Member
I agree that is one way to knock down some of the problem, but I'm really trying to keep things as automated as possible. That way, it doesn't require my presence to get a new member fully registered. I can switch things over to require my manual verification of each new account, but that also means I am going to have to wade through 350+ spam registrations, each day, deleting each one as I get to it. A pretty time-consuming task that I just do not have time to do, just the now. If we were getting just 10 or 20 new registration attempts a day, that would be a different story. But we're averaging a spam registration over 3 minutes, 45 seconds. Of every hour. Of every day.
