Page 34 of 43

Random URLs

Posted: Wed Feb 07, 2007 5:11 pm
by Six Sigma Teacher
The MOD is still working great - I now have four pages of spam caught every 24 hours, and have only had one false positive.

I was wondering if someone could tell me the reasoning behind what appear to be random URLs in spam, e.g.

Code: Select all

"http://fpvrfhuz.com/wxja/lwbs.html"
Since the URL and domain will be completely different in the next post - some randomly generated series of letters - there is no commonality on which to filter.

But what I don't get is the motivation for doing this. If the motivation is understood, perhaps there is a countermeasure for it. Why post links to random never-repeated URLs? They don't even link to a page that forwards you somewhere else - just a "Server Not Found" error. I am baffled.

Posted: Wed Feb 07, 2007 5:35 pm
by Six Sigma Teacher
Oh, and kind of a funny observation...

I have one topic that is old enough I doubt any real people view it, but enough did when it was posted so that it had, say, 50 views.

Time passes, and the spambots come by...increasing the number of views, and thus increasing the attractiveness to spambots in a never-ending feedback cycle since the bots can't tell real people views from spambot views.

And now, spambots post to that topic very frequently - so frequently that it is the one that gets the "new" spam that slips through the filter.

So it is almost like a "honey pot" for spam. No one goes there but with all the spam postings the views are currently 1,365, so the spambots love it. It is a way to catch new filter words before the probability of them showing up in an active thread is high.

This might be a technique to "quarantine" spam in an out-of-the-way topic. I have thought about making a "Post Spam Here" topic and luring the spambots to it, in order to continue to refine my spam words list for the topics that people would read - anything that gets through gets through there first. Right now that old topic is serving that function.

words not showing

Posted: Wed Feb 07, 2007 7:02 pm
by Gephri
Great mod!
However, the following code on page spamwords_config_body.tpl is not pulling in any data (yes - I do have spam words in the database).

Code: Select all

<!-- BEGIN words -->
		{words.WORDS}
<!-- END words -->
Any idea how to correct this?

Also, it would sure make cleaning up duplicates easier if there were a check box next to each word in the database - then check all dups to delete.

Posted: Wed Feb 07, 2007 8:25 pm
by Joe Belmaati
Ha! Not too slick that. Change that whole thing to:

Code: Select all

 {WORDS}

Posted: Wed Feb 07, 2007 9:54 pm
by Six Sigma Teacher
Joe Belmaati wrote: Ha! Not too slick that. Change that whole thing to:

Code: Select all

 {WORDS}


Heh, this is one bug that really is a feature - I have so many words in my spam list that I would have to scroll down very far before I could edit the settings!

I'll leave it just like it is if that is the only effect. :)

Spammers posting all-link posts

Posted: Thu Feb 08, 2007 6:33 pm
by Eckleburg
Hello. Love the Mod, it has been working great. Currently, some spammers seem to have found a workaround to the mod however. If Spammers post a post with all links, it allows words included as the text of the link to slip through the filter. For example if i have blocked "spamword" through the wordlist, the mod won't block <a href'"http://somespamsite.com">spamword</a>

Is there a way to block this?

Thanks!

Posted: Thu Feb 08, 2007 6:56 pm
by Gephri
...perfect!

Re: Spammers posting all-link posts

Posted: Fri Feb 09, 2007 5:24 pm
by Joe Belmaati
Eckleburg wrote: Hello. Love the Mod, it has been working great. Currently, some spammers seem to have found a workaround to the mod however. If Spammers post a post with all links, it allows words included as the text of the link to slip through the filter. For example if i have blocked "spamword" through the wordlist, the mod won't block <a href'"http://somespamsite.com">spamword</a>

Is there a way to block this?

Thanks!
Does your site allow posting of html..?

Posted: Mon Feb 12, 2007 11:58 pm
by toyochan
Hello,
I installed this mod today, but "mass add spam words" doesn't work well.
For example, if I type
"*o-*beep*.com*,*ofigeno.net*",
"beep","com","net","o-","ofigeno" are added to the list. :(

Do you have any idea to fix it?

Posted: Tue Feb 13, 2007 6:50 am
by Joe Belmaati
toyochan wrote: Hello,
I installed this mod today, but "mass add spam words" doesn't work well.
For example, if I type
"*o-*beep*.com*,*ofigeno.net*",
"beep","com","net","o-","ofigeno" are added to the list. :(

Do you have any idea to fix it?
Yes, I have already posted a fix for that.

Posted: Tue Feb 13, 2007 5:01 pm
by toyochan
Oh, I found it.
Thank you very much. Now "mass add spam words" works well!!

Posted: Wed Feb 14, 2007 1:32 am
by mhmdkhamis
very useful mod

thank u :D

Posted: Mon Feb 19, 2007 8:13 pm
by hsteckylf
I was doing the manual install and everything was going fine until I got to the section where I need to edit 'admin/admin_forums.php'. I was not able to find ANY of the 'find' lines in that file. Not a single one of the eight lines we are supposed to search for was I able to find. Anyone have any ideas?

Automatic blocklists

Posted: Wed Feb 21, 2007 1:40 pm
by crispyduck
What a great mod, well done.

Not sure if anyone else has already suggested similar but .... I have a suggestion that comes from my experience of blocking spam on Wiki's. The main wiki I use is called PmWiki and it has a built-in 'blocklist'. The reason for mentioning it is because several groups have formed and maintain "shared blocklists". These blocklists are downloaded by PmWiki and used in addition to the user configurable blocklist.

I recommend spending 5 mins reading the PmWiki blocklist page http://www.pmwiki.org/wiki/PmWiki/Blocklist as it describes using well known blocklists such as chongqed.org and MoinMaster

In summary, I think it would be great enhancement if you could automatically (every day) download a local copy of the following blocklists:
http://blacklist.chongqed.org/
http://moinmaster.wikiwikiweb.de/BadContent
You could then parse these in addition to you existing spam words. I feel this would greatly the reduce the amount of effort required to maintain the spam word blocks and get newbees up and running quickly.

By the way, does your mod also support blocking IP addresses and or address ranges?

Regards,
-Steve.

Posted: Wed Feb 21, 2007 4:35 pm
by smokejax
Hi Joe,

Everything seems to be working great except for when I edit/approve a flagged message via ACP, I get a header error.

I've attached a screencapture.

As I said, everything else i've tested works perfectly thus far except for this one thing. What am I missing?

Thanks for your help! :)