"They" (Spammers) are getting creative

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Ideas Centre
Post Reply
User avatar
bubbathegimp
Registered User
Posts: 81
Joined: Tue Sep 25, 2018 8:02 pm
Location: Bronston
Name: Robert Anderson
Contact:

"They" (Spammers) are getting creative

Post by bubbathegimp »

was looking in the logs, and came across this..

Stop Forum Spam triggered:
Username: Rickymef
IP: 199.187.209.30
Email: admin@forums.cornpone.net

Notice the Email address??!!

I guess the search for vulnerabilities in 3.30 has already begun??!!
Old enough to remember when Water was free, and you had to pay for Porn :o

User avatar
Brf
Support Team Member
Support Team Member
Posts: 51908
Joined: Tue May 10, 2005 7:47 pm
Location: {postrow.POSTER_FROM}
Contact:

Re: "They" (Spammers) are getting creative

Post by Brf »

bubbathegimp wrote:
Mon Jan 13, 2020 3:04 pm
Notice the Email address??!!
What is your point?

User avatar
KevC
Support Team Member
Support Team Member
Posts: 69536
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: "They" (Spammers) are getting creative

Post by KevC »

Doubt it.
Spambots often use fake email addresses in the hope that the boards just allow account activation with no checks. It's probably a bot using admin@ and then just appending the site name, which happens to be yours.
-:|:- Support Request Template -:|:-
Image
Cheap UK Hosting
"In the land of the blind the little green bloke with no pupils is king - init!"

User avatar
bubbathegimp
Registered User
Posts: 81
Joined: Tue Sep 25, 2018 8:02 pm
Location: Bronston
Name: Robert Anderson
Contact:

Re: "They" (Spammers) are getting creative

Post by bubbathegimp »

Brf wrote:
Mon Jan 13, 2020 3:57 pm
bubbathegimp wrote:
Mon Jan 13, 2020 3:04 pm
Notice the Email address??!!
What is your point?
1) just wondering if they are using admin (Common email name to contact a site administrator)
along with the domain name, In an attempt to "Probe" for vulnerabilities that might exist...just curiosity...
(I'm not a Hacker/Programmer)

2) Idle conversation..

3) You can try to learn something new every day.

4) All of the Above

5)YMMV
Old enough to remember when Water was free, and you had to pay for Porn :o

User avatar
bubbathegimp
Registered User
Posts: 81
Joined: Tue Sep 25, 2018 8:02 pm
Location: Bronston
Name: Robert Anderson
Contact:

Re: "They" (Spammers) are getting creative

Post by bubbathegimp »

KevC wrote:
Mon Jan 13, 2020 4:02 pm
Doubt it.
Spambots often use fake email addresses in the hope that the boards just allow account activation with no checks. It's probably a bot using admin@ and then just appending the site name, which happens to be yours.
I understand the risks of "activation without checks". I have mine set to validate by Email, along with using the confirm email extension. It has stopped a few.... :D

When I first started up, I was getting hit with Chinese spammers wanting to sell Nike, And Metal Detectors....
I was using Filter by Country to block China completely. Cant wait till it's ready for PhpBB 3.30 :D
in the mean time I've used one of those sites that lists IP by Country, and added the ranges for China into my Htaccess file...
Old enough to remember when Water was free, and you had to pay for Porn :o

User avatar
KevC
Support Team Member
Support Team Member
Posts: 69536
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: "They" (Spammers) are getting creative

Post by KevC »

Then it's fine.
They will never get the email and the account will never be turned on.

Maybe their ploy is that you won't notice the address is spoofed to your own and click the activation link.
-:|:- Support Request Template -:|:-
Image
Cheap UK Hosting
"In the land of the blind the little green bloke with no pupils is king - init!"

User avatar
bubbathegimp
Registered User
Posts: 81
Joined: Tue Sep 25, 2018 8:02 pm
Location: Bronston
Name: Robert Anderson
Contact:

Re: "They" (Spammers) are getting creative

Post by bubbathegimp »

KevC wrote:
Mon Jan 13, 2020 4:26 pm
Then it's fine.
They will never get the email and the account will never be turned on.

Maybe their ploy is that you won't notice the address is spoofed to your own and click the activation link.
Maybe they thought "Anything is worth a try" ??!!
(Sign of Desperation)?
Devious little buggers....
Old enough to remember when Water was free, and you had to pay for Porn :o

KYPREO
Registered User
Posts: 223
Joined: Fri Feb 02, 2018 9:56 am
Contact:

Re: "They" (Spammers) are getting creative

Post by KYPREO »

As an example of creative spamming i have seen in the past 6 months...

The only spammers i get anymore are humans based in Vietnam. They take the subject line and contents of old posts (10 years old), then repost in the same forum. It looks like a new user who is posting content relevant to the forum's subject matter and therefore not spam. Other users respond but the OP never responds.

In the meantime, the topic gets indexed by Google.

Then after around 3 months the user returns and edits their post to Vietnamese spam, but you may not notice as the topics are now old and possibly and the next page of the index, but the spammer has created an effective backlink.

After i began taking action, such as blocking Vietnamese IPs at the CDN level, they started posting through anonymous VPNs. They also began changing up wording slightly to make it harder to detect reproduced old content.

