Anti-Spam Thread!

[Blaine]

I thought people here might be interested in the advertised features of one of the many spambots that are out there.

o Multithreaded submitting: over 50 simultaneously running threads possible! (30 threads are recommended for optimal performance under 128 Kbps bandwidth)
o Software can perform registration at forums (if necessary for posting messages) and automatically fill in the required fields. Upon successful registration posts the user-specified message and/or links.
o The powerful built-in proxy-server checking script locates available proxy-servers worldwide, choosing anonymous addresses among them.
o Software is able to work with lots of different types of forums and guestbooks: phpBB and PHP-Nuke with any modifications, yaBB, VBulletin, Invision Power Board, IconBoard, UltimateBB, exBB, phorum.org, wiki, different types of bulletin boards and even custom-written code.
o Attention: unique feature – software works around EVERY possible type of protection from automatic registration, including:
- Pictocode protection (tickets, captcha), which look something like: "Enter the number you see in the box". Details...
- E-mail activation protection. Details...
- Java-script protection. Details...
o During the process of posting a detailed log is created with precise path-links to posted messages so that you can check every link and every posted message afterwards.
o A built-in proprietary "Question-answer" system.
o A variations system, using which you can post up to 10000 messages all looking different but with similar contextual meaning and the user-defined hyperlinks in them. It helps to broaden the key queries (for Search Engine optimization) and protect your posts from being filtered out by Search Engines (that is, your posts will be included in SERPs).
o If the forum has more than one category, the software chooses the one most suitable for the message, otherwise it sends the message to off-top, flame sections or the like, and in case those do not exist - to the most visited category on the forum.
o BB-code can be used.
o The following forum base processing tools are included: repeated links deletion, hit descending sort, service denial according to customizable black list, and various filters. The program informs the users about availability of new versions and possesses many other powerful features.

The system is fully user-independent and requires minimum skills to handle: you only need to choose the proper links database, create a message text with one or several hyperlinks and hit the 'Start' button. THAT IS ALL.

Software package includes a databases with links to more than 102,000 forums.

--------------------------------
Improvements in the latest version of this spambot include:

o Significantly increased message posting speed. This is achieved by changing posting interval from 1 sec. down to 10 milliseconds. Some parts of the code were optimized to better handle productivity of mail posting.
o Anonymous posting improved - added new option "Do not post without proxy". The usage of the proxy has been significantly improved.
o Added automatic registration of mail accounts at web.de
o The program trained to decode the new pictures of protection (pictocodes, CAPTCHA's).
o The schedule system is added.
o A unique self-learning system is developed: the program analyzes unknown forms and stores it for future reference. Use of this system is more effective when posting in guestbooks, bulletin boards in foreign languages - German, French etc.
o New post-editing function of earlier created topics is added, which expands the opportunities of advertising actions.
o Profiles activation via e-mail now can be performed on background, which considerably increases the posting effect.
o Forum database updated: it is now consist of more then 102,000 links. All databases sorted by Google PR.
o User interface was improved and additional functionality was added: you can now preview your message in different formats: phpBB, IPB, VBulletin, YaBB before starting the posting process.
o "Question - answer" system now works on all forums, including those required account activation via e-mail.
o Significantly improved variation system you can now use embedded variations. New options add such as Co-variation, Binding by domain zone, which offer language tappgeting. For example, the program will post messages with Russian text in RU, BY, UA, KZ zone, in DE zone - in German, in all other zones - in English.
o Added new macros #hostname, #category, #random
o Added new macros #file=. You can now use message text from external files. This option enables to integrate the program with doorway generator.
o Starting with 3.0 version program can now send Personal Messages (mass PM) to registered users of forums - it works with phpBB forums and VBulletin.
o Software now can send messages to livejournal.com and blogger.com as anonymous user, improved postings to guestbooks and blogs.
o Program now will create more detailed reports.
o New options were added such as "Obligatory registration with posting", “Log the list of categories”, “List of the most visited forums” etc.
o Number of error messages was fixed i.e. "Access Violation", "Canvas does not allow drawing", "Thread creation error". Pages processing in format UTF-8 is corrected. The work of program has become more stable.
o Program comes with new and improved version of parser - better parsing speed, fixed MSN parsing, better overall stability, improved sorting by Google PR. Database size now can go up to 100 millions links.
o New, more detailed documentation (Help.exe) was added.

[Sean O'Connor]

Blimey, no wonder we're having trouble cutting down on the spam then.

I wonder if the phpBB development people keep an eye on how the spam merchants' tools work and try and beat them.

[EXreaction]

Ya, those spam bots are getting pretty nasty.

I tested a few out on some of my local boards and within 2 seconds the bot registered and posted on my vanilla board.

But with my Anti-Spam ACP mod installed none have gotten through yet(when configured properly ).

Even if one were to get through it would only take a matter of moments(I added the section in User Management) to delete the user, delete all threads, and delete all posts made by the user.

[drathbun]

I thought people here might be interested in the advertised features of one of the many spambots that are out there.

...

o Added automatic registration of mail accounts at web.de

Which explains why I got so many registrations recently from that domain and just banned it.

