Next wave of spam: Be prepared!

Discussion of non-phpBB related topics with other phpBB.com users.
Forum rules
General Discussion is a bonus forum for discussion of non-phpBB related topics with other phpBB.com users. All site rules apply.
R45
Registered User
Posts: 2830
Joined: Tue Nov 27, 2001 10:42 pm

Post by R45 »

drathbun wrote: My spams lately have all been manual. I have a script capturing registration attempts that bypass my form and submit form values directly, nothing has been captured. Yes, my code could be wrong. :-) But I did test it, to the best of my ability, and it does catch invalid registrations.

I have not caught any in weeks, yet I still have spam registrations.

I can testify to this. I have read articles discussing the cyber sweatshops in parts of the world, who are dedicated to SPAM in various forms. I would not doubt that there is a fair amount of human registration going on, which makes automating spam removal very difficult, to say the least.

And I would definitely not be keen on some global IP banlist.
User avatar
Anon
Former Team Member
Posts: 7019
Joined: Fri Jan 02, 2004 7:33 am
Location: Christchurch, New Zealand

Post by Anon »

drathbun wrote: My spams lately have all been manual. I have a script capturing registration attempts that bypass my form and submit form values directly, nothing has been captured. Yes, my code could be wrong. :-) But I did test it, to the best of my ability, and it does catch invalid registrations.

I have not caught any in weeks, yet I still have spam registrations.


What are you using? I've installed this and modified it to not allow anything that has "viewable" fields (IE everything except AIM, ICQ and Y! fields), as well as the IP ban turned on and I've seen drastic reductions in general registration spammers. I don't mind that there are "innocent" IPs being blocked, if people leave their computers up for abuse in this way that's their problem, not mine :)
User avatar
drathbun
Former Team Member
Posts: 12204
Joined: Thu Jun 06, 2002 3:51 pm
Location: TOPICS_TABLE
Contact:

Post by drathbun »

I have my own custom code, which is (no doubt) somewhat similar to what you linked. I've posted the code snippet more than once, and it's hardly an original idea. :-) I do not capture IP addresses, nor do I ban by IP address.
I blog about phpBB: phpBBDoctor blog
Still using phpbb2? So am I! Click below for details
Image
Hammer Hog
Registered User
Posts: 1
Joined: Fri Oct 06, 2006 12:31 am

Post by Hammer Hog »

Now what about the clown that registers with no intent to post? They only intend to place their spam website that is only view when clicking on their new user name/profile.
Is there a way to disable the website info box when and where they create their new account?
They can't post until I activate, but that doesn't seem to be something they intend to do anyway.
DJ Mike
Registered User
Posts: 1
Joined: Sun Oct 08, 2006 7:59 pm
Contact:

Post by DJ Mike »

calande wrote: Ok, but I doubt spambots change IP address very often. They probably have a large pipe with a fixed IP address...

And if they ever changed IP address all the time, at one time they would use the same previous IP addresses all over again.


I put a logger on my registration page thinking that I could block by IP but the logs show spam with the same MO coming from all over the world. I believe they are using proxies amd/or trojaned computers like email spammers.

I started blocking huge blocks of chinanet, kornet and any Brazilian ISP and that has cut spam attempts down a lot. It could also be that they are reading the note that I added to the agreement page or the great big "Get lost, spammer" that they see when the try to register with a website URL containing viagra, ambian, xanax ect, ect. My logs show a lot of them checking the member list after their registration aborts in their face.
User avatar
johnnypict
Registered User
Posts: 26
Joined: Thu Nov 10, 2005 12:38 pm

The spammer not the spam

Post by johnnypict »

There seems to be a lot of debate around the spam people receive and it appears to be the case that whatever we do, the criminal, (that's how I view spammers) will always be looking to be one step ahead.

I work in banking and we have the same situation with fraud in the banking world. You put something in place to stop it, then the criminal tries something else. The human mind is very inventive.

I see three ways to tackle, (not resolve cos that'll never happen) spam.

The first is taking the actions people describe here. It appears to work sometimes, for a while or the innocent are impacted.

The silly one where the world stops replying to spam therefore 'possibly' making it profitless. The spammer will probobly continue mind, especially where they are trying to obtain personal details for fraudulent reasons.

The last one is for there to be an internationally recognised criminal act where we can jail, fine and confiscate equipement. Obviously this wont work unless every country in the world joins in which is highly unlikely. So criminalisation wont solve the whole problem either.

Short of paying the spammers a visit with a baseball bat, I guess we're stuck with it. The best laugh I had was spam telling me my PC was infected and that I needed software to protect myself. Guess who suppied the software at $24.....yes the spammer. As if. Someone must fall for it though.

