Pages: [1]   Go Down
Author Topic: Spammers  (Read 924 times)
0 Members and 1 Guest are viewing this topic.
New England
Offline Offline
Jr. Member
**
Karma: 0
Posts: 95
Arduino newbie
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset

What is going on with the forums?  I woke up this morning to 15 "new thread" emails, 10 of which are obviously spam.  There doesn't appear to be a way to report a post or thread to an administrator.  Is someone aware of the problem?  I think this forum's on the verge of getting completely overrun with spammers.
Logged

0
Offline Offline
God Member
*****
Karma: 2
Posts: 854
Arduino rocks!
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

Quote
What is going on with the forums?  I woke up this morning to 15 "new thread" emails, 10 of which are obviously spam.  There doesn't appear to be a way to report a post or thread to an administrator.  Is someone aware of the problem?  I think this forum's on the verge of getting completely overrun with spammers.

I don't know what the solution is though.  I used to run a community-drive site, and I had to give it up because it got to the point where it was 90% spam and taking me hours a day to delete the spam.

Captchas aren't very effective, and nobody even had any other suggestions.
Logged

New England
Offline Offline
Jr. Member
**
Karma: 0
Posts: 95
Arduino newbie
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset

I despise captchas, but that may be a necessary evil at this point.  It appears that a valid email address is required, so I guess that's a step in the right direction, but if the whole registration-confirmation-posting process can be easily automated, then I think you're going to have that problem.  A captcha would be a good stop-gap.  That or add a dynamically-generated challenge/answer ("what color is blue", "what is the sum of two plus three") that requires some human interaction.

How about integrating Akismet?  It's not just for wordpress.  If the user has less than 5 posts, run the posts through Akismet and moderate them if they smell funny.
Logged

0
Offline Offline
God Member
*****
Karma: 2
Posts: 854
Arduino rocks!
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

Captchas don't help as well as being universally despised.  

Anything to force human interaction is trivially crackable.  Set up a site where you offer free porn, but the user has to solve this test to prove they're human first.  Then have your script substitute in the test from the other site.  It's being done that way on a massive scale now.
Logged

0
Offline Offline
Jr. Member
**
Karma: 0
Posts: 71
Arduino rocks
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

free porn?... on the interwebs?!... never!

i have found a lot of success using spambayes with email... i'm still wondering why it can't be adapted for use with forum systems... the algorithms are based upon text patterns and occurrences... except for smtp headers, there's not that much difference between an email and a  forum post, in fact the forum post should be much simpler since it's not MIME formatted...

just my $0.02... or about 13 million euros now...
Logged

0
Offline Offline
God Member
*****
Karma: 0
Posts: 731
skcor oniudrA
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

Adding captcha with new registrations will render the forum a "less easy" target, and like house thieves, they'll move on to easier pickings.

The attacks are scripted and adding a dictionary to hack the captcha requires a level of expertise I very much doubt these spammers possess.

It's possible to track the domain the spam is referring to, find out who the host and ISP are, then file a complaint with interpol.

These attacks are worthless if the sponsors of them are tracked down and hunted like the dogs they are. There'll be a site that's benefiting from the clicks, and that's your culprit.

Logged

0
Offline Offline
God Member
*****
Karma: 2
Posts: 854
Arduino rocks!
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

Quote
Adding captcha with new registrations will render the forum a "less easy" target, and like house thieves, they'll move on to easier pickings.

It already has email verification now, so I don't think a captcha would offer much more help.  I'm all for trying it, but I wouldn't expect it to be any good.

Quote
It's possible to track the domain the spam is referring to, find out who the host and ISP are, then file a complaint with interpol.

They usually link to an IP, not a domain, they have a very, very large botnet pool of IPs, and even if they use a domain, not all countries respect our views on spam and the domains can be registered there.

Quote
These attacks are worthless if the sponsors of them are tracked down and hunted like the dogs they are. There'll be a site that's benefiting from the clicks, and that's your culprit.

It's not often that simple either.  Some of the ways these spammers profit is to sell traffic to a domain to boost the domain in google rankings to increase its resale value (who do you report it to?  google doesn't like to listen and the domain will be sold to the victim by the time anything happens), or selling scam goods like illegal software on a site they set up in 10 minutes and don't care if it's taken down.  Or they force malware onto your computer and get paid a per-download fee from the malware authors.

Fighting spam just doesn't work on the level you're talking about, by the time you track them down and get someone to do something about it, they've moved on 10 times already.
Logged

0
Offline Offline
God Member
*****
Karma: 0
Posts: 731
skcor oniudrA
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

Quote
It already has email verification now, so I don't think a captcha would offer much more help.  I'm all for trying it, but I wouldn't expect it to be any good.

They're exploiting a known YaBB vulnerability, the attacks will stop with captcha added into the registration process. The board isn't just being spammed, it's being flooded - captcha will plug the hole enough for it to stop.

Quote
They usually link to an IP, not a domain, they have a very, very large botnet pool of IPs, and even if they use a domain, not all countries respect our views on spam and the domains can be registered there.

