I say, could it be that we have a major spam attack in progress? :roll:

I just took care of it Ruth. I don't think there's any left. Do you see any?

Oops, just realized that you left this message a few minutes ago. I was dealing with it at the time...You're logged off already. Never mind.

I just took care of it Ruth. I don't think there's any left. Do you see any?
I don't envy you for that kind of janitoring job. I had to close the guest book on my site because of the ever same bore enlargement and reed stiffener ads. (I wonder who's actually buying that crap)

I guess clicking on the traffic sign triangle would be the official way, right?

Oh yeah - thank you all for the work behind the scenes.

The software we use for the forum makes jobs like this easier than they used to be. If anyone sees something fishy then let us know by reporting the post. We'll get on it as soon as possible.

Dang. I miss all the good stuff. Please forward all reed stiffener and bore enlargement ads to me.

Looks like another spam attack. What is the best way to report these? I looked for a "report" button under the IP's name, but didn't see anything.
Ruth

I'm not seeing anything called IPhone at all Ruth. Unless one of the other mods/admin types dealt with it, and forgot to note it here.

If you see something that you want/need to report, all you need to do is click the white & red triangular sign with the exclamation mark in it. It is located directly to the right of the post number, on the top, right side of the posting.

Thank you, Helen! I never knew what that triangle was for.

It does indeed appear that the apparent spam has been dealt with. Last evening when I posted the above note, there were three identical posts in three of the sub forums which looked like some kind of promotion.

Regards.
Ruth

I saw them also after you mentioned it. I figured they would be deleted as soon as one of the list moderators was notified. I too did not know what the triangle was for.

Richard

I usually hover and linger over pictures or picture links, and sometimes a sensible web site programmer provided a popping-up explanation such as "report post" or "do not click this link".

re: Spam.

Although it's a delicious spiced luncheon meat, we really don't want it on our forums. I've turned on a couple more features in this newest version of vBulletin that make it a little more difficult to register a new account, but it should cut down on a large percentage of spam.

The latest update:

You may have seen that a bunch of users have recently signed up and then their accounts just go *poof* in the Member List (http://www.woodwindforum.com/forums/memberlist.php). What I've been doing, when I have time, is check all new users against lists of known spam usernames/e-mail addresses/IP addresses -- even before you see a single post from that username.

The ones on those lists get my, "You've got a problem with your account. E-mail me" message when someone logs in using those accounts.

pete: keeping your forums spam free since 1999 :D.

pete: keeping your forums spam free since 1999 :D.

How about a "Which do you prefer, spam or broccoli?" poll?:twisted:

Keep up the good work Pete.

"I don't like spam!"

About a week ago I installed a plugin into my weblog in an effort to deal with the overwhelming amount of spam that I am getting buried in. This plugin (little piece of software really) checks all incoming traffic on my blog against 2 of these websites that track IP addresses known for spamming. When a known spambot/spammer lands on my site, the connection is automatically terminated. This means that legitimate people should (in theory) be the only ones using the pages, thus getting faster page loads.

During the first week what I've seen is that during a 24 hour period, this plugin is blocking approximately 750 to 800 spambots on my site. That's just crazy!

That's why many of my friends use a blogging service. The service works on the Spam, upgrades, and security and these bloggers can concentrate on content.

I'm slowly implementing some changes to improve security.

As of now, people cannot register using an e-mail address from mail.ru -- I also believe any current users that have a mail.ru e-mail are now banned (if you did get banned and you're a legitimate user, please e-mail me at thesaxinfo@gmail.com).

Sorry, but I had gone through about a 1/2 dozen more ban candidates today (spambots) that all had mail.ru e-mail addresses.

I'm going to do my absolute best not to ban Hotmail or Gmail, because they're good services that I've used since before MS owned Hotmail and since Gmail was created, respectively, and I know a lot of folks use these services.

"spam, spam, spam, spam"

interesting ... that reminds me of a song ?!?!

that reminds me of a song

As I said,

"I don't like spam!"

:P

reminds me of Pete

http://www.youtube.com/watch?v=anwy2MPT5RE

About a week ago I installed a plugin into my weblog in an effort to deal with the overwhelming amount of spam that I am getting buried in. This plugin (little piece of software really) checks all incoming traffic on my blog against 2 of these websites that track IP addresses known for spamming. When a known spambot/spammer lands on my site, the connection is automatically terminated. This means that legitimate people should (in theory) be the only ones using the pages, thus getting faster page loads.

