You are not logged in.
Is it really necessary to provide the username and email address of a spambot ?
We have a captcha validation in place on our forum, and have noticed certain IP addresses making several failed attempts at registering (or posting into a the guest section), within a short time.
Which means that we don't have enough information at hand to submit it to stopforumspam database.
Should we really not care about such IP addresses ?
Offline
> Is it really necessary to provide the username and email address of a spambot?
It certainly helps other forum admins update their spam lists. By allowing other users of this site to harvest the information that everyone else submits, we can apply the appropriate ban filters, taking a more proactive approach to spammer control.
Offline
mj12 wrote:
It certainly helps other forum admins update their spam lists. By allowing other users of this site to harvest the information that everyone else submits, we can apply the appropriate ban filters, taking a more proactive approach to spammer control.
Correct me if I'm wrong, but forum admins don't really need all the three pieces of information (ip, email, username) to update their spam lists - just one of these is sufficient.
I think you missed the part after the first sentence in my post.
On our forum, we get multiple failed attempts at registration (failing to pass captcha) - every single day - from certain IPs.
Since the registration doesn't succeed, I only have the IP address - that I know is being used by a spambot.
Isn't that information useful or worth sharing ?
Offline
Certainly is IMHO
Offline
Data Warehousing Forum wrote:
Since the registration doesn't succeed, I only have the IP address - that I know is being used by a spambot.
There are several ways to get around this; for example, storing the posted information in another table for 'failed registrations', or mailing the posted information of any failed registrations to your email. You don't need to settle with just what you get. I modify (within applicable boundaries) everything to suit my needs and to get what I want from them.
Having all three credentials is a much better approach as it is more specific and refined than just the IP alone.
Offline
julz wrote:
There are several ways to get around this; for example, storing the posted information in another table for 'failed registrations', or mailing the posted information of any failed registrations to your email. You don't need to settle with just what you get. I modify (within applicable boundaries) everything to suit my needs and to get what I want from them.
You might be good with programming.
I personally don't think "storing the posted information in another table for 'failed registrations', or mailing the posted information of any failed registrations to your email" is an easy job.
I'm running a Simple machines forum, with a mod that enforces CAPTCHA validation at the time of sign-up.
julz wrote:
Having all three credentials is a much better approach as it is more specific and refined than just the IP alone.
Let's consider a bot that keeps registrering forum accounts with random usernames and email addresses. (and so it was until I put the CAPTCHA in place)
There's no practical limit to how many random username/email combinations it could generate - from the same IP.
Does it make more sense to store & report every single one of these username/email combinations ? Or to store & report just the one IP in question ?
"more specific and refined" is not necessarily the better approach, in my opinion.
What I'm doing right now is :
- Look at the forum error log for the IPs failing CAPTCHA multiple times.
- Lookup these IP addresses here and at projecthoneypot.org for known spam behaviour
- add the offenders to the ban list
(all done manually - did I mention I wasn't real good with php?)
All I want is a way to contribute.
But if it isn't possible, that's still very fine by me ! 
Last edited by Data Warehousing Forum (2008-03-20 6:56 am)
Offline
Data Warehousing Forum wrote:
julz wrote:
Having all three credentials is a much better approach as it is more specific and refined than just the IP alone.
Let's consider a bot that keeps registrering forum accounts with random usernames and email addresses. (and so it was until I put the CAPTCHA in place)
There's no practical limit to how many random username/email combinations it could generate - from the same IP.
Does it make more sense to store & report every single one of these username/email combinations ? Or to store & report just the one IP in question ?
"more specific and refined" is not necessarily the better approach, in my opinion.
That kind of bot is not the only kind in existence, however. Take the bot I identified in this thread. It's a spambot coupled with a name generator. The bot draws off a set list of beginnings and endings to compose names for its email addresses.
That bot was responsible for more than an eighth of the spam I'd identified at the time, and without the username/email information(specifically email in this case), I wouldn't have been able to find it.
All I'm saying is this: don't discount the information you don't have just because you don't have it.
(As a side note: The forum software I'm running doesn't record an IP address unless a post is made, and most if not all of the entries I recorded from that spambot were userlist spam (registrations without posts), so all I have are the usernames and emails. I decided not to post those entries to this site. What you do is between you and Russ)
What I'm doing right now is :
- Look at the forum error log for the IPs failing CAPTCHA multiple times.
- Lookup these IP addresses here and at projecthoneypot.org for known spam behaviour
- add the offenders to the ban list
(all done manually - did I mention I wasn't real good with php?)
... I do my scanning and adding manually as well, so you're not alone. :¬)
Offline
Based on my own experience with forums, I set it up to require all three parameters because they should be available upon every registration attempt.
I think that having all three present helps validate the entry rather than simply providing a list of IPs or usernames.
Of course, all three elements are transient, since spammers have an almost unlimited repository of email addresses, usernames, and IPs to work with.
A lot of people have requested the ability to just submit IP addresses without the other stuff. Others say they don't have access to the IPs and just want to submit usernames and emails instead. I'm honestly not sure what to change without it making a mess of the database.
I may open it up to allow partial entries, but I think it might make for some false positives without the extra info. We'll see.
Offline
Russ,
I am facing this same problem. I operate a very large forum ( over 5,000 members) and am just getting into trying to eliminate Spam-Bots.
So far I have banned over 140 of them, many using the search feature on your website.
I am also finding many that are not listed with stopforumspam, that I would like to add to your database. I went through the API process and registered on this forum, only to find out that I can't submit to the database because you require all thee parameters.
I am one forum owner that can't get access to IP addresses until the user makes a post. These Spammers that I am dealing with never post, they just register and Spam the member list.
I would love to contribute to your database, but see no way to do it because I only have access to Username and email address most of the time.
Offline
If it's phpBB2 you are running then the following should allow you to contribute with all of the info 
http://www.stopforumspam.com/forum/t97- … 2.0-PHPBB2
Offline
I am not running phpBB2, or any other of that type of forum. I do not have access to any kind of programming other than how the forum looks visually and the settings. The whole board is a product that is created and run by Best Boards. I have to go by the way their programming is set up on their servers.
Offline
No worries
Offline
