Page 1 of 1
[OT] Spammers gone nuts
Posted: Fri Apr 28, 2006 1:48 am
by marzo
Wow. Barely a day or so after the new anti-spam moderation code goes online and I found myself staring at dozens of spam posts -- and all of those by "registered" users, so they don't require moderation.
Anyway, I deleted all of the posts, but kept a list of the user names; is there a way to "freeze" these accounts so they can't post anymore?
The names:
Re: [OT] Spammers gone nuts
Posted: Fri Apr 28, 2006 3:18 am
by MV
Any forum should have the ability to "ban" these accounts, but not delete them, (they are created, so noone can create the same ones again, and they can't be used again).
Were they all from the same source? I'm guessing they were.
Re: [OT] Spammers gone nuts
Posted: Fri Apr 28, 2006 3:38 am
by Dominus
As far as I understood Wjp's comitt message the moderation code has not been activated yet. Anyway the spammer used one IP address which is easier to filter out, I guess (200.118.2.220, btw). But if that is actually going to work I'm not sure, tomorrow he is probably back with another IP.
I deleted some of those as well
Re: [OT] Spammers gone nuts
Posted: Fri Apr 28, 2006 9:01 am
by wjp
Marzo: There are no accounts with the names you list, as far as I can tell.
Re: [OT] Spammers gone nuts
Posted: Fri Apr 28, 2006 9:04 am
by Dominus
the ones I saw were not actual accounts but just anonymous posts with those names.
Re: [OT] Spammers gone nuts
Posted: Tue May 02, 2006 5:44 pm
by marzo
As far as I understood Wjp's comitt message the moderation code has not been activated yet.
Marzo: There are no accounts with the names you list, as far as I can tell.
Those two explain each other: I had seen your changes commited, and (not knowing anything about PHP) assumed that that was it -- the changes were active and working. That way, I naturally assumed that they were registered users. Not that it would be hard to create a spambot to create multiple registered accounts and make multiple post like those...
I deleted some of those as well
Between writting the first two paragraphs of my first post, and compiling the names/deleting the posts, I might have missed some posts which you deleted -- but I hadn't noticed until you mentioned, I just had a feeling that it seemed to have more messages needing to be deleted.
And today (just now), it just happened again. Seems that spammers have discovered the Phorum...
Re: [OT] Spammers gone nuts
Posted: Tue May 02, 2006 9:20 pm
by Dominus
Damn annoying spammers!
I noted some IP addresses of the this latest flood, but these were more varied now. Blocking on IP seems to be thw wrong way
Re: [OT] Spammers gone nuts
Posted: Wed May 03, 2006 5:58 pm
by Samatar
Perhaps a simple password to log on to the forum would prevent the bots from posting spam? I used to have trouble with spam in my guestbook (getting about 10 posts a day and constanttly rising) but now that I use password authentification I don't get them anymore. Not sure if you can do the same thing with a forum.
Re: [OT] Spammers gone nuts
Posted: Wed May 03, 2006 8:02 pm
by SB-X
I think the spam protection just isn't activated yet.
Re: [OT] Spammers gone nuts
Posted: Fri May 05, 2006 6:17 am
by Ezric
One other thing you could consider implementing is a filter that just kills any post with certain keywords. Stuff like "xanax", "viagra", etc.
Somehting else to consider... Maybe you could disable the ability for unregistered users to post. And the first post a new user makes could be held in a queue that needs to be hand-approved before it showed up here. After the first message is approved, they can post freely. That would get rid of spammers AND warez requests (I've noticed that those requesting pirated copies of the games are almost always first-time posters).
Re: [OT] Spammers gone nuts
Posted: Fri May 05, 2006 7:45 am
by Dominus
i think the ability to post without registering was left in up to now, so people with problems can easily post their burning question. I hate it when I just want to ask some little thing and need to register with all the hassle that it brings with it.
