Repeated attempted logins?

JennM517 · 2010-03-05 1:20 pm

I've purged a bunch of spammers, banned their IP addresses, emails, user names etc.

I'm looking at my site's activity log, and several of these now-defunct accounts are showing try after try to log in, reset password etc.

Why? Other than the obvious - if it's a spam bot or whatnot, it's trying over and over .. but it's not going to get in, so why keep trying after several days?

Should I be concerned about this?

Jenn

pedigree · 2010-03-05 1:28 pm

No, you shouldnt be concerned

Its the spambots trying to respam your forums using banned credentials

JennM517 · 2010-03-05 1:31 pm

Thanks I guess that means it's working! Just seems pointless for someone or something to keep beating its proverbial head against the wall trying to get back in over and over, for days on end.

What's odd is now that I've started banning/deleting spammers before they can post, I'm getting more and more spammers trying to sign up.

In addition to the recreational site I have listed on my profile here (which gets the most activity, spam-wise), I also have a business site and some of the same spammers are trying to get on that site also. Of all the untold millions of sites out there, they are hitting both of mine in the same 24-hour period. Odd.

Jenn

Alessandra · 2010-03-05 4:09 pm

Maybe not so odd. I get the impression once spammers find your forum site, word gets around somehow -- or they keep checking on search engines or something. And a lot of spam seems to be generated by a smallish number of IPs at any one time, but aimed at a vast number of forums, so that a lot of us get spammed by the same people at nearly the same time. Our own forum is tiny and obscure, but spammers found it within days of our posting it online and we've had relentless spam ever since.

JennM517 · 2010-03-05 4:15 pm

Weird.

My website has existed for 11+ years, but I had ancient forum software and I'd stopped taking new members for a few years. After we changed the forum format and installed Drupal it didn't take long for the spammers to flood in - before I realized it.

I had over 900 "people" sign up in a short time - many I recognized as prior members/users, but suddenly there was an influx of stranger user names.

The vast majority of them never posted - ever. A handful posted "viagra" links and such - my legit members alerted me so I deleted the spam and users - then I started noticing a pattern - weird user IDs and some of the email addresses were a dead giveaway. So I purged literally hundreds of "members".

Now I check each one against this website before I approve their membership request. Overwhelming majority are spammers, so I delete/ban the username, IP address and email address.

Some of the same "applicants" to my recreational forum, have also "signed up" on my business site - both are totally unrelated, and I don't advertise one on the other. So I'm doing the same on the business forum too - there a few "comments" turned up in areas where members can post- again "cheap viagra" type junk.

It's just odd the amount of activity on my status report - tons of hits from the same banned user trying over and over to log in, reset their password etc. Of course they can't do it but it's like they've set their computer up to keep trying the same thing over and over as if they are expecting to get in at some point.

Jenn

JennM517 · 2010-03-05 4:26 pm

Here's another observation I've made. I'll ban user/email/IP address. Then they will try to log in under that same user ID from another IP address.

When I'm bored and have time to kill, I take a look at my activity logs, and if I notice that happening, I'll ban the extra IP addresses.

I've also noticed that I get "clusters" of spammers registering - different user IDs, different IP addies, different email addresses. Then they seem to exchange IP addresses. User A will try to get in from user B's IP address and so forth. I guess they are trying to get around the bans... which is why I'm glad I'm banning them 3 ways.

Jenn

insektenfang · 2010-03-05 8:55 pm

Bots will hit vast numbers of boards repeatedly in a short period of time... and that's why they are used.

They're not that smart though and so they will keep on trying when blocked.

Spud · 2010-03-05 9:10 pm

The other thing is spammers know that there is still a high percentage of manual work needed to catch these accounts and take action which requires time. As the Bot is automated and can spam forums in high numbers quicker than humans can react, they know that some will get missed which makes it a success for them.

Any amount of time a spam is on a board is a bonus too. How many admins/mods actually ban the spammer but leave all the spam info within the profile without realising that robots still refer to it. Just banning and not dealing with the spam within the profiles is just wasting your time as they are achieveing their objective.

My 2 cents worth.

Last edited by Spud (2010-03-05 9:12 pm)

Piperdane · 2010-03-06 2:24 am

Spud wrote:

. . . How many admins/mods actually ban the spammer but leave all the spam info within the profile without realising that robots still refer to it. Just banning and not dealing with the spam within the profiles is just wasting your time as they are achieveing their objective.
My 2 cents worth.

Sage advise ... that's exactly what I do after banning a spammer - I routinely check their registration profile for any links and remove them ... on some, I have been putting in "Spammer" for their "occupation" field.

zaphod · 2010-03-06 2:28 am

Of course, if you set your forum to make all new member's posts moderated, and make signatures and profiles accessible to members only, this doesn't happen much.

Of course, the real trick, is putting something at the door that stops 98%+ of the spammers from ever getting to registration.

Zap

Gaieus · 2010-03-06 7:04 pm

We have like 30-50 new registration a day and indeed I check every new profile right in the morning. About 10% of them bot registrations and 2-3-4 has already spammed the forums but the mods regularly catch and ban them almost immediately.
Then I make the regular, morning house cleaning and delete these profiles while I also ban the emails (and of course, report them here) at the same time. So certainly, leaving the links in the members' profiles (and sometimes signatures) is not good - even if member profiles can only be seen by registered and logged in members (but also such is a legit search bot most of the time).

zaphod wrote:

...Of course, the real trick, is putting something at the door that stops 98%+ of the spammers from ever getting to registration.
Zap

And yes, this is a very efficient strategy. My forum is "built" around (kind of a help forum) for a certain software so when someone registers, I can already expect that he/she is using that software. I have two (compulsory) custom profile field about the OS and version number of this software and bots generally fill these fields with the word "test". I do not even think a second and even though they are sometimes not reported here yet, I report and ban them (99% of them are also registered from the Baker island time zone - UTC-12 )
90% of these newly registered spammers never make the "mature" (activated) state.

#1 2010-03-05 1:20 pm

Repeated attempted logins?

#2 2010-03-05 1:28 pm

Re: Repeated attempted logins?

#3 2010-03-05 1:31 pm

Re: Repeated attempted logins?

#4 2010-03-05 4:09 pm

Re: Repeated attempted logins?

#5 2010-03-05 4:15 pm

Re: Repeated attempted logins?

#6 2010-03-05 4:26 pm

Re: Repeated attempted logins?

#7 2010-03-05 8:55 pm

Re: Repeated attempted logins?

#8 2010-03-05 9:10 pm

Re: Repeated attempted logins?

#9 2010-03-06 2:24 am

Re: Repeated attempted logins?

#10 2010-03-06 2:28 am

Re: Repeated attempted logins?

#11 2010-03-06 7:04 pm

Re: Repeated attempted logins?

Board footer