[EXreaction]

I thought people here might be interested in the advertised features of one of the many spambots that are out there.

...

o Added automatic registration of mail accounts at web.de

Which explains why I got so many registrations recently from that domain and just banned it.

Most of the high end spam bots can register from any legit email address. Just tell it the password and username for the account and it can spam and activate with any email address you want. Banning email addresses won't be good for long anymore.

[Blaine]

Which explains why I got so many registrations recently from that domain and just banned it.

The spambot in question is designed to signup for email addresses from cashette.com, web.de, something .ru, and a few others. It reminds me of a few years ago when a lot of spam was associated with some odd domain called juno.com, and one called hotmail.com, and aol.com. (Best I can tell aol.com is a company who's main business is to postal mail 5.25" coasters to people).

Eliminating all contact with hotmail, juno, and aol did in fact get rid of most spam for many people. Just as getting rid of the domains used by the spambot gets rid of spam for you.

But is banning of whole domains really the best way to accomplish your goals?

[drathbun]

I spoke quickly, did not provide many details. So here are a few.

I manage an interesting and diverse set of boards. The odds of any one person being interested in all of the topics (other than me ) are slim. So when one email address is used to register at all (or a majority of) my boards it goes into a suspect list. From there I deal with it accordingly. The domain web.de showed up in a big bunch of new user registrations, so I banned any future registrations. At the same time, it seems that I do have some actual legitimate users at the same domain, and I allowed them to continue using the same account.

I just found that it was interesting that the spammer tool featured a way to auto-register using that domain, getting a valid email account is required to get based the "user activation" portion of phpBB.

[KY Dave]

I've really had great results from the U2U Invitation Mod. One is on a high traffic board and another setup on my private forum.

We have it set to unlimited invitations using a code that is displayed on the front page of the forum. Anyone that reads the code can register and their account is activated immediately. Members can also invite new users with special codes. No CAPTCHA or USER ACTIVATION is needed so far. If a potential user doesn't have a code, they can't register. Bots don't read the front page so they never have the code. It's simple and effective. The code can be changed in under 60 seconds if needed, but I've not needed to change it yet.

[Prometheus Xex]

A friend of mine running a forum on his photography/club site is getting spam in. When you register you have to enter in a that scrambled code. I'm assuming it's a MOD (don't know the name) which I think I might want to implement on my site. My question is how are they getting in if you have that code. Can it be stopped with another MOD. I'm assuming someone is registering it manually as apposed to some kind of bot. The bots aren't that clever... are they?

I want to cure this because I want to be forum admin for The Guvernment Nightclub and use phpBB. They too are getting hammered, but are using some no-name forum software. I don't want to get the reins of command if I can't stop the spammers.

Any thoughts?

[joshric]

these spammers really give me the sh!ts!

if everyone that recieved a spam on their forum got in contact with the company advertised and then sent them hundreds of emails, it would be giving them at bit back. i did it today, acted as a regular customer and then sent hundreds of emails through. subsequently recieved a mail asking for me to stop sending all these mails through. it might not have done too much, but i certainly felt better

[XaHyMaH]

Question for developers (and others): how do you think, do the spam bots read content of the registration (message posting) page or they use only direct POST to simulate registration (posting)?

[Blaine]

do the spam bots read content of the registration (message posting) page or they use only direct POST to simulate registration (posting)?

All spambots on my site include my hidden field which suggests they are reading my page before doing a direct post to simulate registration.

[drathbun]

I thought I had some effective anti-spam measures, but after reading the feature list posted above I'm not so sure. The question / challenge / response sort of MODs help more than anything because a bot can't possibly know the answers to every question that might be asked. But any sort of code / token / cookie and so on, yeah, they can spoof that. One of my MODs adjusted the URL required, but all that did was force the bot to back up one step.

One of the other things that could be done is change the name of profile.php to something else, so that any call to profile.php?mode=register would fail, but then again the bot could simply back up a step and get the required URL off of the forum menu. At some point you have to stop, because the bot is so close to simulating a human that if you make it hard for humans to register then bots will fail, but then so will the humans that you want to register.

The token / answer / magic key to register can't be stored on the registration page itself, that much seems certain.

[Blaine]

The question / challenge / response sort of MODs help more than anything because a bot can't possibly know the answers to every question that might be asked.

I agree that the challenge/response questions are the most effective. But is is effective not beacuse it is hard, but because it is different.

Most people who took APL as a programming languge remember writing a small, a couple of screenfuls, program that would carry on a decent conversation with a human. I personally wrote such a program over 30 years ago.

I think you would be surprised at how effective a small program could be at bypassing the challenge / response questions. It is a lot easier than you might think. A lot easier.

[alvo]

The bots also log what the result of each attempt is, so that if it fails on your site they can go to it and look at what's different and adjust the bot script if necessary or they might simply hand it off to a real person to do the posting. Fortunately most spammers are lazy and don't do this, but they could. What would be a good idea is to change where the script posts to, but keep the original page and have it return the expected "success" page, but in actuality do nothing by discard the registration/post. This way the script would report back a success and they wouldn't ever look at your site and wouldn't know that their attempt actually failed.