Also we really would need a more sophisticated user system that would allow resetting one's password and such
It was never planned that we'd have to spend more time administrating the forum than codeing (though the majority of the exult members base isn't doing much exult codeing).
that said, Wjp: a nice add-on for the normal forum view would be a delete option for moderators so one doesn'T have to actually open a spam post. I know the phorum admin page does that, only takes a bit longer to get there
Re: [OT] Spammers gone nuts
Posted: Fri May 05, 2006 10:17 am
by wjp
"Maybe"
One other thing I'd like to do is show posts requiring moderation when you're logged in as admin (clearly marked as such), with easy 'approve' and 'delete' access.
Re: [OT] Spammers gone nuts
Posted: Sun May 07, 2006 5:53 pm
by Samatar
Could you have a "complain" or "Spam" button? So that if enough users click it the post is put into limbo until an administrator can remove it (or restore it if it isn't spam but somehow got moved anyway)? Or would that be too much work...
Re: [OT] Spammers gone nuts
Posted: Fri May 19, 2006 11:51 pm
by PanSola
Sigh,
perhaps the forum engine needs to be updated to protect against robot spammers.
Re: [OT] Spammers gone nuts
Posted: Sun Jun 18, 2006 3:50 pm
by Dominus
somehow the thread Exult 3D R2
http://exult.info/forum/viewtopic.php?p=22576#p22576 is getting stuck on top or near the top, even though there hasn't been anything new in it.
Re: [OT] Spammers gone nuts
Posted: Mon Jun 19, 2006 2:41 am
by wjp
Nothing new, except for about 200 invisible spam posts, that is...
It's a bug that it still gets moved to the top, though.
Re: [OT] Spammers gone nuts
Posted: Mon Jun 19, 2006 4:25 am
by Dominus
yeah, I thought you had fixed this issue and wanted feedback on when it happens again (I guess it's a new issue uncovered by our friendly spam buddies).
How the h... did they get to spam the Exult CVS mailing list?
Re: [OT] Spammers gone nuts
Posted: Mon Jun 19, 2006 1:26 pm
by drcode
Isn't the CVS mailing list set to "members only"? SourceForge changed some things recently, so maybe the setting got reset.
Re: [OT] Spammers gone nuts
Posted: Wed Jun 21, 2006 3:30 am
by artaxerxes
this is getting ridiculous. Every day I clean about 3 to 4 posts.
Could we put on a filter, so that a post must contain at least once the word Exult or Ultima in it to allow it to be posted? Or (ugh!) regulated registration?
Artaxerxes
Re: [OT] Spammers gone nuts
Posted: Wed Jun 21, 2006 5:43 am
by marzo
Or (ugh!) regulated registration?
I think I would prefer this, as many on-topic posts contain neither 'Exult' nor 'Ultima' anywhere. And besides, I suppose it would be easy enough for spammers to make their bots add the aforementioned words to any posts.
Re: [OT] Spammers gone nuts
Posted: Wed Jun 21, 2006 7:48 am
by Dominus
Any action discussed here will be burnt anyway
(same with actions added to CVS)
Registration might be the only way, coupled with those code word pictures (or the bots will just mass register). Though I really hoped we could circumvent that
Re: [OT] Spammers gone nuts
Posted: Thu Jun 22, 2006 11:20 pm
by dino
Guys, I had similar trouble with my guestbook scripts. Once spambots targeted them there was no way to keep them away - no filter or banning or whatever would work.
However, there is a way around it. The spambots target a particular file, so renaming 'gb.php' to 'gb2.php' kept out all the spam for me.
It may be more complicated to do something similar to a forum, but it's a possible solution if you want to consider it.
Re: [OT] Spammers gone nuts
Posted: Sun Jun 25, 2006 8:47 pm
by fliptw
most of these find sites using search engines.
you might need to use the robots.txt file to keep the forum out of their search databases.
Re: [OT] Spammers gone nuts
Posted: Sat Jul 01, 2006 9:14 am
by marzo
Registration might be the only way, coupled with those code word pictures (or the bots will just mass register). Though I really hoped we could circumvent that
Just a thought that occurred to me last night: we could use the code word pictures for guest posting as well as for registration; what I mean is this: every post by a guest member would require a code word picture (cwp for short) to prevent bots from posting as guests, while the act of registration would require a single cwp to prevent bots from mass-registering. Perhaps we could also require more cwps of registered users if they want to post 5 or more posts in a single minute or so (to prevent manual registration by spammers, followed by putting a bot to spam with the new ID) or maybe even 2 or more posts in a single minute.
The good thing is that we don't have to disable guest registration and we also are encouraging registration to avoid having to type lots of cwps. Drawbacks include having to implement a good cwp system and the annoyance of guest posters (not that we have many of those...).
Any thoughts?
Re: [OT] Spammers gone nuts
Posted: Sat Jul 01, 2006 9:31 am
by dino
Have you considered what I wrote before? You could save a lot of trouble by renaming a few files and making some minor modifications. You could actually save even more trouble by just renaming your forum folder (e.g. to 'forum2'), so all files retain their original structure. Then you could put some kind of redirection in the original forum folder.
Anyway, it's just an idea. Do what you like.
Re: [OT] Spammers gone nuts
Posted: Sun Jul 30, 2006 8:53 am
by Wizardry Dragon
After coming here to three pages of posts bumped up by spammers, I'd like to volunteer to moderate against such annoyance.
----------
Peter M Dodge aka Wizardry Dragon
Lead Designer,
Ultima VII: The Feudal Lands
Re: [OT] Spammers gone nuts
Posted: Sun Jul 30, 2006 9:04 am
by SB-X
I'll volunteer to moderate as well, if there is no other spam protection method that will stop most of this.
I'm surprised you were able to find this topic to reply, amid the torrent of old spam-revived topics.
Re: [OT] Spammers gone nuts
Posted: Sun Jul 30, 2006 12:58 pm
by MV
Oh man, this place is ruined now. Screw it, make registration a requirement with an adminstrator that allows/denies registrations.
I like it how I don't have to yet again have to enter my details for the billionith time to a site so I can post, but dammit, these *#*#@*R#@)$#@$)#@$)!!!!!!!!)@#)$)#$)#$) spammer scum have ruined everything. I still don't know why they bother as I can't imagine anyone clicking on anything they post.
And what is up with that useless bumping of old threads making it a pain to navigate to recent topics? The message posted means nothing to me.
Re: [OT] Spammers gone nuts
Posted: Sun Jul 30, 2006 1:55 pm
by marzo
It seems that we are seeing a nascent spammer testing his software -- or maybe an annoying script kiddie with new toys. In any case, I have just (personally) deleted 110 spam posts, give or take a couple posts; most of them were just a stupid "hello, medved" line with random e-mails, but a couple were from "real" spammers (i.e., actually advertised anything). I only regret that I didn't think about looking at the IP addresses until I had deleted all of them...
Re: [OT] Spammers gone nuts
Posted: Sun Jul 30, 2006 2:04 pm
by MV
Thank you for your work, it seems back to normal now. I'm still reluctantly up for administrator approved registration to be implemented to help put an end to this garbage.
Re: [OT] Spammers gone nuts
Posted: Sun Jul 30, 2006 3:32 pm
by Colourless
Not all that much point looking at IP addresses. They are all 'random' pretty much indicating a Zombie network.
Re: [OT] Spammers gone nuts
Posted: Sun Jul 30, 2006 11:01 pm
by Dominus
However, there is a way around it. The spambots target a particular file, so renaming 'gb.php' to 'gb2.php' kept out all the spam for me.
It may be more complicated to do something similar to a forum, but it's a possible solution if you want to consider it.
this worked at least for my guestbook as well but will probably be a waste of time here, since it seems someone is actively trying his different spam attacks here.