Sorry about all the Forum Spam lately


limetech

Recommended Posts

The spammers have figured out how to post to the forum without having a login account - or else maybe they are creating account, posting spam, then deleting account.  Anyway I need to update the SMF software to the latest version, so forum will be down tonight, 14 Dec at approx. 11:30PM MDT.  Hopefully this won't take very long.

Link to comment

Yes I use this one in particular.

http://custom.simplemachines.org/mods/index.php?mod=1547

 

It more or less checks anybody that is going to register against a known spam list and if they match it dis allows them to register.

 

What I did after install is I disabled the nickname check since well some guy with the name of Tom could of been labeled a spammer, but the odds of his nick not being the same guy with a known spammer ip or known spammer email address.

 

This is on my 7year old forum. Of course I haven't been using it ever since, but when I converted from phpBB to SMF I ran the above against it and well it found tons of spammers and removed them.

8879 Spammers blocked up until today

 

This is what it looks like in the admin panel. As well it shows you right when you login if there is anybody that might be a false positive and allows you to pass them. Normally its always a reported email and ip address in the database that matches. I just simply hit the deny and it deletes their attempt to register. I've yet had one person email me or use the contact form and say they tried to register, but could not.

 

Enable/Disable MOD Stop Spammer    X

 

If MOD Stop Spammer is enabled, every time we check a member:

Check their username

Check their email  X

Check their IP      X

 

By default, every time you check a member with MOD Stop Spammer it will check their username, email and IP. If you are getting too many false positives because of their usernames you can turn that option off. We wouldn't recomend you to turn off the another 2 options (to check their email and IP) unless you know what you are doing.

 

 

 

Oh yeah I forgot if you do install this you will find the settings for it under

Registration > Settings.

I'm running 2.0, but I'm guessing the settings are the same for 1.1.12

Link to comment

I see it didn't work - posting as guest means you have a big hole somewhere.  I run a ubb board, spam has not been a problem but we did get hacked once and the whole board was replaced.  They left all kinds of back doors - I basically had to start over from scratch, export the databases and re import them cleaned.

 

A real PIA.

 

 

 

 

Link to comment

I see it didn't work - posting as guest means you have a big hole somewhere.  I run a ubb board, spam has not been a problem but we did get hacked once and the whole board was replaced.  They left all kinds of back doors - I basically had to start over from scratch, export the databases and re import them cleaned.

 

A real PIA.

 

You're not kidding: A real PIA.  When you say hacked, do you mean just your forum or the entire site - that is do you think a vulnerability was exploited in the forum software itself, or do you think your host account got hacked and files were changed/replaced that way?

 

If the former, then is it sufficient to delete all the forum source files and re-install?

Link to comment

Added "Stop Spammer" MOD about an hour ago and has already stopped a couple spammers.

 

In addition, notice is hereby given, any member who has 0 posts and has not visited the forum since 2010-01-01, may be deleted at any time.

Can you consider something similar for the wiki?  Seems like hundreds of spam users are being created.
Link to comment

I am not sure if something else is going on, but I was just trying to send out a couple PM's and I got messages about the inbox's being full.

 

Now it may be that they are full, but I had a huge backlog of PM's and was not full, so it is highly unlike that these accounts where.

 

I changed some of the membergroups and permissions.  I got rid of "Jr. Member" and changed to "Member", and you get that status after 5 posts.  With 0..4 posts is "Newbie" with restrictions: limit 5 PM's (maybe this applies to inbox as well?), can't edit 'additional' profile settings, i.e., signature, a few others.  Wish you were able to prevent embedded links but doesn't seem to have this ability.

Link to comment

I am not sure if something else is going on, but I was just trying to send out a couple PM's and I got messages about the inbox's being full.

 

Now it may be that they are full, but I had a huge backlog of PM's and was not full, so it is highly unlike that these accounts where.

 

I changed some of the membergroups and permissions.  I got rid of "Jr. Member" and changed to "Member", and you get that status after 5 posts.  With 0..4 posts is "Newbie" with restrictions: limit 5 PM's (maybe this applies to inbox as well?), can't edit 'additional' profile settings, i.e., signature, a few others.  Wish you were able to prevent embedded links but doesn't seem to have this ability.

 

OK, I have been sending PM's to 2 different members that have 3 and 1 post.  With the change it seems that I can't get a hold of them anymore, as they probably don't realize the "issue."

 

I should be able to figure something out, but if you could "turn it back" until midnight tonight that would be great!!

Link to comment

I am not sure if something else is going on, but I was just trying to send out a couple PM's and I got messages about the inbox's being full.

 

Now it may be that they are full, but I had a huge backlog of PM's and was not full, so it is highly unlike that these accounts where.

 

I changed some of the membergroups and permissions.  I got rid of "Jr. Member" and changed to "Member", and you get that status after 5 posts.  With 0..4 posts is "Newbie" with restrictions: limit 5 PM's (maybe this applies to inbox as well?), can't edit 'additional' profile settings, i.e., signature, a few others.  Wish you were able to prevent embedded links but doesn't seem to have this ability.

 

OK, I have been sending PM's to 2 different members that have 3 and 1 post.  With the change it seems that I can't get a hold of them anymore, as they probably don't realize the "issue."

 

I should be able to figure something out, but if you could "turn it back" until midnight tonight that would be great!!

 

I changed back to "unlimited".

Link to comment

I changed back to "unlimited".

 

Thanks!! Your welcome to change it back at midnight if you like.  I will let the members I have been talking to start emailing me there questions.

 

Ok.  I've noticed that 'Max PM's for all membergroups is set to 'unlimited' - I can see how this might be abused, so what do you think are reasonable limits?  Maybe 100?

Link to comment

Im sure you already have it set, but make sure you have guests are "not" allowed to post. As well that software only catches known spammers. If you have people that are joining, spamming and then leaving check their ips and send them to the stopforumspam.com So they can't come back and continue to haunt you or others. ;)

Link to comment

I changed back to "unlimited".

 

Thanks!! Your welcome to change it back at midnight if you like.  I will let the members I have been talking to start emailing me there questions.

 

Ok.  I've noticed that 'Max PM's for all membergroups is set to 'unlimited' - I can see how this might be abused, so what do you think are reasonable limits?  Maybe 100?

 

I have mine set to 50. I figure unless your a moderator or somebody that gives a lot of tech support via messages there is no reason to need unlimted. You could always setup member groups based on posts and give those that post a lot more messages since its very obvious they post a lot and more than likely need the extra space. Those with hardly any posts often would not need as much.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.