You are not logged in.
- Topics: Active | Unanswered
#1 2017-07-10 9:22 am
- conaero
- Member
- Registered: 2017-06-21
- Posts: 5
Forum Spam Registration Attack
After 7 or 8 years of a spam free forum, about a month ago, we started getting hammered again with LIVE FEED and url links to sporting events such as Cricket and Rugby.
I have never changed the SFS settings as its worked beautifully for years but now the only way to block it is to enable the IP address blocking in the SFS Vbulletin 4.2 settings.
As a result of this I am now getting loads of genuine users getting blocked and having to manual add them.
Whats changed, is the SFS database dying or do I need to do something else?
I have enabled a secret question and enabled Captcha, but the spammers are still getting through if IP address blocking is off.
Appreciate your help and advice.
Offline
#2 2017-07-10 10:14 am
- pedigree
- uıɐbɐ ʎɐqǝ ɯoɹɟ pɹɐoqʎǝʞ ɐ buıʎnq ɹǝʌǝu ɯ,ı
- From: New Zealand
- Registered: 2008-04-16
- Posts: 7,056
Re: Forum Spam Registration Attack
Can you give an example of legitimate user that was blocked? Nothing has changed other than heavily abused throw away domains are being added to blacklists (eg fhafhi.myemail.xyz). it sounds like you have the curse of manual spammers, people hitting your site instead of the more tradition automated software spamming. These are harder to block. Anything that you can provide would be helpful to see what's going wrong.
Offline
#3 2017-07-10 1:21 pm
- conaero
- Member
- Registered: 2017-06-21
- Posts: 5
Re: Forum Spam Registration Attack
Here are 2 emails I received today and have manually added in the back end, leaving IP SFS filtering on, you can see their IP addressed and I have left their email domain visible:
--------------------------------------------------------------------------------------------------------------------------------
Hi there,
I attempted to register (to see some pics in forum) but the system did not allow me for reasons that i am a "spammer" ... don't know what sofisticated AI is behind that conclusion though.
Could you pls fix that for me.
Many thanks.
Andy
---
Referring Page:
IP Address: 88.101.197.209
User Name: Unregistered
User ID: 0
Email: *************@seznam.cz
--------------------------------------------------------------------------------------------------------------------------------
Hi guy's can't seem to register?
Brendan
---
Referring Page:
IP Address: 88.145.177.123
User Name: Unregistered
User ID: 0
Email: **********@gmail.com
--------------------------------------------------------------------------------------------------------------------------------
Last edited by conaero (2017-07-10 1:21 pm)
Offline
#4 2017-07-10 1:28 pm
- conaero
- Member
- Registered: 2017-06-21
- Posts: 5
Re: Forum Spam Registration Attack
Here is my registration statistics, you can see how many attacks I am getting in the past 4 weeks:
http://www.sportsmaserati.com/uploads/stats.jpg
Last edited by conaero (2017-07-10 1:32 pm)
Offline
#5 2017-07-10 1:39 pm
- conaero
- Member
- Registered: 2017-06-21
- Posts: 5
Re: Forum Spam Registration Attack
and here are the last couple of days, you can see the spammers, they have the same Username as the first part of their bogus email addresses:
http://www.sportsmaserati.com/uploads/register.gif
Last edited by conaero (2017-07-10 1:41 pm)
Offline
#6 2017-07-10 2:13 pm
- Maikuolan
- Member
- From: Perth, Western Australia
- Registered: 2011-08-09
- Posts: 799
- Website
Re: Forum Spam Registration Attack
For the false positives: The IPs don't seem to be listed on SFS at the moment when I checked just now, at least. How about their email addresses? Are they actually listed on SFS at all?
Offline
#7 2017-07-10 3:08 pm
- conaero
- Member
- Registered: 2017-06-21
- Posts: 5
Re: Forum Spam Registration Attack
Sorry, how to I check the listings, I cant see how to do it. It used to be on home page of the old SFS website.
[Mod addition:- it is hidden under Search]
Here is a short list for checking, saving anyone having to type it:
stifinlulag stifinlulag@gmail.com 23.229.3.6
stifinlulaf stifinlulaf@gmail.com 206.123.159.159
selenagomez only4selenagomez@gmail.com 172.94.65.109
stifinlulae stifinlulae@gmail.com 172.111.152.15
stifinlulah stifinlulah@gmail.com 185.101.33.206
agregorasshtolzea3013 agregorasshtolzea@hotmail.org 178.73.201.235
toninsloa toninsloa@outlook.com 172.111.244.204
bbobbynry7981 bbobbynry@gmail.com 104.236.13.100
blgautopa6894 blgautopa@hotmail.com 109.163.234.2
bpatickmtexaxdy983 bpatickmtexaxdy@hotmail.com 89.40.116.171
Benbuhagiar Benbuhagiar@me.com 86.143.214.125
bannetaetsay7405 bannetaetsay@gmail.com 50.4.209.178
abrdattsy1109 abrdattsy@gmail.com 113.53.231.203
mioajdospak mioajdospak47@gmail.com 158.69.160.186
behnztopa3643 behnztopa@hotmail.net 144.217.31.225
stifinlulai stifinlulai@gmail.com 172.111.200.89
lecturtupi lecturtupi@gmail.com 103.247.148.32
umansoixi mdazizul5659@gmail.com 158.69.160.185
lasmetore lasmetore@mailinator.com 185.118.76.51
Last edited by conaero (2017-07-10 3:13 pm)
Offline
#8 2017-07-10 3:45 pm
- Maikuolan
- Member
- From: Perth, Western Australia
- Registered: 2011-08-09
- Posts: 799
- Website
Re: Forum Spam Registration Attack
Are those the false positives, or the spammers?
A brief terminology rundown:
False positive: Details WERE flagged, but should NOT have been flagged (wrong inference).
True positive: Details WERE flagged, AND should have been flagged (a listed spammer; correct inference).
False negative: Details were NOT flagged, but SHOULD have been flagged (an unlisted spammer).
True negative: Details were NOT flagged, AND should not have been flagged (not a spammer; correct inference).
Last edited by Maikuolan (2017-07-10 3:46 pm)
Offline
#9 2017-07-10 4:48 pm
- pedigree
- uıɐbɐ ʎɐqǝ ɯoɹɟ pɹɐoqʎǝʞ ɐ buıʎnq ɹǝʌǝu ɯ,ı
- From: New Zealand
- Registered: 2008-04-16
- Posts: 7,056
Re: Forum Spam Registration Attack
There is a search box directly under the donate button, top right hand corner, or www.stopforumspam.com/search or www.stopforumspam.com/ipcheck/104.236.13.100
or from your server (or browser), the api at http://api.stopforumspam.org/api?json&ip=104.236.13.100
104.236.13.100 is an IP in a large data center, ie not a home or business user, so I tend to not trust these as they're usually "hit and run" proxy/VPN servers
Offline
#10 2017-07-10 4:54 pm
- pedigree
- uıɐbɐ ʎɐqǝ ɯoɹɟ pɹɐoqʎǝʞ ɐ buıʎnq ɹǝʌǝu ɯ,ı
- From: New Zealand
- Registered: 2008-04-16
- Posts: 7,056
Re: Forum Spam Registration Attack
That list all looks like spammers to me, without even having to check
Offline
#11 2017-07-10 5:11 pm
- Alex Kemp
- Moderator
- From: Nottingham, England
- Registered: 2009-12-02
- Posts: 2,423
- Website
Re: Forum Spam Registration Attack
Here are spam-checks on that earlier listing.
key:
NOT listed
stifinlulagstifinlulag@gmail.com23.229.3.6stifinlulafstifinlulaf@gmail.com206.123.159.159
selenagomezonly4selenagomez@gmail.com172.94.65.109stifinlulaestifinlulae@gmail.com172.111.152.15stifinlulahstifinlulah@gmail.com185.101.33.206agregorasshtolzea3013agregorasshtolzea@hotmail.org178.73.201.235
toninsloa toninsloa@outlook.com 172.111.244.204bbobbynry7981bbobbynry@gmail.com104.236.13.100blgautopa6894blgautopa@hotmail.com109.163.234.2bpatickmtexaxdy983bpatickmtexaxdy@hotmail.com89.40.116.171BenbuhagiarBenbuhagiar@me.com86.143.214.125bannetaetsay7405bannetaetsay@gmail.com50.4.209.178abrdattsy1109abrdattsy@gmail.com113.53.231.203
mioajdospak mioajdospak47@gmail.com 158.69.160.186behnztopa3643behnztopa@hotmail.net144.217.31.225stifinlulaistifinlulai@gmail.com172.111.200.89
lecturtupi lecturtupi@gmail.com 103.247.148.32umansoiximdazizul5659@gmail.com158.69.160.185lasmetorelasmetore@mailinator.com185.118.76.51
Note:-
As ped said, these are all spammy-looking usernames. However, folks can be reported to the SFS database when - and ONLY when - they spam your site.