During the first week what I've seen is that during a 24 hour period, this plugin is blocking approximately 750 to 800 spambots on my site. That's just crazy!

The IP address identifies only the server, which many users share. You could be blocking lots of legitimate visitors.

The IP address identifies only the server, which many users share. You could be blocking lots of legitimate visitors.

It tests these IP addresses against known spammers, and also has default thresholds that are also adjustable. Pete could probably explain it better, because I believe we use a similar service on this forum.

Oh, I just ban everyone. I'm really quite antisocial.

I think you're talking about second-level domains, Al. IP addresses are not necessarily for just specific servers, but for specific machines. True, most services (dial-up, DSL, satellite, cable, etc.) use DCHP (i.e. your IP address will change, within a certain range, after awhile), but if someone's hitting you HARD with the spam, sometimes just banning the username isn't enough.

On rare occasions, I've had to ban entire subnets, which could mean banning 256 or more users (depending on what segment I'm starting with) or an entire second-level domain, but that's rare.

Ultimately, the idea behind IP banning is to make life more difficult for spammers and trolls. It's definitely not a cure-all, because if you banned my IP address, I could get another one in a couple minutes. Ban my username AND IP, it'll take me a few more minutes. Ban my entire subnet and username, still more, etc.

FWIW, if you're a known spammer and your IP is 1.2.3.4 (using IPv4, of course), chances are that if I ban 1.2.3.4, I'm not going to ever ban a legitimate user. If I ban 1.2.3.x, there's a greater chance, but doubtful, as most spammers seem to use the same subnets (so I've just banned 256 potential baddies). 1.2.x.x is much more risky and 1.x.x.x may cut me off from teh werld!!!111one

In any event, the service that Helen mentions isn't quite what we have here on the WF. Service #1 (Akismenet or something like that) checks the content of any post against a list of spam-target words and throws the post into "Moderated" where no one can see it, if the service is tripped. Service #2 is me and our Admins: we manually check the IP address, username and/or e-mail address of any new user against lists of known spammer details (Google will pop up hundreds of these services) and if they match, we ban the user and leave a message that says, "Known spambot username, IP address or e-mail address. Questions? Contact me at thesaxinfo@gmail.com." Additionally, I do implement most of the security tweaks mentioned on the vBulletin websites.

In case anyone is interested, the 2 websites that all the incoming traffic on my site is checked against are: Stop Forum Spam & Project Honey Pot. When an incoming visitor is determined to be a spammer, it triggers a message that looks like this:


Spam IP: 212.235.107.70
Accessing: /blog/?cat=173

Checked at Stop Forum Spam
Information
Last Seen: 2009-12-09 09:31:55
Frequency: 54
Call took: 0.221323
Threshold (3) reached. Connection terminated

Checked at Project Honey Pot
Information
Days since last activity: 91
Type: Suspicious & Comment Spammer
Score: 20
Call took: 0.018961

Just this morning I got an email from Project Honey Pot that some of you might find interesting.


Dear Helen:

On Wednesday, December 9, 2009 at 06:20 (GMT), Project Honey Pot achieved a
milestone: receiving its 1 billionth spam message. The billionth message was an United States Internal Revenue Service phishing scam sent to an email address that had been harvested more than two years ago. More than just a single spam email, the billionth message represents the collective work of you and tens of thousands of other web and email administrators like you in more than 170 countries around the world. Together we have built Project Honey Pot into the largest community tracking online fraud and abuse.