The Precise Similar Topics extension has proved to be a valuable tool in detecting this form of spam, as i can often see the original old topic in the similar topics list at the bottom of the page.
phpBB user since 2002
www.AusRotary.com

User avatar
John connor
Registered User
Posts: 2408
Joined: Fri Nov 14, 2014 5:14 pm
Location: U S Of A
Name: Aaron
Contact:

Re: "They" (Spammers) are getting creative

Post by John connor »

Learn how to use the script CIDRAM. It also offers a Stop Forum Spam module, but oh so much more. The Dev is a friend of mine and many of my suggestions have made it into the script like an AbuseIPDB integration where if an IP is listed at the AbuseIPDB database they get a 403. Setting this up can be complicated except the companion WordPress plugin for CIDRAM. So chime in at the Gitter page if you have questions should you venture to try out CIDRAM.


https://github.com/CIDRAM/CIDRAM


https://gitter.im/CIDRAM/Lobby

Once you have it installed you may be very surprised at how much unsavory traffic it will stop. I wouldn't be surprised if your forum has already been scrapped.

Oh! A Project Honey pot module will be added soon as well. He's pretty busy with work and what have you so as time permits.

KYPREO
Registered User
Posts: 223
Joined: Fri Feb 02, 2018 9:56 am
Contact:

Re: "They" (Spammers) are getting creative

Post by KYPREO »

John connor wrote:
Tue Jan 14, 2020 4:55 am
Learn how to use the script CIDRAM. It also offers a Stop Forum Spam module, but oh so much more. The Dev is a friend of mine and many of my suggestions have made it into the script like an AbuseIPDB integration where if an IP is listed at the AbuseIPDB database they get a 403. Setting this up can be complicated except the companion WordPress plugin for CIDRAM. So chime in at the Gitter page if you have questions should you venture to try out CIDRAM.
CIDRAM is on my list of things to look further into. There is a such a thing as too much security though. Your Cloudflare is blocking access when I access through one of Cloudflare's major competitors. The whole ASN is blocked. Happy to tell you which by PM if it is of concern to you.
phpBB user since 2002
www.AusRotary.com

User avatar
John connor
Registered User
Posts: 2408
Joined: Fri Nov 14, 2014 5:14 pm
Location: U S Of A
Name: Aaron
Contact:

Re: "They" (Spammers) are getting creative

Post by John connor »

KYPREO wrote:
Tue Jan 14, 2020 5:32 am
John connor wrote:
Tue Jan 14, 2020 4:55 am
Learn how to use the script CIDRAM. It also offers a Stop Forum Spam module, but oh so much more. The Dev is a friend of mine and many of my suggestions have made it into the script like an AbuseIPDB integration where if an IP is listed at the AbuseIPDB database they get a 403. Setting this up can be complicated except the companion WordPress plugin for CIDRAM. So chime in at the Gitter page if you have questions should you venture to try out CIDRAM.
CIDRAM is on my list of things to look further into. There is a such a thing as too much security though. Your Cloudflare is blocking access when I access through one of Cloudflare's major competitors. The whole ASN is blocked. Happy to tell you which by PM if it is of concern to you.
Sure, send me a PM on the ASN. Chances are it's on a crap list for reasons, and if so I'll have to investigate and if necessary just Recaptcha or JS check the ASN instead.

When you send me the PM, please elaborate on what the competitor is so I know what's going on. If in fact, if you're trying to make a server to server connection, then that would be a no, no in my security policy. Another thing is that because I block a good majority of the major cloud/hosting out there, VPNs get caught up in the mix, and I also block Tor on two levels. :lol: :D :lol: :ugeek:

User avatar
KevC
Support Team Member
Support Team Member
Posts: 69536
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: "They" (Spammers) are getting creative

Post by KevC »

KYPREO wrote:
Mon Jan 13, 2020 10:10 pm


Then after around 3 months the user returns and edits their post to Vietnamese spam, but you may not notice as the topics are now old and possibly and the next page of the index, but the spammer has created an effective backlink.
If you set the mod queue to 2 posts, if they edit the original to add a link it'll go back on the queue again and you can spot them a lot more easily.
-:|:- Support Request Template -:|:-
Image
Cheap UK Hosting
"In the land of the blind the little green bloke with no pupils is king - init!"

User avatar
kinerity
Community Team Member
Community Team Member
Posts: 2456
Joined: Mon Sep 01, 2014 1:00 am
Location: sudo rm -rf /
Name: Kailey Truscott
Contact:

Re: "They" (Spammers) are getting creative

Post by kinerity »

bubbathegimp wrote:
Mon Jan 13, 2020 4:15 pm
along with using the confirm email extension
I'm glad someone found it useful. :D
Kailey Truscott - Community Team

User avatar
bubbathegimp
Registered User
Posts: 81
Joined: Tue Sep 25, 2018 8:02 pm
Location: Bronston
Name: Robert Anderson
Contact:

Re: "They" (Spammers) are getting creative

Post by bubbathegimp »

kinerity wrote:
Tue Jan 14, 2020 11:59 am
bubbathegimp wrote:
Mon Jan 13, 2020 4:15 pm
along with using the confirm email extension
I'm glad someone found it useful. :D
Seemed like a logical addition when using validate by E-Mail.... :lol:
Old enough to remember when Water was free, and you had to pay for Porn :o

Post Reply

Return to “phpBB Discussion”