Page 1 of 4

Problems with spammers!

Posted: Wed Sep 08, 2004 2:00 pm
by Real Green Team
I was just going through my memberlist and noticed I have several new members that only appear to be referring to different drug companies.

Their user names are all different drug companies, one of them is Propecia. They all take you to websites with the same extensions

ex- http://www.alprazolam.boom.ru/

Are these some sort of data or email miner? Is there a way I can block these people?

I know there is the ban control in the admin panel, but how effective is that? Also how do I find the users IP address if they are not online? I want to block offending IPs, but I'm not sure where to find that info.

Re: Problems with spammers!

Posted: Wed Sep 08, 2004 2:25 pm
by tanfwc
Real Green Team wrote: I was just going through my memberlist and noticed I have several new members that only appear to be referring to different drug companies.

Their user names are all different drug companies, one of them is Propecia. They all take you to websites with the same extensions

ex- http://www.alprazolam.boom.ru/

Are these some sort of data or email miner? Is there a way I can block these people?

I know there is the ban control in the admin panel, but how effective is that? Also how do I find the users IP address if they are not online? I want to block offending IPs, but I'm not sure where to find that info.


maybe you just want to delete their account.

Posted: Wed Sep 08, 2004 3:00 pm
by Nephrus
in the /contrib folder of your phpBB download, is the Visual Confirmation MOD. This will stop those registrations, and it comes with pre-modded files for your convenience. :)

Posted: Wed Sep 08, 2004 5:09 pm
by Real Green Team
So do I just need to upload these files?

Posted: Wed Sep 08, 2004 5:21 pm
by BullmarketFrogs
Nephrus wrote: in the /contrib folder of your phpBB download, is the Visual Confirmation MOD.


Hmmm... I was under the impression that we had to delete this folder once we were done installing our forum. Can I go back and re-upload it, or...?

Thanks,

Carol

Posted: Wed Sep 08, 2004 5:23 pm
by Real Green Team
I just downloaded it.

Just re-download the original PHPBB files.

The only problem is I have installed so many mods that would be rendered useless if I replaced these files and I dont know PHP well enough to do it myself.

Posted: Thu Sep 09, 2004 9:47 pm
by Caltsar
I get the same thing.
They're Russain spammers posting the url for a site on the boards by only filling out that information. When a search engine crawls through your page it takes the link and says to itself: "Hey this site is linking to this one! +1 karma point for the linked site!" When they do this they get a better rank in search engines. Pretty ingenious considering most people don't delete users. But for me it was kind of given away whe one person signed up for enough accounts to double my users (which isn't very many). All these accounts had the same address and email.

Anyway That's what's happening from what I can gather.

Posted: Thu Sep 09, 2004 11:53 pm
by romans1423
BullmarketFrogs wrote:
Nephrus wrote:in the /contrib folder of your phpBB download, is the Visual Confirmation MOD.


Hmmm... I was under the impression that we had to delete this folder once we were done installing our forum. Can I go back and re-upload it, or...?

Thanks,

Carol


Yes, the /contrib directory must be deleted, but you can still open it on your computer and use the tools within it... Nothing needs to be uploaded to a remote /contrib file, so you don't have to worry about having to delete it again off of the server.

Thanks Caltsar!

Posted: Fri Sep 10, 2004 12:54 pm
by Real Green Team
Those clever bastards. :evil:

That does make sense as far as page rank goes. Recipricol outside links does increase your page rank. I was trying to get my head around why they would do that.

So these are some guys from Russia huh?

Does anybody know about IP Blocking? I notice you can do it from the admin panel, but I am not sure how to get someone's IP address if they are not online? Is there a mod for this?

Posted: Fri Sep 10, 2004 1:33 pm
by Shof515

Posted: Fri Sep 10, 2004 1:41 pm
by Real Green Team
Right on. I will look into this one. I don't want this to become an issue. I've already had to remove 15 accounts that all linked to the same site.

I already installed all the mods I could find for spammers and email grabbers.

Posted: Sat Sep 11, 2004 7:42 pm
by colinb
I had this problem on my board (v2.0.6). I noticed that a lot of usernames had a certain consistency to them - all beginning with "a" and 5 seemingly-random letters afterwards. When one of my mods tipped me off, I checked the registrations and noticed that the registered email address was one of two - both relating to a ".ru" (Russia) domain. I used the email ban utility (in Admin) to put a wildcard ban on any registrations with that domain - eg: *.url.ru. I've had to do this with two such cases (each with about 20 registrations) and I'm confident that the culprit was the same person/s. Nothing since - and that was about two months ago.

Like previous posters have said, your best policy is simply to be vigilant - and a combination of banning (mail and IP where possible) plus plain old deletion of account will cope with most problems.

CB

Posted: Sun Sep 12, 2004 2:34 am
by Caltsar
Just an update.

I've been continuing to look into this a little, and they all seem to come from the same site but redirecting to other sites. Most of these are within the US. Boom.ru seems to be the only or biggest one to do this. I have also recieved over 30 of these within the last post.

I am currently letting them in and working on pursuing this. Does anybody know about russain spam laws or are they non-existant? If worse comes to worse I'll just ban all .ru email addresses. I will also try and see if I can do something through the American companies that are employing the people to do this. If anyone wants an example of what to look for here it is: http://rollinit.com/bb/memberlist.php

I've been deleting them up to the 11th, but I have a feeling more will come.

Posted: Sun Sep 12, 2004 3:36 am
by AfghanScorpion
I'm having the same problem on my board. I just modded my board to discard any Web site address entered during registration. A Web site can be entered after an account is activated.

I just noticed that when I registered here, my registration did not appear in the member list until after I activated it. This an even better solution!

Posted: Sun Sep 12, 2004 7:34 am
by colinb
Caltsar wrote: I am currently letting them in and working on pursuing this. Does anybody know about russain spam laws or are they non-existant? If worse comes to worse I'll just ban all .ru email addresses.


I would guess that the majority of the sites are run by Russian drug / porn barons or general con merchants, and with the situation being what it is in the former Soviet Union I can't see any laws having any bite whatsover with the gangsters.

I have several very good members of my board who are based in Russia, so I can't consider putting a blanket ban on all .ru domains. The wildcard email server ban is the best tool I can think of at the moment. I don't want to make registration hard for the majority of members, that's the problem - and one I'm sure we all share.

CB