Sorry about all the Forum Spam lately

[limetech]

Im sure you already have it set, but make sure you have guests are "not" allowed to post. As well that software only catches known spammers. If you have people that are joining, spamming and then leaving check their ips and send them to the stopforumspam.com So they can't come back and continue to haunt you or others.

 

Well the 'Global Board Permissions' for Guests had all posting/replying off... but, the Announcement board for some reasons had Reply enabled for Guests   I don't know how that happened, but it's off now.  I don't think all the spam was in the Announcement board only tho...

[Joe L.]

I changed back to "unlimited".

 

Thanks!! Your welcome to change it back at midnight if you like.  I will let the members I have been talking to start emailing me there questions.

 

Ok.  I've noticed that 'Max PM's for all membergroups is set to 'unlimited' - I can see how this might be abused, so what do you think are reasonable limits?  Maybe 100?

I'm reasonably certain I've sent more than 100 PM's in helping people.

 

Joe L.

[limetech]

Added "Stop Spammer" MOD about an hour ago and has already stopped a couple spammers.

 

In addition, notice is hereby given, any member who has 0 posts and has not visited the forum since 2010-01-01, may be deleted at any time.

 

With this tool you can select a page-full of members and submit them to http://www.stopforumspam.com/.  What I'm finding is there are numerous members that show up on that list.  Most have never posted and either never visited or visited last a long time in the past.  So.. if these are all spammers, why haven't I've seen far more spam?

[limetech]

I changed back to "unlimited".

 

Thanks!! Your welcome to change it back at midnight if you like.  I will let the members I have been talking to start emailing me there questions.

 

Ok.  I've noticed that 'Max PM's for all membergroups is set to 'unlimited' - I can see how this might be abused, so what do you think are reasonable limits?  Maybe 100?

I'm reasonably certain I've sent more than 100 PM's in helping people.

 

Joe L.

 

Yep, I'm going to keep 'Hero Member' PM's set to unlimited.

[kizer]

Added "Stop Spammer" MOD about an hour ago and has already stopped a couple spammers.

 

In addition, notice is hereby given, any member who has 0 posts and has not visited the forum since 2010-01-01, may be deleted at any time.

 

With this tool you can select a page-full of members and submit them to http://www.stopforumspam.com/.  What I'm finding is there are numerous members that show up on that list.  Most have never posted and either never visited or visited last a long time in the past.  So.. if these are all spammers, why haven't I've seen far more spam?

 

There are so many forums out there and so many different anti-spam checks setup in the various forums that they might of signed up either via robot or script and either forgot to come back or they recieved an error running their scripts because forum code has changed and they never updated theirs. When I ran phpBB2 long time ago I would of been hit with 10-15 messages per week, but since I've switched to SMF my spam content has dropped big time.

 

I of course I personally have a handful of moderators to move said spam to a Staff only section so regular members do not have to see it and as the Admin with a second I/we double check said reported spam and add the spammer to the spam list and keep it clean. From what I can tell we do not have that check in place so you might/will have some spam because spammers are sneaky by changing email accounts often and some even use dialup or use proxies to avoid getting caught.

[prostuff1]

Yep, I'm going to keep 'Hero Member' PM's set to unlimited.

 

Appreciate that!!

[Ken R.]

 

You're not kidding: A real PIA.  When you say hacked, do you mean just your forum or the entire site - that is do you think a vulnerability was exploited in the forum software itself, or do you think your host account got hacked and files were changed/replaced that way?

 

If the former, then is it sufficient to delete all the forum source files and re-install?

 

Yes, they started one of those phishing sites right in the forum software, you know the kind that pretend to look like a bank so people will enter passwords and such.  They also left a bunch of backdoors right in the ubb code so they could keep coming back.  I found the modded code because they didn't even bother to reset the file dates, but decided the only way to be sure was to export the databases, reinstall everything, and re-import the databases, then upgraded to the latest code - so far so good.

 

 

One thing I think really helped in the newer code was members had to get email verified and go through the CAPTCHA bs before they could post - although I hear spam robots can break CAPTCHA now days.

