[01/12/06] Spam Words

All new MODs released in our MOD Database will be announced in here. All support for released MODs needs to take place in here. No new MODs will be accepted into the MOD Database for phpBB2
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

On February 1, 2009 this forum will be set to read only as part of retiring of phpBB2.

Rating:

Excellent!
52
76%
Very Good
9
13%
Good
4
6%
Fair
0
No votes
Poor
3
4%
 
Total votes: 68

Six Sigma Teacher
Registered User
Posts: 22
Joined: Thu May 26, 2005 6:48 pm
Contact:

Random URLs

Post by Six Sigma Teacher » Wed Feb 07, 2007 5:11 pm

The MOD is still working great - I now have four pages of spam caught every 24 hours, and have only had one false positive.

I was wondering if someone could tell me the reasoning behind what appear to be random URLs in spam, e.g.

Code: Select all

"http://fpvrfhuz.com/wxja/lwbs.html"
Since the URL and domain will be completely different in the next post - some randomly generated series of letters - there is no commonality on which to filter.

But what I don't get is the motivation for doing this. If the motivation is understood, perhaps there is a countermeasure for it. Why post links to random never-repeated URLs? They don't even link to a page that forwards you somewhere else - just a "Server Not Found" error. I am baffled.

Six Sigma Teacher
Registered User
Posts: 22
Joined: Thu May 26, 2005 6:48 pm
Contact:

Post by Six Sigma Teacher » Wed Feb 07, 2007 5:35 pm

Oh, and kind of a funny observation...

I have one topic that is old enough I doubt any real people view it, but enough did when it was posted so that it had, say, 50 views.

Time passes, and the spambots come by...increasing the number of views, and thus increasing the attractiveness to spambots in a never-ending feedback cycle since the bots can't tell real people views from spambot views.

And now, spambots post to that topic very frequently - so frequently that it is the one that gets the "new" spam that slips through the filter.

So it is almost like a "honey pot" for spam. No one goes there but with all the spam postings the views are currently 1,365, so the spambots love it. It is a way to catch new filter words before the probability of them showing up in an active thread is high.

This might be a technique to "quarantine" spam in an out-of-the-way topic. I have thought about making a "Post Spam Here" topic and luring the spambots to it, in order to continue to refine my spam words list for the topics that people would read - anything that gets through gets through there first. Right now that old topic is serving that function.

Gephri
Registered User
Posts: 158
Joined: Wed Feb 23, 2005 4:17 pm

words not showing

Post by Gephri » Wed Feb 07, 2007 7:02 pm

Great mod!
However, the following code on page spamwords_config_body.tpl is not pulling in any data (yes - I do have spam words in the database).

Code: Select all

<!-- BEGIN words -->
		{words.WORDS}
<!-- END words -->
Any idea how to correct this?

Also, it would sure make cleaning up duplicates easier if there were a check box next to each word in the database - then check all dups to delete.

Joe Belmaati
Registered User
Posts: 2110
Joined: Sun Sep 28, 2003 7:35 pm
Location: Denmark

Post by Joe Belmaati » Wed Feb 07, 2007 8:25 pm

Ha! Not too slick that. Change that whole thing to:

Code: Select all

 {WORDS}
Image

Six Sigma Teacher
Registered User
Posts: 22
Joined: Thu May 26, 2005 6:48 pm
Contact:

Post by Six Sigma Teacher » Wed Feb 07, 2007 9:54 pm

Joe Belmaati wrote: Ha! Not too slick that. Change that whole thing to:

Code: Select all

 {WORDS}


Heh, this is one bug that really is a feature - I have so many words in my spam list that I would have to scroll down very far before I could edit the settings!

I'll leave it just like it is if that is the only effect. :)

Eckleburg
Registered User
Posts: 6
Joined: Thu Nov 02, 2006 6:02 am
Contact:

Spammers posting all-link posts

Post by Eckleburg » Thu Feb 08, 2007 6:33 pm

Hello. Love the Mod, it has been working great. Currently, some spammers seem to have found a workaround to the mod however. If Spammers post a post with all links, it allows words included as the text of the link to slip through the filter. For example if i have blocked "spamword" through the wordlist, the mod won't block <a href'"http://somespamsite.com">spamword</a>

Is there a way to block this?

Thanks!

Gephri
Registered User
Posts: 158
Joined: Wed Feb 23, 2005 4:17 pm

Post by Gephri » Thu Feb 08, 2007 6:56 pm

...perfect!

Joe Belmaati
Registered User
Posts: 2110
Joined: Sun Sep 28, 2003 7:35 pm
Location: Denmark

Re: Spammers posting all-link posts

Post by Joe Belmaati » Fri Feb 09, 2007 5:24 pm

Eckleburg wrote: Hello. Love the Mod, it has been working great. Currently, some spammers seem to have found a workaround to the mod however. If Spammers post a post with all links, it allows words included as the text of the link to slip through the filter. For example if i have blocked "spamword" through the wordlist, the mod won't block <a href'"http://somespamsite.com">spamword</a>

Is there a way to block this?

Thanks!
Does your site allow posting of html..?
Image

toyochan
Registered User
Posts: 2
Joined: Mon Feb 12, 2007 11:52 pm

Post by toyochan » Mon Feb 12, 2007 11:58 pm

Hello,
I installed this mod today, but "mass add spam words" doesn't work well.
For example, if I type
"*o-*beep*.com*,*ofigeno.net*",
"beep","com","net","o-","ofigeno" are added to the list. :(

Do you have any idea to fix it?

Joe Belmaati
Registered User
Posts: 2110
Joined: Sun Sep 28, 2003 7:35 pm
Location: Denmark

Post by Joe Belmaati » Tue Feb 13, 2007 6:50 am

toyochan wrote: Hello,
I installed this mod today, but "mass add spam words" doesn't work well.
For example, if I type
"*o-*beep*.com*,*ofigeno.net*",
"beep","com","net","o-","ofigeno" are added to the list. :(

Do you have any idea to fix it?
Yes, I have already posted a fix for that.
Image

toyochan
Registered User
Posts: 2
Joined: Mon Feb 12, 2007 11:52 pm

Post by toyochan » Tue Feb 13, 2007 5:01 pm

Oh, I found it.
Thank you very much. Now "mass add spam words" works well!!

mhmdkhamis
Registered User
Posts: 125
Joined: Thu Sep 21, 2006 6:03 pm
Contact:

Post by mhmdkhamis » Wed Feb 14, 2007 1:32 am

very useful mod

thank u :D

hsteckylf
Registered User
Posts: 1
Joined: Mon Feb 19, 2007 8:11 pm
Contact:

Post by hsteckylf » Mon Feb 19, 2007 8:13 pm

I was doing the manual install and everything was going fine until I got to the section where I need to edit 'admin/admin_forums.php'. I was not able to find ANY of the 'find' lines in that file. Not a single one of the eight lines we are supposed to search for was I able to find. Anyone have any ideas?

crispyduck
Registered User
Posts: 3
Joined: Sun Jan 21, 2007 2:47 pm
Location: scoobypedia.co.uk
Contact:

Automatic blocklists

Post by crispyduck » Wed Feb 21, 2007 1:40 pm

What a great mod, well done.

Not sure if anyone else has already suggested similar but .... I have a suggestion that comes from my experience of blocking spam on Wiki's. The main wiki I use is called PmWiki and it has a built-in 'blocklist'. The reason for mentioning it is because several groups have formed and maintain "shared blocklists". These blocklists are downloaded by PmWiki and used in addition to the user configurable blocklist.

I recommend spending 5 mins reading the PmWiki blocklist page http://www.pmwiki.org/wiki/PmWiki/Blocklist as it describes using well known blocklists such as chongqed.org and MoinMaster

In summary, I think it would be great enhancement if you could automatically (every day) download a local copy of the following blocklists:
http://blacklist.chongqed.org/
http://moinmaster.wikiwikiweb.de/BadContent
You could then parse these in addition to you existing spam words. I feel this would greatly the reduce the amount of effort required to maintain the spam word blocks and get newbees up and running quickly.

By the way, does your mod also support blocking IP addresses and or address ranges?

Regards,
-Steve.
-Steve.

User avatar
smokejax
Registered User
Posts: 13
Joined: Mon Aug 07, 2006 2:47 pm
Location: JAX, FL
Contact:

Post by smokejax » Wed Feb 21, 2007 4:35 pm

Hi Joe,

Everything seems to be working great except for when I edit/approve a flagged message via ACP, I get a header error.

I've attached a screencapture.

As I said, everything else i've tested works perfectly thus far except for this one thing. What am I missing?

Thanks for your help! :)

Post Reply

Return to “[2.0.x] MOD Database Releases”