Dismiss Notice
I hate the colors. What do I do?

At the far bottom of the page, on the left, is a menu or link that says, "Forum Default." Click on that and choose a different Style.

Spam attack!

Discussion in 'Forum Problem Reports' started by AltoRuth, Jun 22, 2009.

  1. The IP address identifies only the server, which many users share. You could be blocking lots of legitimate visitors.
     
  2. Helen

    Helen Content Expert Saxophones Staff Member Administrator

    It tests these IP addresses against known spammers, and also has default thresholds that are also adjustable. Pete could probably explain it better, because I believe we use a similar service on this forum.
     
  3. pete

    pete Brassica Oleracea Staff Member Administrator

    Oh, I just ban everyone. I'm really quite antisocial.

    I think you're talking about second-level domains, Al. IP addresses are not necessarily for just specific servers, but for specific machines. True, most services (dial-up, DSL, satellite, cable, etc.) use DCHP (i.e. your IP address will change, within a certain range, after awhile), but if someone's hitting you HARD with the spam, sometimes just banning the username isn't enough.

    On rare occasions, I've had to ban entire subnets, which could mean banning 256 or more users (depending on what segment I'm starting with) or an entire second-level domain, but that's rare.

    Ultimately, the idea behind IP banning is to make life more difficult for spammers and trolls. It's definitely not a cure-all, because if you banned my IP address, I could get another one in a couple minutes. Ban my username AND IP, it'll take me a few more minutes. Ban my entire subnet and username, still more, etc.

    FWIW, if you're a known spammer and your IP is 1.2.3.4 (using IPv4, of course), chances are that if I ban 1.2.3.4, I'm not going to ever ban a legitimate user. If I ban 1.2.3.x, there's a greater chance, but doubtful, as most spammers seem to use the same subnets (so I've just banned 256 potential baddies). 1.2.x.x is much more risky and 1.x.x.x may cut me off from teh werld!!!111one

    In any event, the service that Helen mentions isn't quite what we have here on the WF. Service #1 (Akismenet or something like that) checks the content of any post against a list of spam-target words and throws the post into "Moderated" where no one can see it, if the service is tripped. Service #2 is me and our Admins: we manually check the IP address, username and/or e-mail address of any new user against lists of known spammer details (Google will pop up hundreds of these services) and if they match, we ban the user and leave a message that says, "Known spambot username, IP address or e-mail address. Questions? Contact me at thesaxinfo@gmail.com." Additionally, I do implement most of the security tweaks mentioned on the vBulletin websites.
     
  4. Helen

    Helen Content Expert Saxophones Staff Member Administrator

    In case anyone is interested, the 2 websites that all the incoming traffic on my site is checked against are: Stop Forum Spam & Project Honey Pot. When an incoming visitor is determined to be a spammer, it triggers a message that looks like this:

    Just this morning I got an email from Project Honey Pot that some of you might find interesting.

     
  5. Gandalfe

    Gandalfe Administrator Staff Member Administrator

    Helen, what a fascinating read. I'm sure there will be more than a few surprises in this arena in the coming years.
     
  6. Spam attack

    I just got an online pharmacy type spam message in my PM inbox from bevaageta. You are welcome to check my inbox for verification. I have added bevaageta to my ignore list.
     
  7. Steve

    Steve Clarinet CE/Moderator Staff Member CE/Moderator

    he/she/it was banned :-D

    I got it too .. figured he/she/it sent it to probably everyone.
     
  8. Tammi

    Tammi Private woodwind instructor

    Me too...
     
  9. Steve

    Steve Clarinet CE/Moderator Staff Member CE/Moderator

    Sorry about Tammi ... the management is looking at methods to prevent this ...
     
  10. tictactux

    tictactux Distinguished Member Distinguished Member

    <raises hand>
    It's fascinating that all this cumbersome spamming work still seems to pay off. :emoji_astonished:
     
  11. ditto, deleted it.
     
  12. Steve

    Steve Clarinet CE/Moderator Staff Member CE/Moderator

    i think the number put out there was about 50% of new members are actually thsse spambots. you'll see signature lines like "Clean White Teeth" or other worse things in the postings.

    Management is well aware and are working on solutions. They're just sleeping right now. lol :-D
     
  13. tictactux

    tictactux Distinguished Member Distinguished Member

    Yeah, maybe things like captchas after every post are necessary. Which somehow contradicts barrier-free computing, unfortunately.
     
  14. Carl H.

    Carl H. Distinguished Member Distinguished Member

    In my experience, about 30% of the time those things are in-decipherable. I'll take the random spam over those things anyday!
     
  15. pete

    pete Brassica Oleracea Staff Member Administrator

    More like "drugged senseless". Not exactly sleeping, but it's hard to tell the difference.
     
  16. I just deleted a spam message about pharmaceuticals from my PM inbox. That's the first time I'd seen that.
     
  17. pete

    pete Brassica Oleracea Staff Member Administrator

  18. Ed

    Ed Founder Staff Member Administrator

    I agree it is frustrating and we keep employing the best available methods from the forum software but the bots are getting more complex as time goes on.
     
  19. Carl H.

    Carl H. Distinguished Member Distinguished Member

    Maybe if they had to supply the name and model of an instrument, to be approved by (??) to sign up and post? Hard for a computer to expect that one.
     
  20. pete

    pete Brassica Oleracea Staff Member Administrator

    Take me, for instance. I've been posting online for 12 or so years, created a couple successful websites and even helped run a few forums. No one has yet realized that I'm a bot.
     
Our staff's websites: