Forum Spam Grrr

[godinman]

Hi All,

I've just started up a forum using phpBB, and all is going swimmingly, however I seem to get a hell of a lot of spammers, as in, I'll have to ban at least 6 users a day.

So far they have mainly used 3 email domains, which I've banned using the * wildcard on the first part of the address. (They're not well known domains).

Now, looking back pretty much all of the spammers use similar IP addresses, all starting 49.109.*.*. Now, when I do a whois check, they all come up as coming from Latvia, I can ban that entire range of IP addresses.

What would you guys and girls (possibly) do? we only sell to the UK, so, how are IP addresses split up? Would I ban most of Latvia if I banned that range?

Also, any other suggestions for stopping spam? I currently don't allow new user posts to show until I check them, which the spammers must realise, idiots.

Thanks for any help.

 

[Duke]

It'll be bots doing it, so they wouldn't know if the posts show or not. Can you use captcha to stop auto sign ups maybe?

http://www.google.com/recaptcha/captcha

 

[Kevin Clark]

All the captchas have been beaten a long time ago. Banning IPs is largely pointless.

phpBB has a built in Q&A option in the antispam countermeasures section.

Add a non-searchable question and they'll stop immediately.

eg
Enter the first 4 letters of QJDPNFST
With the accepted answer as QJDP

Job's a good un.

 

[godinman]

Reckon it is bots then? I assumed not as you have to do one of those funny picture word things, and also receive and click on your activation email.

I'll have a look and checkout the q&a thing tonight, thanks.

 

[Kevin Clark]

It's 100% bots.
Q&A is definitely the way to go. You'll stop them dead.

 

[demonix]

http://stopforumspam.com/contributions
It might be better to add the anti-spam ACP which should stop most of the spam bots.

Also key captcha does a good job of keeping the bots from registering as it makes you complete a task of some sorts (and it does work as another forum I frequent used that system after being hammered by spam bot registrations and it has kept them out for the best part).

 

[Kevin Clark]

Those systems work fine but it's just another MOD to look after. Trust me, the built in Q&A will work.

 

[godinman]

Thanks for all the input guys.

For now I've gone with the Q&A thing, we'll see how that goes. I've seen the stopforumspam thing, and was thinking of doing this, if my questions fail then I'll try that!

I've gone for this format - 'How many capital letters are in the following word - 'oVERclockers'? Answer - 3, or three. Reckon that'll do the job or am I being cretinous?

 

[Kevin Clark]

You can just be simplistic like I posted before, asking for a certain set of letters from a random set.

The problem with a number answer is that potentially a bot could guess entry by trying a different number each time. After 3 tries it would be in. For the letter it would need 26 attempts at each of the 4 letters (52 is you made it case sensitive). Their failure rate goes up markedly. It's also easier for humans cos they don't really have to work anything out.

 

[godinman]

Oh darn, just done about 15 of them. ! That makes sense tho, I'll change them now.

Thanks a lot.

 

[Kevin Clark]

One is plenty.

 

[kg648]

Just make sure you keep the ruddy thing updated, or you will have a bigger problem on your hands

 

[Magic_x_uk]

how can bots get past catchpa then? thought they had to see the funny shaped letters etc to type it in?

 

[Kevin Clark]

how can bots get past catchpa then? thought they had to see the funny shaped letters etc to type it in?

They worked out how to read them around January. Presumably using some sort of OCR. There was a huge upsurge in spambots getting past conventional captchas then.

So rather than straightforward (for them) options to just 'tell me what's inside this box', sites are being much more effective now by having custom questions or using javascript to allow you to drag the right answer from a selection in to another box. I suspect they'll be effective for another year or two and then probably start to get beaten again. Having said that though, Q&A type mods have been very effective for several years now as it's up to the user what the question is and how it's written so there's no standard registration page for the spambot writers to interpret.

 

[SourChipmunk]

One of the problems with recaptcha is that one word of the set is known, and the other is unknown. The known word can be easily picked up by OCR (which is why it is known). the other word OCR couldn't detect, so the application relies on humans to help and it plays in to their usage (such as project Gutenberg).

Because of this, a bot doesn't have to be correct, it only needs one word.

I wish I had a Q&A for my forums, as I am using an outdated Ikonboard and it doesn't support any kind of bot prevention. Haven't got up the courage to upgrade yet. As a result, I have a ton of filters I'm using:

Banned IPs:

212.*
114.*
91.*
58.*
178.*
46.*
188.*
176.*
182.*
31.*
194.8.*
83.*
195.39.*
95.133.*

Banned emails:

.by
.net
.info
.biz
.ua
.tv
.ru
.ro
.pl
.ws
.in
.cn
.tk
.cc
.us
.org
.ca
.uk
.eu
.cz
.au
aim.com
aol.com
yahoo.co.uk
gmx.com
gmx.co.uk
gmx.us
gawab.com
hotmail.com
gmail.com
mundocripto.com

Those cut down on a lot of spammers. If I remove gmail.com I will get about 40 spam accounts per day, unfortunately. So gmail users have to contact me to preregister. Oh well.

 

[godinman]

Well so far so good, zero spam accounts since yesterday, I normally get them around 3am so looking good so far.

Although I have also banned the following emails -

*@businessinfoservicess.com
*@firsttradelimited.info
*@zeinconsulting.info

So time will tell I guess.

How the heck do these spammers make their money? Just malware downloads and hacks when you go to their site? I just can't think that anyone would be stupid enough to visit their hyperlinks, or respond to the spam in any way.

Odd.

 

[KIA]

How the heck do these spammers make their money? Just malware downloads and hacks when you go to their site? I just can't think that anyone would be stupid enough to visit their hyperlinks, or respond to the spam in any way.

Flogging fake goods. It also increases their search engine ranking by linking back.

 

[Terrier_Jimlad]

My forum (12,000+) members this past week has also been hammered, always had re-catchpa on and also one of 3 basic questions (what is 2+3, what is 5 minus 1 etc etc) but now apparently their scripts can pick these up and answer them for you. I've removed the questions and changed them for things like "If roses are red, violets are?" and low and behold it seems to have stopped them. That's running on IPB3x with their spam service enabled too.

 

[godinman]

Little update, zero spammers since I put the Q&As on. Thanks for that help everyone.

 

[Virus]

My forum (12,000+) members this past week has also been hammered, always had re-catchpa on and also one of 3 basic questions (what is 2+3, what is 5 minus 1 etc etc) but now apparently their scripts can pick these up and answer them for you

Their scripts always could.
The question is only:
- has your forum gotten into spammer database or
- is your resource of interest to be spammed without having it in spambot database

Anyway spammer can answer and put into his database answers any and/or all of your question if your resource is interesting to him and continue.
You simply should change questions on a regular basis

It is senseless to hope that you find a "silver bullet" once and for ever

I've removed the questions

You have not removed, you have sybstituted them

and changed them for things like "If roses are red, violets are?" and low and behold it seems to have stopped them

Stopped whom?
Do you observe less rate of user registrations?

I could understand if roses are rose, then violets are violet
But both roses and violets are flowers with varied colors
What is the correct answer?