It's not often that simple either.  Some of the ways these spammers profit is to sell traffic to a domain to boost the domain in google rankings to increase its resale value (who do you report it to?  google doesn't like to listen and the domain will be sold to the victim by the time anything happens), or selling scam goods like illegal software on a site they set up in 10 minutes and don't care if it's taken down.  Or they force malware onto your computer and get paid a per-download fee from the malware authors.

Fighting spam just doesn't work on the level you're talking about, by the time you track them down and get someone to do something about it, they've moved on 10 times already.

Unfortunately the spam has disappeared, next time it shows up (if it does) I'll take a look at what they're "desperately" trying to tell the world about. They're not impervious to detection, that's why most of them get caught... eventually smiley-wink

Logged

0
Offline Offline
God Member
*****
Karma: 2
Posts: 854
Arduino rocks!
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

Quote
They're exploiting a known YaBB vulnerability, the attacks will stop with captcha added into the registration process. The board isn't just being spammed, it's being flooded - captcha will plug the hole enough for it to stop.

Interestingly, my site was 100% custom code.  I had what was effectively a multistep process to post anything, the data entry form generated a unique ID that had to be submitted back with the form and each ID was good only once.  I thought that would stop automated spamming, but it only slowed it down very briefly.  Even when I changed the format of the ID to try and break a parser it made no difference, so I really don't know what they were doing.  When I completely deleted the php file that had the code to write my database, the spam stopped instantly.  When I put it back a few weeks later, it restarted almost as instantly.

Quote
Unfortunately the spam has disappeared, next time it shows up (if it does) I'll take a look at what they're "desperately" trying to tell the world about. They're not impervious to detection, that's why most of them get caught... eventually smiley-wink

Wow, how'd you get it to disappear?

I have a moderated area where posts don't go live until I approve them, I've been ignoring it because I have better things to do than delete spam, but it's growing by about 300 spam aday right now.  These posts never show up anywhere on the web, not even a hidden admin page, yet they keep flooding it.
Logged

0
Offline Offline
Sr. Member
****
Karma: 0
Posts: 267
dinosaur cork
View Profile
WWW
 Bigger Bigger  Smaller Smaller  Reset Reset

Is there a way to allow users to mark something as spam, that would then banish the post until it could get looked at? It doesn't make the work load less, but might spread it around.


Logged

0
Offline Offline
Jr. Member
**
Karma: 1
Posts: 64
Arduino rocks
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

Does YaBB keep track of poster's IP addresses? We could start blocking ranges of repeat offenders.
Logged

0
Offline Offline
God Member
*****
Karma: 2
Posts: 854
Arduino rocks!
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

Quote
Does YaBB keep track of poster's IP addresses? We could start blocking ranges of repeat offenders.

I'm sure it does.  But based on my experience with spammers, there are no repeat offenders, they use a distributed spam-bot network.
Logged

0
Offline Offline
God Member
*****
Karma: 0
Posts: 731
skcor oniudrA
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

Ranges can work too, especially if it's originating via satellite cafe's in Europe, Holland in particular. It's one possibility that needs to be weighted against the numbers of legitimate users that'll affect.

I know sites that block entire countries simply because the webmasters got fed up with spam originating from a list of "usual suspects". I won't mention those countries because it's an unfortunate generalization, but the percentage a quite high, and range blocking can make a difference.

YaBBs ok for small forums, but this one ain't small 'no more' so maybe it's time for an upgrade. Amongst the sites we own, are a few adult themed domains including a forum using SMF. We use that with range blocking, email confirmation and captcha, and we don't have any of this nonsense.

Unfortunately there is no easy way to migrate from YaBB because it uses a flat file for every thread and users and the user preferences, rather than a mySql dB back-end. YaBB was aimed at domain owners who didn't have dB services, which was relevant at the time it was released because hosting with dB used to cost a lot once upon a time.

There maybe a script available to do the job, which could be worth investigating if they come up short on solutions. SMF has superior search, and that would be nice to have.
« Last Edit: April 22, 2008, 08:13:31 pm by John_Ryan » Logged

0
Offline Offline
God Member
*****
Karma: 0
Posts: 731
skcor oniudrA
View Profile
 Bigger Bigger  Smaller Smaller  Reset Reset

So, the spammer is using a tripod domain, therefore a complaint can be lodged with tripod.com because it's a breach of their AUP. They'll have a record of the subscribers IP address, and aside from reviewing their own sign-up process, they'll have an idea of "what pool" of IP's the spammer is hiding behind and can make that information available to the FBI so the route can be traced back to the originating IP. If it's a bot attack, they came from "somewhere" and unless the spammer has invented a brand new trick, that person will eventually be discovered.

But a complaint needs to come from the owners of this domain for it to be followed up by the proprietors of tripod, whom can probably do without the headache of potential litigation so I'm sure they'll be quick to act.

You can try contacting them at:-

dns-admin@lycos-inc.com

Tripod is owned by Lycos, Inc

« Last Edit: April 23, 2008, 02:57:54 am by John_Ryan » Logged

Pages: [1]   Go Up
Jump to: