I think we are all pretty tired of all of the spam we have been getting recently. I know Mark420 is pretty irritated by the situation.
It seems pretty clear that someone has targeted the keyword "New" and likes to spam topics that have recently been posted to with "New" in the topice title. I'm not sure what exactly the trigger is for this mechanism but it isn't fully automated because we m^e turned validating on a feww weeks ago.
I suppose someone could have gone to the trouble to write a script to check a default email box for all of these ghost email address and gone from there but the measure does slow them down a bunch.
I'm not interested in the idea of banning "New" from the topic title and we do still have a problem but the staff has been very good about reducing spam!
Here is what we know:Nearly all of our spammers post only a single message.They want to avoid detection by only posting once.The staff suspends their account or hosting ability before they can post again!
Most of these people have a warning level increase and/or account suspension.Frequently their email domains are used over and over again.They have a short list of IP addresses to use.With this information, we can find an even larger number of spammers on our forums and remove their ability to harm us.
Using only the first two item in the list above, I have found a vast number of email domains and IP addresses to filter. Additionally, I have filter a few more parameters for usable usernames. With these filters, I have targeted 453 existing members! Only 13 of those accounts heve more than one post and most (309) have zero posts. The truth of the matter is that only one of the 453 members in the list was ever active in any way and hasn't been here in over six months with only 22 posts!
The others are obviously spammers that have had a number of posts deleted.
Anyhow, if these filters had been here since September 2004 when the website started, we would have 453 less spammers.
Of course, this isn't perfect. They need only use a different email address, IP address, or username to get around this but do they want to work that hard to promote their product?
Thanks vujsa, I've been maintaining a list of IP addresses I'd been banning, but so far, only have noticed one repeated. 453 spammers, wow. That's a lot. It's about time we made some changes to make their lives a little tougher.~Viz
Talking about IP addresses vujsa, do you need a list of them or is there a way to filter out which members are banned? I have just been deleting posts and banning the idiots immediately.In the ACP, I can search the member list for members with Moderator suspensions or altered warning levels. This gives me a list of spammers usually and that list can include their IP addresses and Email Addresses.
Talking about IP addresses vujsa, do you need a list of them or is there a way to filter out which members are banned? I have just been deleting posts and banning the idiots immediately.
When you begin to crossreference the IPs and emails, you get an even larger list of spammers. Then I check that list to find out the number of posts and various dates for the user to determine if they are truly spammers.
Basically, here is an obvious spammer:
1 or 2 posts, email domain and/or IP address is used by known spammers, last post, last active, and and date joined are all within 30 minutes.
This of course leads us to another spammer.
If enough spammers use the same information, that information gets filtered so new members can't join with any of that data.
But, we don't want to filter too much or we will begin to prevent decent people from joining as well.
The idea is to make Xisto too much trouble to spam by the big spammers. The little guy will still get a few in since he won't fit any rules.
I haven't gotten everyone yet and I'm still researching the situation but IP addresses would help. I really need to figure out the right querry to search only for IP or email addresses that are duplicated. My MySQL skills are still being developed.
Today I deleted about 5 spam messages
And the same amount on two of my forums (which even aren't this big), so I decided to do something about it.What I did was change only two files in IPB that are connected to registering new users. I'd advise you to do the same, at least to try out the method. As you know, when registering, bots need to deal with image verification, which they somehow manage to do (presuming that these ARE automated bots). Of course, they have to follow a patter, since they also attack other IPB forums - so we need to break the pattern.On the registration page I added another verification field, which contains a 10-letter string provided to the user. Basically, you just have a piece of text saying "Copy this string into the box below". Simple enough for a human being, but impossible for a bot who is not expecting that kind of confirmation. Besides that, there is also a hidden field containing the string; that's because you need to send the server something to compare the input with. This is done in skin_cache/cacheid_2/skin_register.php.Furthermore, you also need to add some code to the sources/register.php file. Near the 1170th line in IPB 2.0.0 (my version) there is the part of the code that check whether image verification is OK. That's where you would add the PHP code to compare user input to the supplied (original) string. If they are not equal, you would do the same as for image verification - so it's just copying an already existing piece of code.Now, I know this might sound a little complicated, since I didn't explain it well, but it is extremely easy, and also seems to be effective.P.S. The random string I am using is substr( md5( time() ), 0, 10).
Well, I don't have direct file access here so I can't do this myself. I will however pass the suggestion on. I think that while your method will trick the majority of IPB spambots, it wouldn't require much for the bot to be reprogrammed to read the extra code.Of course, then the bot only works here but maybe we are worth it! I think modifying the image generator to create a larger, more complex code would be better.This is really getting out of hand. I hope that the next IPB upgrade will slow these guys down.In the mean time, I need for all of the staff to stop deleting the spam! Please set to invisable and move to the spam forum. Go ahead and suspend the user's posting ability but don't delete the post.The post has a lot of useful information to use against the spammers like the IP address.Spammers may register with one IP and post with another. Also, it is easier to find them in the database when I have their usernames and IP addresses. Also, this allows me to cmove them to the spammer group where I can track them more easily as well.I can delete the posts after I have used all of the information.Thanks,vujsaIt seems that the method is working - I have had no bots registering on my forums for the past day, which is unusual (but in a positive way)
Well, I don't have direct file access here so I can't do this myself. I will however pass the suggestion on. I think that while your method will trick the majority of IPB spambots, it wouldn't require much for the bot to be reprogrammed to read the extra code.Of course, then the bot only works here but maybe we are worth it!
If we implement this, and someone decides to code the bot just for this forum, it's the same as if he registeres himself, against which we cannot fight.
Good move Pyost ;)Maybe im a bit dumb but if the spam post is a reply I can only delete it..I cannot set it to invis..If its a Topic then sure it can moved and set to invis..or am I missing something?
You can move a single post to another topic by using the little checkbox in the upper right corner. Now, if this topic were in the Staff section.. You get my point
aha now i see. it doesnt work to well in Opera..prolly why i didnt notice it before
thanks, that makes our job much easier ;)I hate spam, but haven't seen any since my "useless" post
thanks, that makes our job much easier
I hate spam, but haven't seen any since my "useless" post
Has this problem gotten better? I have spent a great deal of time analyzing the database trying to find patterns for the spammers and add filters as a result.
By having the spam moved to the spam forum instead of deleted, I have had more luck getting filters applied. I haven't been able to find every member with a warning level increase or suspension that is a spammer. The only way I can find them for sure is if we keep the post until I can deal with it. Otherwise, we need usernams and IP address listed somewhere which is a pain. The reason that just IP's or usernames won't work is because a member can register with one IP, login with another IP, and post with even more IP addresses.
It seems to me, not that I see everything here, that the situation is getting better. Is this my imagination or is it reality?
Anyhow, mastercomputers has also been working on the problem and adding filters which is helpful.
Any feedback would be great here.
I think its getting better also.
I think we should keep this topic open and just set spam posts to invis and dump them here
so the admins can sort them out.
To move a single post highlight it with the little tickbox on the top right of the post and select it for Moderation, set it to invisable..click the check box again then move the post, it will ask for a topic ID..enter 14457 and then it will be moved.
Keep up the good work ppl
we WILL win the spam war
Wow, the upgrade has completely stopped the spam as far as I can see.I haven't seen a spam post or report since we upgraded!I hope that by the time the spammers get new bots to penetrate this version of IPB, we will either have upgraded again or that our new filters will slow them down a lot more be fore we do get upgraded!Thanks for all of the hard work everyone has done to keep the spam off our board.vujsa
|VIEW DESKTOP VERSION||REGISTER||GET FREE HOSTING|