[OT] Spammers gone nuts

[marzo]

Wow. Barely a day or so after the new anti-spam moderation code goes online and I found myself staring at dozens of spam posts -- and all of those by "registered" users, so they don't require moderation.

Anyway, I deleted all of the posts, but kept a list of the user names; is there a way to "freeze" these accounts so they can't post anymore?

The names:

[MV]

Any forum should have the ability to "ban" these accounts, but not delete them, (they are created, so noone can create the same ones again, and they can't be used again).

Were they all from the same source? I'm guessing they were.

[Dominus]

As far as I understood Wjp's comitt message the moderation code has not been activated yet. Anyway the spammer used one IP address which is easier to filter out, I guess (200.118.2.220, btw). But if that is actually going to work I'm not sure, tomorrow he is probably back with another IP.

I deleted some of those as well

[wjp]

Marzo: There are no accounts with the names you list, as far as I can tell.

[Dominus]

the ones I saw were not actual accounts but just anonymous posts with those names.

[marzo]

As far as I understood Wjp's comitt message the moderation code has not been activated yet.

Marzo: There are no accounts with the names you list, as far as I can tell.

Those two explain each other: I had seen your changes commited, and (not knowing anything about PHP) assumed that that was it -- the changes were active and working. That way, I naturally assumed that they were registered users. Not that it would be hard to create a spambot to create multiple registered accounts and make multiple post like those...

I deleted some of those as well

Between writting the first two paragraphs of my first post, and compiling the names/deleting the posts, I might have missed some posts which you deleted -- but I hadn't noticed until you mentioned, I just had a feeling that it seemed to have more messages needing to be deleted.

And today (just now), it just happened again. Seems that spammers have discovered the Phorum...

[Dominus]

Damn annoying spammers!
I noted some IP addresses of the this latest flood, but these were more varied now. Blocking on IP seems to be thw wrong way

[Samatar]

Perhaps a simple password to log on to the forum would prevent the bots from posting spam? I used to have trouble with spam in my guestbook (getting about 10 posts a day and constanttly rising) but now that I use password authentification I don't get them anymore. Not sure if you can do the same thing with a forum.

[SB-X]

I think the spam protection just isn't activated yet.

[Ezric]

One other thing you could consider implementing is a filter that just kills any post with certain keywords. Stuff like "xanax", "viagra", etc.

Somehting else to consider... Maybe you could disable the ability for unregistered users to post. And the first post a new user makes could be held in a queue that needs to be hand-approved before it showed up here. After the first message is approved, they can post freely. That would get rid of spammers AND warez requests (I've noticed that those requesting pirated copies of the games are almost always first-time posters).

[Dominus]

i think the ability to post without registering was left in up to now, so people with problems can easily post their burning question. I hate it when I just want to ask some little thing and need to register with all the hassle that it brings with it.
Also we really would need a more sophisticated user system that would allow resetting one's password and such
It was never planned that we'd have to spend more time administrating the forum than codeing (though the majority of the exult members base isn't doing much exult codeing).

that said, Wjp: a nice add-on for the normal forum view would be a delete option for moderators so one doesn'T have to actually open a spam post. I know the phorum admin page does that, only takes a bit longer to get there

[wjp]

"Maybe"

One other thing I'd like to do is show posts requiring moderation when you're logged in as admin (clearly marked as such), with easy 'approve' and 'delete' access.

[Samatar]

Could you have a "complain" or "Spam" button? So that if enough users click it the post is put into limbo until an administrator can remove it (or restore it if it isn't spam but somehow got moved anyway)? Or would that be too much work...

[PanSola]

Sigh,

perhaps the forum engine needs to be updated to protect against robot spammers.

[Dominus]

somehow the thread Exult 3D R2 http://exult.info/forum/viewtopic.php?p=22576#p22576 is getting stuck on top or near the top, even though there hasn't been anything new in it.

[wjp]

Nothing new, except for about 200 invisible spam posts, that is...

It's a bug that it still gets moved to the top, though.

[Dominus]

yeah, I thought you had fixed this issue and wanted feedback on when it happens again (I guess it's a new issue uncovered by our friendly spam buddies).
How the h... did they get to spam the Exult CVS mailing list?

[drcode]

Isn't the CVS mailing list set to "members only"? SourceForge changed some things recently, so maybe the setting got reset.

[artaxerxes]

this is getting ridiculous. Every day I clean about 3 to 4 posts.

Could we put on a filter, so that a post must contain at least once the word Exult or Ultima in it to allow it to be posted? Or (ugh!) regulated registration?


Artaxerxes

[marzo]

Or (ugh!) regulated registration?

I think I would prefer this, as many on-topic posts contain neither 'Exult' nor 'Ultima' anywhere. And besides, I suppose it would be easy enough for spammers to make their bots add the aforementioned words to any posts.

[Dominus]

Any action discussed here will be burnt anyway (same with actions added to CVS)
Registration might be the only way, coupled with those code word pictures (or the bots will just mass register). Though I really hoped we could circumvent that

[dino]

Guys, I had similar trouble with my guestbook scripts. Once spambots targeted them there was no way to keep them away - no filter or banning or whatever would work.

However, there is a way around it. The spambots target a particular file, so renaming 'gb.php' to 'gb2.php' kept out all the spam for me.

It may be more complicated to do something similar to a forum, but it's a possible solution if you want to consider it.

[fliptw]

most of these find sites using search engines.

you might need to use the robots.txt file to keep the forum out of their search databases.

[marzo]

Registration might be the only way, coupled with those code word pictures (or the bots will just mass register). Though I really hoped we could circumvent that

Just a thought that occurred to me last night: we could use the code word pictures for guest posting as well as for registration; what I mean is this: every post by a guest member would require a code word picture (cwp for short) to prevent bots from posting as guests, while the act of registration would require a single cwp to prevent bots from mass-registering. Perhaps we could also require more cwps of registered users if they want to post 5 or more posts in a single minute or so (to prevent manual registration by spammers, followed by putting a bot to spam with the new ID) or maybe even 2 or more posts in a single minute.

The good thing is that we don't have to disable guest registration and we also are encouraging registration to avoid having to type lots of cwps. Drawbacks include having to implement a good cwp system and the annoyance of guest posters (not that we have many of those...).

Any thoughts?

[dino]

Have you considered what I wrote before? You could save a lot of trouble by renaming a few files and making some minor modifications. You could actually save even more trouble by just renaming your forum folder (e.g. to 'forum2'), so all files retain their original structure. Then you could put some kind of redirection in the original forum folder.

Anyway, it's just an idea. Do what you like.

[Wizardry Dragon]

After coming here to three pages of posts bumped up by spammers, I'd like to volunteer to moderate against such annoyance.
----------
Peter M Dodge aka Wizardry Dragon
Lead Designer,
Ultima VII: The Feudal Lands

[SB-X]

I'll volunteer to moderate as well, if there is no other spam protection method that will stop most of this.
I'm surprised you were able to find this topic to reply, amid the torrent of old spam-revived topics.

[MV]

Oh man, this place is ruined now. Screw it, make registration a requirement with an adminstrator that allows/denies registrations.

I like it how I don't have to yet again have to enter my details for the billionith time to a site so I can post, but dammit, these *#*#@*R#@)$#@$)#@$)!!!!!!!!)@#)$)#$)#$) spammer scum have ruined everything. I still don't know why they bother as I can't imagine anyone clicking on anything they post.

And what is up with that useless bumping of old threads making it a pain to navigate to recent topics? The message posted means nothing to me.

[marzo]

It seems that we are seeing a nascent spammer testing his software -- or maybe an annoying script kiddie with new toys. In any case, I have just (personally) deleted 110 spam posts, give or take a couple posts; most of them were just a stupid "hello, medved" line with random e-mails, but a couple were from "real" spammers (i.e., actually advertised anything). I only regret that I didn't think about looking at the IP addresses until I had deleted all of them...

[MV]

Thank you for your work, it seems back to normal now. I'm still reluctantly up for administrator approved registration to be implemented to help put an end to this garbage.

[Colourless]

Not all that much point looking at IP addresses. They are all 'random' pretty much indicating a Zombie network.

[Dominus]

However, there is a way around it. The spambots target a particular file, so renaming 'gb.php' to 'gb2.php' kept out all the spam for me.

It may be more complicated to do something similar to a forum, but it's a possible solution if you want to consider it.

this worked at least for my guestbook as well but will probably be a waste of time here, since it seems someone is actively trying his different spam attacks here.