hammered by newly registered members

Get help with installation and running phpBB 3.0.x here. Please do not post bug reports, feature requests, or MOD-related questions here.
Scam Warning
Forum rules
END OF SUPPORT: 1 January 2017 (announcement)
Locked
adrian-smith31
Registered User
Posts: 13
Joined: Tue Jun 12, 2012 9:52 pm

Re: hammered by newly registered members

Post by adrian-smith31 »

After taking a long hard look at my server logs and looking at my webalizer stats, at a guess around 75% of my spammers are using the host steephost.net. This host already is in the news see here:-
http://www.technologyreview.com/news/41 ... a-centers/

So, I blocked it in my .htaccess file. Seems it is very difficult for the law to prosecute these companies if the host is in another country. Spam, unfortunatley is here to stay and will get worse.
J_M
Registered User
Posts: 269
Joined: Wed Jul 20, 2005 12:26 pm

Re: hammered by newly registered members

Post by J_M »

> Seems it is very difficult for the law to prosecute these companies if the host is in another country.

I agree but there is a difference if companies like Xrumer can post that what they do and what anyone does with their software is legal. This makes it fair game for a much larger audience including anyone in the US or EU.

It's a small step compared to battling the mass of registrations and real world problems. But if it's a question of adding a couple lines to an outdated law... why not. Especially since the congress in the US is apparently not doing anything else.
Last edited by J_M on Tue Nov 20, 2012 2:36 pm, edited 1 time in total.
User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 51404
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve
Contact:

Re: hammered by newly registered members

Post by stevemaury »

It occurs to me that word analogy-type questions would be very difficult for spambots and pretty much unsearchable. For example:

Code: Select all

Q: "anti" is to "pro" as "bad" is to _____?

Code: Select all

A: good

Code: Select all

Q: "Sacramento" is to "Idaho" as "Boise" is to ______?

Code: Select all

A: California

Code: Select all

Q: ""Streetcar" is to "Desire" as "Boy" is to _________?

Code: Select all

A: Sue
Anyway, you get the idea.
For REALLY good and VERY inexpensive hosting CLICK HERE

I can stop all your spam. I can upgrade or update your Board. PM or email me. (Paid support)
User avatar
wmtipton
Registered User
Posts: 564
Joined: Thu Apr 26, 2007 8:16 pm
Contact:

Re: hammered by newly registered members

Post by wmtipton »

Its been days now and the Q&A change seems to be working great. Not a single spammer sign up or post.
Ive noticed more 'guests' than normal so I'd bet they are still stalking around trying to get in ;)
mysql database backup software - mysql Workbench
TangleCrow
Registered User
Posts: 54
Joined: Tue Aug 09, 2011 11:55 pm

Re: hammered by newly registered members

Post by TangleCrow »

I just wanted to say that our board was hit last friday as well... I've had registration disabled for a couple of days, but now I've changed my Q&A question... I will report back to this thread about what happens. :ugeek:
User avatar
durangod
Registered User
Posts: 709
Joined: Tue Nov 03, 2009 1:26 pm
Name: Dave

Re: hammered by newly registered members

Post by durangod »

stevemaury wrote:

Code: Select all

Q: ""Streetcar" is to "Desire" as "Boy" is to _________?

Code: Select all

A: Sue
I would not know how to answer that one, never heard of either of those relationships :lol: I guess if we do this we have to be very careful not to ask stuff that might be geographical or local custom and make sure it is a widely known topic.
User avatar
panzer max
Registered User
Posts: 46
Joined: Thu Mar 19, 2009 1:19 am
Contact:

Re: hammered by newly registered members

Post by panzer max »

RMcGirr83 wrote: [*]A built-in proprietary "Question-answer" system.
Like I said, I would love to understand how they manage their Q&A system.
User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 51404
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve
Contact:

Re: hammered by newly registered members

Post by stevemaury »

durangod wrote:
stevemaury wrote:

Code: Select all

Q: ""Streetcar" is to "Desire" as "Boy" is to _________?

Code: Select all

A: Sue
I would not know how to answer that one, never heard of either of those relationships :lol: I guess if we do this we have to be very careful not to ask stuff that might be geographical or local custom and make sure it is a widely known topic.
Tennessee Williams wrote a play - "A Streetcar Named Desire"

Johnny Cash wrote a song - "A Boy Named Sue"

But yes, this would have to be tailored to your user demographic.
For REALLY good and VERY inexpensive hosting CLICK HERE

I can stop all your spam. I can upgrade or update your Board. PM or email me. (Paid support)
Schwpz
Registered User
Posts: 335
Joined: Wed May 07, 2003 1:33 pm
Location: Planet Zot
Contact:

Re: hammered by newly registered members

Post by Schwpz »

durangod wrote: I guess if we do this we have to be very careful not to ask stuff that might be geographical or local custom and make sure it is a widely known topic.
Indeed. I'm from Norway and don't have a single clue about what the "Sacramento is to Idaho"-Boise-things is O____O;;

Keep them international if you want international users! :O
..:: PlanetZot.com - Your ultimate source for animation! ^^
Angoid
Registered User
Posts: 63
Joined: Tue Nov 22, 2005 8:28 pm
Location: East Midlands, UK
Contact:

Re: hammered by newly registered members

Post by Angoid »

Can't such questions simply be added to the Xrumer database?
Once it's there, it could simply do a search for this question and hey presto! There's your answer!

It strikes me as though something radically different is needed. Once any given CAPTCHA mechanism is popular enough, it becomes cost effective for Xrumer developers to work on a crack.
If you don't know what eschatology is then don't worry; it's not the end of the world.
User avatar
durangod
Registered User
Posts: 709
Joined: Tue Nov 03, 2009 1:26 pm
Name: Dave

Re: hammered by newly registered members

Post by durangod »

Angoid wrote:Can't such questions simply be added to the Xrumer database?
Once it's there, it could simply do a search for this question and hey presto! There's your answer!

It strikes me as though something radically different is needed. Once any given CAPTCHA mechanism is popular enough, it becomes cost effective for Xrumer developers to work on a crack.

Yes, what we are discussing and mentioned throughout this thread is that this is a temp fix, nothing we do is a "set it and forget it" kind of thing. It will require regular upkeep and changing questions often.

Which is why i wrote this (from my post on page 19 of this thread)
Also its all good and well making changes frequently if you have less then a couple of forums, but when you have 10 or more it really becomes and issue with time management and really cuts into the bottom line, time is money ya know for many of us.

An hour twice a week is 104 hours a year just changing questions. If i worked a 40 hour work week (and i dont, i work more than that) but that is 2.5 weeks a year doing nothing but changing questions. Thats too much folks.
But as someone else mentioned before, the minds of phpbb are in heavy discussion over this topic amungst themselves so maybe they can come up with a better bandaid. Because honestly until they are out of business (which will prob not happen in our lifetimes) bandages is all we will ever be able to do and that goes for the whole internet not just phpbb. There just has to be a better way than to spend 2.5 weeks a year doing this.
User avatar
Lumpy Burgertushie
Registered User
Posts: 67935
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: hammered by newly registered members

Post by Lumpy Burgertushie »

and keep in mind this is not a phpbb problem, they don't just spam phpbb they spam any and all sites that allow posting/links etc.

I really don't believe that anybody is making any real money from spamming like this.

how many people would actually click on a link in a board to buy viagra or whatever?

I wager that not many would. It seems like a lot of effort for not much return.

AS long as there are dummies who will pay for things like xrummer or whatever, I guess they will keep doing it.

If the advertisers knew that it was mostly a waste of time and money, I believe they would find another way.


robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.3 Styles by PlanetStyles.net

If nobody is in the forest, does a tree really fall?
Angoid
Registered User
Posts: 63
Joined: Tue Nov 22, 2005 8:28 pm
Location: East Midlands, UK
Contact:

Re: hammered by newly registered members

Post by Angoid »

Agreed, but the thing is that most (if not all) spam has criminal activity behind it. Put it like this: if just one person in every ten million tries to buy something advertised by spam, this alone pays for the next round of 10 million spams - including the porno and viagra spam sent to that one-in-ten-million purchaser's kids.

Also, many back links to the spammer's site can produce higher rankings in Google. So-called "Search Engine Optimisation" (the black hat variety).
If you don't know what eschatology is then don't worry; it's not the end of the world.
BarnCockle
Registered User
Posts: 6
Joined: Fri Sep 16, 2011 1:30 pm

Re: hammered by newly registered members

Post by BarnCockle »

Just a thought. I believe there are a number of members collecting ip addresses of these spammers. Can these not be used to build up a central database to check against?

EDIT
No I don't think so probably too easy for corruption.
User avatar
Lumpy Burgertushie
Registered User
Posts: 67935
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: hammered by newly registered members

Post by Lumpy Burgertushie »

BarnCockle wrote:Just a thought. I believe there are a number of members collecting ip addresses of these spammers. Can these not be used to build up a central database to check against?
already been done. however , it is ineffective because IP addresses change all the time.

the IP they use right now can be different 1 minute from now. you will probably get a new IP address if you reboot your router or modem etc.

they also use proxies which can be changed at will etc.


robert
I'm baaaaaccckkkk. still doing work on donation basis. PM your needs.

Premium phpBB 3.3 Styles by PlanetStyles.net

If nobody is in the forest, does a tree really fall?
Locked

Return to “[3.0.x] Support Forum”