 

[kizer]

Or worst case people actually manually sign up for forums and email addresses and simply pass the info to other who logins and does the damage. The original person who registers never does anything so his/her IP isn't listed as a spammer and the actually spammer uses dailup accounts or bounces from proxy to proxy to hide his/her real IP.

 

I know it sounds bad, but I litterally banned all of

*.cn

*.ru

*.pl

 

and several other domains simply because I run a Jeep site and the odds of wheeling with them was rather slim, but I've seen tons of spam attempts from them. big one being *.cn which is china

[BRiT]

On the couple of vBulletin sites I run or help run, we're close to most of those same country domains being banned as well.

 

I spent an evening scouting around various open proxy listings to create an extensive list of class D and class C IPs to import into our ban list. After that was done, it drastically cut down on spam-bots and trouble makers. We also have quite a few open email services banned too, typically the ones hit hard by spam-bots. We still have some spam-bots attempt to sign up, but we also require a certain number of posts before they can post links. We also have anti-spam addons enabled that will force moderation on posts if they trigger the spam thresholds. This is in addition to the captcha and email verification steps. It's very rare that an actual spam message makes it past these checks and is actually seen by the public.

[limetech]

The 'Stop Spammer' mod will look up the nickname/email/ip-address of a registration request and if found in the stopforumspam database, move to "Awaiting Approval".. ok seems reasonable (actually I have the 'nickname' omitted from the check per kizer's advice).

 

BUT here's what I've noticed.  There are already a couple dozen registration requests sitting in the Awaiting Approval list and they all have their IP address flagged and maybe half of them have their email address flagged.  Since most folks these days are not given static IP addresses by the ISP's, isn't it possible that some poor guy happens to get assigned an IP address which was formally used by a spammer?  Seems like this could generate a lot grief for him, not the least of which is being blackballed from joining any forum using the stopforumspam database.  The alternative is to only deny registration to email address matches, but that will probably let a lot of spammers through... anyway, this has been an educating experience - but I could have done without this knowledge

[bubbaQ]

I do the same as kizer, and have blocked several top-level domains such as .cn

 

When reviewing registrations tagged as spam, it is usually not hard to immediately recognize them by the names or e-mail addy's as being generated.

 

SMF has a reject and send e-mail option.  Anybody that is flagged as spam, but looks like they might be legit, I used the reject and send e-mail option, telling them they spam filter blocked them, and if they are legit, to e-mail me back.

[kizer]

limetech,

 

Normally if the email address is flagged I practically always reject them, but like you said the ones with the Ip's I normally let them go simply because like you mentioned they might of been a victim of a dynamic IP and like you said somebody else's wrong doings.

 

I do feel sorry for you a bit tom, your forum is a lot larger than mine so its a lot harder to patrol, but its been a habit of mine when I login to quickly scan the members section by newest members and take a quick look at who registered last and what they posted. Normally you will not see any spam, but sometimes you will see 0 posts or that one spam you where looking for. As soon as I see spam I visit their profile and use the check URL and add them to the stopspam site. Then from there I do my thing of deleting the post and/or checking their domain they visited from to determine if I have had enough posts from it to ban it.

 

Your biggest problem is going to be the selection. You probably get users from all over the place and to ban say *.cn is kinda hard because you might actually have real members or users from there unlike myself who doesn't foresee much 4Wheelin in Jeeps.

[BRiT]

When I see IPs flagged as spam-related I do a quick look at what it is, if it's a residential type I usually let the user on through, but if it's more commercial or non-dynamic IP I keep them blocked. If the IP is in a range of recent troublesome IPs, I usually keep the ban after I upscale it to a higher class; a Class D ban (a.b.c.d) now becomes Class C wildcard ban (a.b.c.*) and sometimes in really troublesome cases it becomes a Class C range wildcard ban (a.b.[x-y].*).

 

The residential ISPs like Comcast or Time Warner or AT&T or Rogers or British Telecom or Telstra tend to provide reverse name lookups to customers. The commercial type that's typically spam-based usually do not resolve to a domain name so are numeric IPs only. It's kind of hard to remember and describe what is residential type and what is commercial type, but after 10 years of running online forums it's become second nature where you just know these things.