Offline
#12 2017-07-10 6:38 pm
- Papa Parrot
- Member
- From: Mexico
- Registered: 2011-08-19
- Posts: 1,826
- Website
Re: Forum Spam Registration Attack
The way pedigree did it gets more results eg:https://www.stopforumspam.com/search/stifin
-------------------
https://www.stopforumspam.com/search/bpatick
-------------------------------------------------------------
https://www.stopforumspam.com/search/abrdat
Just did a couple randomly,...
https://www.stopforumspam.com/search/blgaut
blgautopa6894 blgautopa@hotmail.com 109.163.234.2
https://www.stopforumspam.com/search/ 109.163.234.2
================
And then :
Hi there,
I attempted to register (to see some pics in forum) but the system did not allow me for reasons that i am a "spammer" ... don't know what sofisticated AI is behind that conclusion though.Could you pls fix that for me.
Many thanks.
Andy---
Referring Page:
IP Address: 88.101.197.209
User Name: Unregistered
User ID: 0
Email: *************@seznam.cz
-----------------------------------------------
https://www.stopforumspam.com/search/@seznam.cz
https://www.stopforumspam.com/search/Andy
I think maybe "Andy", should have been told to try using a better user name, and not use a e-mail service
known for hosting spammers.
Hi guy's can't seem to register?
Brendan
Brendan as well :
https://www.stopforumspam.com/search/Brendan
Many people use gmail, and to many spammers as well, on many sites gmail,hotmail,yahoo are not acceptable e-mail addresses, .....
----------------------------------------
pedigree---- it sounds like you have the curse of manual spammers, people hitting your site instead of the more tradition automated software spamming
The bots would not take the time to contact you, but a human spammer would.
Interesting comment "Andy" made:
---don't know what sofisticated AI is behind that conclusion though.
It seems to be more aware of the existence of AI software, and bots, but it can not spell, or maybe it is intentional to make it look more human. There are some very sophisticated AI bots out there, and I would not be surprised if some are
even "trained", to send a registration request, if and when they can not register .
But then again, Andy may be is human , it is getting hard to tell now a days. In any event, as long as it does not actuall post any spam on your forum, it won't matter.
Offline
#13 2017-07-10 7:24 pm
- Alex Kemp
- Moderator
- From: Nottingham, England
- Registered: 2009-12-02
- Posts: 2,423
- Website
Re: Forum Spam Registration Attack
The way pedigree did it gets more results eg:https://www.stopforumspam.com/search/stifin
Yes Garry. But 'stifinlulag' is still NOT part of that list. And, if all you want is lots of results, https://www.stopforumspam.com/search/sti will get you even more.
My advice?
Make a general access-block by IP-Address via a RBL site
Use email-address to block forum-spammer Registrations via the SFS API
PS
You will still get human spammers even using the above suggestions.
Offline
#14 2017-07-11 10:39 am
- Alex Kemp
- Moderator
- From: Nottingham, England
- Registered: 2009-12-02
- Posts: 2,423
- Website
Re: Forum Spam Registration Attack
After 7 or 8 years of a spam free forum, about a month ago, we started getting hammered again with LIVE FEED and url links to sporting events such as Cricket and Rugby.
Appreciate your help and advice.
The situation that you report is normal (and sorry, because I know that no-one wants to hear that, but it is unrealistic to expect to be spam-free). Those folks even try their spam stuff on this site, which is a bit like the way flies throw themselves at those Electrical Bug Zappers.
The idea is to report each & every spammer to the SFS database. That will protect every other user of the SFS API from those that spammed you, just like you are protected from those that spammed other folks (you may think that it is bad now - try unlinking the API).
It seems that the spammers have decided to try to evade detection by rapidly evolving new usernames (and connected email-addresses, in the way that you pointed out) in a process that is effectively a sh*tstorm. If the email providers would police their users & quickly shut-out all those that spam then your problem would rapidly fade. However, until Utopia arrives, report those that spam your forum to SFS. And try to be realistic - you can only ever hope to reduce spam; even StopForumSpam gets spammed.
Postscript
Recently a FluxBB update switched off SFS changes to the standard Board software & made it possible for new SFS users to personalise their Profiles. Neither Admin nor Mods spotted this for many days. In the meantime, spammers were running riot, creating hundreds of new Profiles & immediately spamming them.
The FluxBB snafu has been fixed, but spammer signups continue (they cannot spam their Profile, but occasionally forum-post+spam) Here is a (filtered) collection of recent SFS signups that look like spammers (and notice the similarity to your own situation):-
2017-07-06:
jagunjagun
Jebmyldvt
Jebmpldvt
Jebmpidvt
Jenmpidvt
Jeompidvt2017-06-30
Shbwpidat
Shbwpldat
Shbwpldct
Shbwqldct
Shbwqldet2017-06-23
Shbwqldzt
Shcwqldzt2017-06-22
Shawqldzt
Shawbldzt
Shewbldzt2017-06-20
Jeswuldztr
Jeswqldztr2017-06-19
Fruchtquark
2017-06-17
Sivqldxtel
Sivqldvtel
Sivqldstel(...and so it goes on)
Offline
#15 2017-07-11 4:55 pm
- zero-tolerance
- Member
- Registered: 2013-02-25
- Posts: 339
Re: Forum Spam Registration Attack
The situation that you report is normal (and sorry, because I know that no-one wants to hear that, but it is unrealistic to expect to be spam-free
...
And try to be realistic - you can only ever hope to reduce spam; even StopForumSpam gets spammed.
Then I must be unrealistic. And abnormal.
Last edited by zero-tolerance (2017-07-11 4:56 pm)
Offline
#16 2017-07-11 7:23 pm
- Alex Kemp
- Moderator
- From: Nottingham, England
- Registered: 2009-12-02
- Posts: 2,423
- Website
Re: Forum Spam Registration Attack
Then I must be unrealistic. And abnormal.
And unhappy.
Offline
#17 2017-07-11 9:32 pm
- zero-tolerance
- Member
- Registered: 2013-02-25
- Posts: 339
Re: Forum Spam Registration Attack
If I got spammed, then I would be unhappy.
I think spam is preventable; and if people don't believe that, they'll settle for just slowing it down.
Offline
#18 2017-07-11 9:53 pm
- sklerder
- Member
- Registered: 2012-10-11
- Posts: 336
- Website
Re: Forum Spam Registration Attack
Hi !
Spam is preventable, of course, but not 100% ...
The challenge is to be the closest to 100%
If I get spam, I'm not happy, but if I didn't have any spam attempt, I wouldn't be no more happy.
This would be that my website is of no interest !
Offline
#19 2017-07-11 11:03 pm
- zero-tolerance
- Member
- Registered: 2013-02-25
- Posts: 339
Re: Forum Spam Registration Attack
It depends on the situation. Some sites may be able to do better than others. But fatalism will make people give up too soon, or put up with more spam than they need to.
Offline
#20 2017-07-11 11:46 pm
- Alex Kemp
- Moderator
- From: Nottingham, England
- Registered: 2009-12-02
- Posts: 2,423
- Website
Re: Forum Spam Registration Attack
People say “I want a clean kitchen”. An admirable objective. But if you say “I want a kitchen with zero bacteria in it” you have just set yourself up for failure. Indeed, if you use an anti-microbial wipe you may even induce resistance in the bacteria through gene-change & defeat the original objective (either of them). Better, surely, to say “I want a kitchen that doesn't give anyone food-poisoning” & thus make sure that you clean up after food-spills.
Too much spam in your forums will drive customers away. Just keep it under control, and don't go crazy about it.
Offline
#21 2017-07-12 9:05 am
- Alex Kemp
- Moderator
- From: Nottingham, England
- Registered: 2009-12-02
- Posts: 2,423
- Website
Re: Forum Spam Registration Attack
After 7 or 8 years of a spam free forum, about a month ago, we started getting hammered again with LIVE FEED and url links to sporting events such as Cricket and Rugby.
...
Appreciate your help and advice.
And to underline this point to the nth degree, here is the latest spam (this morning) in SFS, advertising a Real Madrid sports shirt:
It is about 1 a day. And yes, that is one too many, but when SFS had it's snafu (earlier post) it became one hundred a day, just for Profile spammers.
In different circumstances we could easily be suffering one thousand spam a day. Back in the early part of the new Millennium my Freeserve website was immensely popular & the domain suffered a Joe-Job which across 2 days escalated to a permanent 15,000 mails a day. I lost use of that domain.
It is possible to spam SFS only if you are a human, and it is impossible to stop them if they have a currently-clean email address (it is only clean for one day, of course). Be pleased if you have a handful of human spammers each day; without SFS it would be many hundreds each day. Report each spammer to SFS & know that you will never see that one again, and nor will any other SFS user.
Offline
#22 2017-07-12 10:59 am
- zero-tolerance
- Member
- Registered: 2013-02-25
- Posts: 339
Re: Forum Spam Registration Attack
I see roughly 70000 registrations attempts per year, of which about 1% become members. I think if I saw as much as one spam leaking onto my forum per year, I would be installing more counter-measures. As it is I haven't had to take any action to prevent spam for several years now, so I'm not exactly going crazy about it. I'm sure I'm not alone in this. I just wanted to point out that it's not hopeless, and you don't have to put up with it, unless you don't believe it can be stopped.
The principle is very simple: raise the barrier for entry, and remove the pay-off for doing so. Raising the barrier will keep out the bots, and removing the payoff will stop the humans. Allowing spam onto your site and visible to search engines - for even a few minutes - *is* the payoff - because some small fraction of it will get indexed, which is all it takes. As long as that's happening you're actually attracting them. There are ways to completely prevent that payoff, but apparently people don't. You can queue new member posts for moderation (which is labour-intensive), you can delay guest access to all posts for a day (which isn't). I can think of other ways.
Lots of people install bug zappers, but they're not keeping the meat in the fridge...
My site is very hard to get into and there's no payoff, and I think this is a large part of why we see no spam.
Simply hiding the registration question so people have to follow instructions to go looking for it has been amazingly effective. The fact that the answer requires domain knowledge and is not easily googled also helps. Since we don't get spammers coming through we can vet new registrations manually, as there are only a couple coming through a day. If we had an incursion they probably wouldn't get any further than that. And if they did, there's no payoff, because any spam they posted would be removed before it was visible to the search engines rather than sometime afterwards. To anyone who can read well enough to get into our site, this situation is perfectly clear.
Probably not every site could work this way, but I think many could do more against spam than they realise..
Last edited by zero-tolerance (2017-07-13 1:57 pm)
Offline
#23 2017-07-13 10:44 am
- Alex Kemp
- Moderator
- From: Nottingham, England
- Registered: 2009-12-02
- Posts: 2,423
- Website
Re: Forum Spam Registration Attack
I haven't had to take any action to prevent spam for several years now … My site is very hard to get into … and I think this is a large part of why we see no spam
One thing to underline:- spammers do not give a damn about a single site that they spam. It is entirely a numbers game for them, and they seldom check back on any individual site.
If your server admin puts the following into the Firewall at the correct place then you will have zero problems with spam:
$IPT -A INPUT -p ALL -d 0/0 -j DROP
Of course, no-one else will be able to get in either, including you (except via the console). Another alternative is to remove power from the data-centre (or city/district if you are truly paranoid).
For everyone else it is a balancing act, just like the rest of life.
PS
Edited after I re-read zero-tolerance's post & understood that he already realised that almost all spam is posted by bots (only the human spammers get feedback).
Offline
#24 2017-07-13 1:57 pm
- zero-tolerance
- Member
- Registered: 2013-02-25
- Posts: 339
Re: Forum Spam Registration Attack
Edited:
Well I apologise if the tone of my post was challenging - that was not my intention. I do think that the situation is not as hopeless as it's usually portrayed here. That's what I was trying to get across, along with some description of what's worked for me.
Just in case you misinterpreted me: the rate of new memberships on my site has not actually slowed since I improved the registration barrier, so it's not as if I'm shutting out the world.
Last edited by zero-tolerance (2017-07-13 5:20 pm)
Offline
#25 2017-07-17 1:25 am
- jimmie 48
- Member
- Registered: 2011-02-18
- Posts: 20
Re: Forum Spam Registration Attack
Just an FYI from me, an Admin with limited powers {the owner of the board has ultimate power} and the manual adding of members.........
I used to manually add people when I got emails that stated "... and I can't register ...." and other similar wording. I quit doing that because EACH AND EVERY TIME it was letting a spammer or troll access to the board.
I simply tell them, now, that the chosen username and/or the IP and/or email address was marked as belonging to a spammer. If they desired access to our board they would need changed one, two or all of the items. I end my remarks with a and that pretty much ends any further emails from the person.
A legit person, in my experience, will continue to try to register and, if successful, often times will send an email thanking me for the helpful hint.
Offline