Recent Topics

1 Jun 13, 2006 10:19    

A year back I gave up on accepting unsolicited comments on any of my blogs and have never looked back. I have enabled user registration and signposted visitors to the fact that they have to register to comment and this seems to work fine with many people registering to post comments.

Now I'm starting to see a new trend. PHPbb forums seem to be getting hit with registration spam and I have a couple of forums getting hit. the problem is growing so it'll have to be tackled. Now I've started to see some registrations on my B2 EVO set ups which are clearly not genuine. Strangely the www filed was not filled in which is what I would assume would be the reason for soemone called "Buy V**gra" to do. I'm hoping this does not grow cos self registration was my way round a problem which could now prove to be the cause of it.

This is not a question just a heads up to something that may grow into a problem.

2 Jun 13, 2006 10:36

It never ceases to amaze me how much effort spammers put into bypassing systems which are in place purely to tell spammers to take their shit and shove it where the sun doesn't shine ......... hang on, that's England .......

I've also noticed this on the forums that are hosted on my server and on the help desk of a search engine I help maintain....... which has got to be the dumbest spam in the world as we have free listings and anybody can add their website (until I finish the recode which will have several antispam measures in place to try and stamp out their crap).

Damn I hate spammers but it's considered impolite to shoot them :|

¥

3 Jun 13, 2006 10:45

Maybe we should be putting more effort in to lobbying politicians to outlaw the practice and go after companies that produce software to trawl forums and stuff

4 Jun 13, 2006 11:19

Or, we could just get society to agree that it's not impolite to shoot them? :roll:

The main problem with trying to outlaw it is that they would just move their business to a country where the laws don't apply, which is a simple enough thing to do on the internet. I don't know if you've seen the recent news regarding a torrent site called The Pirate Bay ( http://news.bbc.co.uk/1/hi/technology/5045974.stm ). Basically it operates out of Sweden (or used to, it's now "moved home") because it's not breaking any Swedish law (although this may now get contested in their courts).

I have thought of writting my own automated spamming software (with a detectable "signature") so that I can make a fortune selling it to muppets that think that spamming is a great idea. I'd make the "signature" publicly available so that every man and his dog can stop it at the door ..... ok, maybe I'm not going to really do that but, the only real way to stop spam is to make the act of spamming to expensive to be cost effective.

One of the things I am currently looking into is ways of "networking" groups of websites/blogs/forums so that if a spammer hits any one of them they inform the rest of the network and get barred from all of them (similar to how the centralised blacklist works for evo but a tad more "real-time"). My eventual goal is to make it publicly available so that people can create their own "networks" (which can include sites already in other networks) so that increasingly bigger sections of the internet are closed off to spammers automatically.

Of course, this runs the risk of false posatives as spammers are constantly trying to pollute all forms of blacklist (for example, a recent method they use is a yahoo search url which will bring their site up at number one, after all, who's going to block yahoo?).

Maybe we could just shoot to wound, would that be seen as too impolite ?

¥

5 Jun 13, 2006 15:58

¥åßßå wrote:

Maybe we could just shoot to wound, would that be seen as too impolite ?

¥

Speaking as a gun-toting American: yes. If you're going to cap someone do it right: drill a half-inch hole right between their eyes so you KNOW they saw it coming. You then get to curse their corpse because *they* made you have to clean your gun. ;)

Back to spammers registering for b2evolution sites though, it's not that big a deal unless you're hacked up to allow the new registrant automatic permission to post stuff. So how about if registering was protected with something like a captcha or a challenge/response system? That shouldn't be too hard to do since all the pieces already exist.

I just thought of something! A spammer registers. You've got it's IP address AND browser thingie, so how about a way to ban the combination from ever playing in your sandbox again? A bit more focused than just an IP block, and not dependent on keyword lists.

Or we just cut to the chase and go with handguns at close range.

6 Jun 13, 2006 16:19

from over at the phpBB forums - spammers are getting past CAPCHA - they're getting past mine. I gotta upgrade to a new one just out but all this time spent battling with these cretins takes a big chunk out of your day

7 Jun 13, 2006 16:43

Consider my Simple Turing Test hack then (search the forums - I think it's in the "plugins and hacks" forum "fighting spam" subforum). It is NOT a drop-in replacement for captcha so you'll have to figure out the hackage to use it on the registration front door, but it's almost unbeatable because the exact text the wannabe has to answer is entirely unpredictable and does not even have to be on your page. For example ask people to type "The day after Sunday is?" and expect them to type "Monday". Or "The month with New Years Day is?" Or "My domain name is?"

Heck if you were really REALLY smart you could say "Now type your login ID backwards" then figure out how to reverse the login ID string and compare it to the submitted 'proof of humanity'. That'd be a neat one eh?

8 Jun 13, 2006 21:01

I mentioned starting to "registration spam" a cpl weeks ago. My personal solution has been mod_security.

If you have it available, I reccommend taking advantage of it.

9 Jun 13, 2006 21:09

My personal solution has been mod_security

could you expand on that a little please. What is mod_security

11 Jun 13, 2006 22:44

I just thought of something! A spammer registers. You've got it's IP address AND browser thingie, so how about a way to ban the combination from ever playing in your sandbox again? A bit more focused than just an IP block, and not dependent on keyword lists.

Browser signatures and IPs change on each request, most of the times.

The hooks to provide a captcha are already present in CVS, see: http://www.hahler.de/htsrv/register.php - where the captcha_img_plugin gets used.

12 Jun 14, 2006 11:11

[offtopic]
EdB wrote:

Speaking as a gun-toting American: yes. If you're going to cap someone do it right: drill a half-inch hole right between their eyes so you KNOW they saw it coming. You then get to curse their corpse because *they* made you have to clean your gun. ;)

Hmmmm, that sounds perfectly logical to me ;)
[/offtopic]

¥


Form is loading...