Spam attack!

Discussion in 'Forum Problem Reports' started by AltoRuth, Jun 22, 2009.

  1. Al Stevens

    Al Stevens

    Joined:
    Dec 9, 2008
    Messages:
    495
    Likes Received:
    2
    The IP address identifies only the server, which many users share. You could be blocking lots of legitimate visitors.
     
  2. Helen

    Helen Content Expert Saxophones Staff Member Administrator

    Joined:
    Jan 4, 2008
    Messages:
    2,001
    Likes Received:
    177
    It tests these IP addresses against known spammers, and also has default thresholds that are also adjustable. Pete could probably explain it better, because I believe we use a similar service on this forum.
     
  3. pete

    pete Brassica Oleracea Staff Member Administrator

    Joined:
    Dec 26, 2007
    Messages:
    10,657
    Likes Received:
    388
    Oh, I just ban everyone. I'm really quite antisocial.

    I think you're talking about second-level domains, Al. IP addresses are not necessarily for just specific servers, but for specific machines. True, most services (dial-up, DSL, satellite, cable, etc.) use DCHP (i.e. your IP address will change, within a certain range, after awhile), but if someone's hitting you HARD with the spam, sometimes just banning the username isn't enough.

    On rare occasions, I've had to ban entire subnets, which could mean banning 256 or more users (depending on what segment I'm starting with) or an entire second-level domain, but that's rare.

    Ultimately, the idea behind IP banning is to make life more difficult for spammers and trolls. It's definitely not a cure-all, because if you banned my IP address, I could get another one in a couple minutes. Ban my username AND IP, it'll take me a few more minutes. Ban my entire subnet and username, still more, etc.

    FWIW, if you're a known spammer and your IP is 1.2.3.4 (using IPv4, of course), chances are that if I ban 1.2.3.4, I'm not going to ever ban a legitimate user. If I ban 1.2.3.x, there's a greater chance, but doubtful, as most spammers seem to use the same subnets (so I've just banned 256 potential baddies). 1.2.x.x is much more risky and 1.x.x.x may cut me off from teh werld!!!111one

    In any event, the service that Helen mentions isn't quite what we have here on the WF. Service #1 (Akismenet or something like that) checks the content of any post against a list of spam-target words and throws the post into "Moderated" where no one can see it, if the service is tripped. Service #2 is me and our Admins: we manually check the IP address, username and/or e-mail address of any new user against lists of known spammer details (Google will pop up hundreds of these services) and if they match, we ban the user and leave a message that says, "Known spambot username, IP address or e-mail address. Questions? Contact me at thesaxinfo@gmail.com." Additionally, I do implement most of the security tweaks mentioned on the vBulletin websites.
     
  4. Helen

    Helen Content Expert Saxophones Staff Member Administrator

    Joined:
    Jan 4, 2008
    Messages:
    2,001
    Likes Received:
    177
    In case anyone is interested, the 2 websites that all the incoming traffic on my site is checked against are: Stop Forum Spam & Project Honey Pot. When an incoming visitor is determined to be a spammer, it triggers a message that looks like this:

    Just this morning I got an email from Project Honey Pot that some of you might find interesting.

     
  5. Gandalfe

    Gandalfe Administrator Staff Member Administrator

    Joined:
    Dec 26, 2007
    Messages:
    5,539
    Likes Received:
    143
    Helen, what a fascinating read. I'm sure there will be more than a few surprises in this arena in the coming years.
     
  6. robertsax

    robertsax

    Joined:
    Jan 5, 2008
    Messages:
    71
    Likes Received:
    0
    Spam attack

    I just got an online pharmacy type spam message in my PM inbox from bevaageta. You are welcome to check my inbox for verification. I have added bevaageta to my ignore list.
     
  7. Steve

    Steve Clarinet CE/Moderator Staff Member CE/Moderator

    Joined:
    Jan 2, 2008
    Messages:
    3,560
    Likes Received:
    89
    he/she/it was banned :-D

    I got it too .. figured he/she/it sent it to probably everyone.
     
  8. Tammi

    Tammi Private woodwind instructor

    Joined:
    Jul 5, 2008
    Messages:
    242
    Likes Received:
    2
    Me too...
     
  9. Steve

    Steve Clarinet CE/Moderator Staff Member CE/Moderator

    Joined:
    Jan 2, 2008
    Messages:
    3,560
    Likes Received:
    89
    Sorry about Tammi ... the management is looking at methods to prevent this ...
     
  10. tictactux

    tictactux Distinguished Member Distinguished Member

    Joined:
    Mar 27, 2008
    Messages:
    1,462
    Likes Received:
    21
    <raises hand>
    It's fascinating that all this cumbersome spamming work still seems to pay off. :emoji_astonished:
     
  11. bcoulter

    bcoulter

    Joined:
    Dec 28, 2009
    Messages:
    5
    Likes Received:
    0
    ditto, deleted it.
     
  12. Steve

    Steve Clarinet CE/Moderator Staff Member CE/Moderator

    Joined:
    Jan 2, 2008
    Messages:
    3,560
    Likes Received:
    89
    i think the number put out there was about 50% of new members are actually thsse spambots. you'll see signature lines like "Clean White Teeth" or other worse things in the postings.

    Management is well aware and are working on solutions. They're just sleeping right now. lol :-D
     
  13. tictactux

    tictactux Distinguished Member Distinguished Member

    Joined:
    Mar 27, 2008
    Messages:
    1,462
    Likes Received:
    21
    Yeah, maybe things like captchas after every post are necessary. Which somehow contradicts barrier-free computing, unfortunately.
     
  14. Carl H.

    Carl H. Distinguished Member Distinguished Member

    Joined:
    Jan 19, 2008
    Messages:
    1,057
    Likes Received:
    16
    In my experience, about 30% of the time those things are in-decipherable. I'll take the random spam over those things anyday!
     
  15. pete

    pete Brassica Oleracea Staff Member Administrator

    Joined:
    Dec 26, 2007
    Messages:
    10,657
    Likes Received:
    388
    More like "drugged senseless". Not exactly sleeping, but it's hard to tell the difference.
     
  16. Al Stevens

    Al Stevens

    Joined:
    Dec 9, 2008
    Messages:
    495
    Likes Received:
    2
    I just deleted a spam message about pharmaceuticals from my PM inbox. That's the first time I'd seen that.
     
  17. pete

    pete Brassica Oleracea Staff Member Administrator

    Joined:
    Dec 26, 2007
    Messages:
    10,657
    Likes Received:
    388
  18. Ed

    Ed Founder Staff Member Administrator

    Joined:
    Dec 20, 2007
    Messages:
    2,748
    Likes Received:
    11
    I agree it is frustrating and we keep employing the best available methods from the forum software but the bots are getting more complex as time goes on.
     
  19. Carl H.

    Carl H. Distinguished Member Distinguished Member

    Joined:
    Jan 19, 2008
    Messages:
    1,057
    Likes Received:
    16
    Maybe if they had to supply the name and model of an instrument, to be approved by (??) to sign up and post? Hard for a computer to expect that one.
     
  20. pete

    pete Brassica Oleracea Staff Member Administrator

    Joined:
    Dec 26, 2007
    Messages:
    10,657
    Likes Received:
    388
    Take me, for instance. I've been posting online for 12 or so years, created a couple successful websites and even helped run a few forums. No one has yet realized that I'm a bot.
     

Share This Page

Our staff's websites:


Loading...