Johnnypict
forwardone
Registered User
Posts: 8
Joined: Tue Oct 24, 2006 10:07 am

Post by forwardone »

For some reason my inbox over the last week or so has been flooded with offers to help me with my sex life. I`ve never ever responded in any way to any advert to purchase any type of `pick me up` so why on earth do they bother? :roll:
User avatar
Jim_UK
Former Team Member
Posts: 18479
Joined: Tue Oct 12, 2004 5:36 pm
Location: Darwen N.West UK

Post by Jim_UK »

I am sure you have all seen the begging letters that seem to originate mainly in Africa and the ones inviting you to salt away x million dollars into your account (and of course keep the interest) - well my son had someone sign up on his board last week and spam the membership with PM's of a similar nature. If these characters find just one gullible person I guess it makes the effort worthwhile. I keep a folder in my email client called "cons" and move phishing attempts to there. I could delete them of course but looking back at them I can see just how prevalent this is. Sometimes several a day arrive supposedly from various banks. There are folks that are so fed up with this and spamming their forums that they have talked about giving it all up as a bad job.
As pointed out it would need a world wide criminalisation of spamming and the authorities to crack down hard on the culprits with hefty fines and maybe imprisonment to have any real effect. It is not even as simple as hitting the hosting of these spamming and phishing sites as sometimes they also are victims. I had my own account suspended by my host as someone had managed to access a directory and upload phishing software to it. This may have been done via a hole in cpanel but it just shows - we are all under seige with this stuff.

Jim
The truth is out there.
Unfortunately they will not let you anywhere near it!
vliou
Registered User
Posts: 10
Joined: Wed Oct 25, 2006 3:16 am

Post by vliou »

Wow, this has got to be the most interesting thread i've seen in a while. I run an email service, and we have staff dealing with spam. Judging from their reactions recently, I can vouch that the global spam epidemic is definitely getting worse. In fact, the conventional means of filtering spam is getting beaten by the new types of spam coming out. It's a real headache...but if you do stay on top of it, reduction to about 1-2% per 10,000 emails is possible. Just takes a lot of man-hours! :lol:
Vincent Liou
ThinkPost Communications
2GB Email. Full OTA Sync with BB / Outlook & Webmail for Calendar / Notes / Tasks. $4/month.
http://www.thinkpost.net
-----------------
Govnor
Registered User
Posts: 259
Joined: Mon Jan 16, 2006 12:42 am
Contact:

Post by Govnor »

I saw a mod once that showed how users of phpbb how to modify the letter cases of the word agreed in the url to confuse bots when they try to register.

Perhaps something like this mod could be taken a step futher, by writing something into the code where an admin can choose a string of characters, of any length, to create that word. That way it would be highly unlikely that a bot would encounter the same word twice.
Image
User avatar
Jim_UK
Former Team Member
Posts: 18479
Joined: Tue Oct 12, 2004 5:36 pm
Location: Darwen N.West UK

Post by Jim_UK »

Govnor wrote: I saw a mod once that showed how users of phpbb how to modify the letter cases of the word agreed in the url to confuse bots when they try to register.

Perhaps something like this mod could be taken a step futher, by writing something into the code where an admin can choose a string of characters, of any length, to create that word. That way it would be highly unlikely that a bot would encounter the same word twice.


Here it is http://www.phpbb.com/phpBB/viewtopic.php?t=257755

Jim
The truth is out there.
Unfortunately they will not let you anywhere near it!
imagedude
Registered User
Posts: 296
Joined: Wed Sep 25, 2002 10:28 pm
Location: /home/kai
Name: Kai Ponte
Contact:

Post by imagedude »

I should make a note that - updating many of the spam modifcations - has caused a severe reduction in the amount of spam registrations I've been getting.

My only issue was to be a little more careful in banning IP ranges. I ended up blocking the IP range for someone who had been registered for a few years.

Thanks, team!
Grinch
Registered User
Posts: 400
Joined: Mon Apr 22, 2002 5:44 pm
Location: Toronto, Canada

Post by Grinch »

What if we stopped using common words that spammers can search for to easily spot forums? For example, I did a search for "Forum" on Google, and it returned this:

Results 1 - 10 of about 3,380,000,000 for forum [definition]. (0.10 seconds)

That's over 3.38 billion results! Now if we all started to call our forum something other than a forum, we might be able to put a dent in the amount of spam registrations... at least in the short term.

Everyone that has a forum with a url something like www.mysite.com/forum, please put up your hand.

/raises hand
Dave Bean
Registered User
Posts: 210
Joined: Thu Jul 12, 2001 4:55 am
Location: Denver, Colorado
Contact:

Post by Dave Bean »

What you would have is a "guilty until proven innocent"
Depending on the nature of the board, sometimes this is exactly what we need. Not banning, but a situation where posts have to be approved by administrators or moderators until we label the participant as trusted.

On some boards it is very important to not have bad posts, so deleting and banning after the fact is not the best.
Building Internet Communities
www.ColoradoHealth.info
User avatar
comperr
Registered User
Posts: 581
Joined: Mon May 08, 2006 2:35 am

Post by comperr »

I think that the orig. idea of a central server is a good one. But instead of reporting a user, it should carry a blacklist of URLs, IPs, and Usernames usually used by spammers and a simple PHP script to add them. The admins if each board can decide whether they should use it or not.
Locked

Return to “General Discussion”