To celebrate this milestone, we sifted through five years of data to learn more about spam and the spammers who send it. As a small token of thanks for your help, we wanted to share some of our more interesting preliminary findings. Click the following link for the Full Report:

http://www.projecthoneypot.org/1_billionth_spam_message_stats.php (http://www.projecthoneypot.org/1_billionth_spam_message_stats.php)

Highlights include:

- Monday is the busiest day of the week for email spam, Saturday is the
quietest
- 12:00 (GMT) is the busiest hour of the day for spam, 23:00 (GMT) is the
quietest
- Malicious bots have increased at a compound annual growth rate (CAGR) of
378% since Project Honey Pot started
- Over the last five years, you'd have been 9 times more likely to get a
phishing message for Chase Bank than Bank of America, however Facebook is
rapidly becoming the most phished organization online
- Finland has some of the best computer security in the world, China some
of the worst
- It takes the average spammer 2 and a half weeks from when they first
harvest your email address to when they send you your first spam message,
but that's twice as fast as they were five years ago
- Every time your email address is harvested from a website, you can expect
to receive more than 850 spam messages
- Spammers take holidays too: spam volumes drop nearly 21% on Christmas Day
and 32% on New Year's Day
- And much more.....

We have published it under the Creative Commons Attribution license, so don't hesitate to share anything you find interesting. In the end, we couldn't have gathered this data without you.

Thank you for all your help over the last five years. Here's to wishing you happy holidays and a relatively spam-free New Year.

Sincerely,
The Project Honey Pot Team

Helen, what a fascinating read. I'm sure there will be more than a few surprises in this arena in the coming years.

I just got an online pharmacy type spam message in my PM inbox from bevaageta. You are welcome to check my inbox for verification. I have added bevaageta to my ignore list.

I just got an online pharmacy type spam message in my PM inbox from bevaageta. You are welcome to check my inbox for verification. I have added bevaageta to my ignore list.

he/she/it was banned :-D

I got it too .. figured he/she/it sent it to probably everyone.

Me too...

Me too...

Sorry about Tammi ... the management is looking at methods to prevent this ...

I got it too ..
<raises hand>
It's fascinating that all this cumbersome spamming work still seems to pay off. :shock:

ditto, deleted it.

<raises hand>
It's fascinating that all this cumbersome spamming work still seems to pay off. :shock:

i think the number put out there was about 50% of new members are actually thsse spambots. you'll see signature lines like "Clean White Teeth" or other worse things in the postings.

Management is well aware and are working on solutions. They're just sleeping right now. lol :-D

i think the number put out there was about 50% of new members are actually thsse spambots. you'll see signature lines like "Clean White Teeth" or other worse things in the postings.

Management is well aware and are working on solutions. They're just sleeping right now. lol :-D

Yeah, maybe things like captchas (http://en.wikipedia.org/wiki/ReCAPTCHA) after every post are necessary. Which somehow contradicts barrier-free computing, unfortunately.

Yeah, maybe things like captchas (http://en.wikipedia.org/wiki/ReCAPTCHA) after every post are necessary. Which somehow contradicts barrier-free computing, unfortunately.
In my experience, about 30% of the time those things are in-decipherable. I'll take the random spam over those things anyday!

i think the number put out there was about 50% of new members are actually thsse spambots. you'll see signature lines like "Clean White Teeth" or other worse things in the postings.

Management is well aware and are working on solutions. They're just sleeping right now. lol :-D
More like "drugged senseless". Not exactly sleeping, but it's hard to tell the difference.

I just deleted a spam message about pharmaceuticals from my PM inbox. That's the first time I'd seen that.

I just deleted a spam message about pharmaceuticals from my PM inbox. That's the first time I'd seen that.
See http://www.woodwindforum.com/forums/showpost.php?p=24138&postcount=27.

I'll talk with Jim and Ed, later.

I agree it is frustrating and we keep employing the best available methods from the forum software but the bots are getting more complex as time goes on.

I agree it is frustrating and we keep employing the best available methods from the forum software but the bots are getting more complex as time goes on.
Maybe if they had to supply the name and model of an instrument, to be approved by (??) to sign up and post? Hard for a computer to expect that one.

Take me, for instance. I've been posting online for 12 or so years, created a couple successful websites and even helped run a few forums. No one has yet realized that I'm a bot.

Take me, for instance. I've been posting online for 12 or so years, created a couple successful websites and even helped run a few forums. No one has yet realized that I'm a bot.http://www.crunchgear.com/wp-content/uploads/2008/02/fembot02.jpg
Which one is you?

I think the 'fuzzy' bits are a bit high for a man bot.
Altough the one in the center looks interesting....

I guess my image from a PG13 movie was over the line. Google Austin Powers: International Man of Mystery if you want to find out what I posted.Sorry.:oops: