You are not logged in.

#1 2018-11-26 4:57 pm

coffee time
Member
Registered: 2018-11-26
Posts: 4

New, questions

Hi, I'm new and a moderator for a youth scouting forum. We've been getting more people trying to create accounts on our forum and we're trying to understand what they're trying to do. So I found this website and learned about spammers putting in bad links. Are there other nefarious uses of innocent forums? We're wondering if they want to use private messaging (something we can't see very well). All they could do is PM other spammers that have an account so it sounds far fetched.

Our security so far is that anyone's first post needs to be approved by a moderator. Our forum's subject area is niche enough that the spammers stand out like a sore thumb. I doubt if anyone is going to study our forum long enough to sound like they have experience.

The forum has never removed old accounts. Is this a dumb idea? Just curious.

Any other suggestions?

Thanks.

Offline

#2 2018-11-26 6:53 pm

Alex Kemp
Moderator
From: Nottingham, England
Registered: 2009-12-02
Posts: 1,988
Website

Re: New, questions

Hi coffee time, welcome to SFS.
Spammers are a foul union between the power of Google & the desire to make money. They want backlinks to raise the position of an internet site in the SERPs and do not want to put in the hard work or money to promote it any other way. So, they are searching for a quick fix & quicker buck.

Most spammers use automation to quickly spread links through millions of sites. They do not care anything of any kind what your site is like. If your site may offer them a backlink they are happy to spam it.

The other kind that you will have to deal with wants the same but uses human rather than bot methods to spread their filth. The latter may well use PMs, even though they give low value returns. These spammers are rising in numbers as the bot-stoppers are getting better.

Human spammers often deploy hiding techniques to try & prevent the spam (and themselves) being removed. Also, in the way that squirrels bury hazelnuts but forget many, so spammers create accounts & never come back. Personally, I had a cron-job on my site that auto-deleted those that created an account and never within after a week. However, I'm also thoroughly anal-retentive, so do not use me as a rôle model.

coffee time wrote:

I doubt if anyone is going to study our forum long enough to sound like they have experience.

It is automated, just like the spamming.

Are there other nefarious uses of innocent forums?

If the site can be hacked it can be used as a source for DDOS attacks and/or other nefarious actions, but that is all out of this site's purview.

Offline

#3 2018-11-26 9:50 pm

Papa Parrot
Moderator
From: Mexico
Registered: 2011-08-19
Posts: 1,676
Website

Re: New, questions

Do you have some boards or topics that require registering to be viewed ? That can lead to a lot of registrations that never post anything as well.

The forum has never removed old accounts. Is this a dumb idea? Just curious.

  No it is not a dumb idea, in fact quite a few admins do this, others prefer to keep the accounts so that it makes it look like there are more members.
  Quite often they do come back later and add links in their profiles, IE: website and signature , if they can.  Sometimes they can be a "bot net" of some sort, and once they have a number of registrations, then they come back and make a number of posts, or try to. So instead of getting 1 post, and if the 1st post is moderated that is good, with a high number of old registrations you may find one day, a huge number of 1st posts, all different username, registrations, but basically all containing the same spam.

Offline

#4 2018-11-26 10:40 pm

coffee time
Member
Registered: 2018-11-26
Posts: 4

Re: New, questions

Just about all posts are public, so no reason to register and not post. But there are a number of those. It turns out most people can only re edit a post for an hour after initially posting so that's not an issue. If I had control of the database I'd put in something to delete or at least lock old accounts. Changing the profile is something I wouldn't have thought of. That could be done to anyone with a hacked password. I have asked about keeping members in a state where every post has to be checked until we get a warm fuzzy feeling.

On a completely different topic, I tried to post a reply and was told I was using a non approved word. Honestly, I wasn't swearing or anything. Is there a list of non approved words?

Offline

#5 2018-11-27 1:33 am

Papa Parrot
Moderator
From: Mexico
Registered: 2011-08-19
Posts: 1,676
Website

Re: New, questions

Yes, there is a list of words that were very common in the spam we were getting here.

Offline

#6 2018-11-27 9:55 pm

coffee time
Member
Registered: 2018-11-26
Posts: 4

Re: New, questions

I was poking around some more and there's a great feature that will allow me to look at all activity filtered by ip address. So I filtered on 193.*.*.* and found 3 pages of registrations of people that have never posted and a random check of locations brought up locations everywhere but in the US. Ukraine, Seychelles, Italy, ... these people have nothing to do with the forum's subject.

Are there maps of allocated ip addresses? By first number or first two?

Offline

#7 2018-11-27 10:54 pm

Alex Kemp
Moderator
From: Nottingham, England
Registered: 2009-12-02
Posts: 1,988
Website

Re: New, questions

It's a standard part of whois:-

~$ whois 73.243.172.216
NetRange:       73.243.0.0 - 73.243.255.255
CIDR:           73.243.0.0/16
NetName:        DENVER-8
NetHandle:      NET-73-243-0-0-1
…
OrgName:        Comcast Cable Communications, LLC
OrgId:          CCCS
Address:        1800 Bishops Gate Blvd
City:           Mt Laurel
StateProv:      NJ
PostalCode:     08054
Country:        US   <<<===
RegDate:        2001-09-17
Updated:        2017-01-28
Ref:            https://rdap.arin.net/registry/entity/CCCS

However, it is more likely that you want "IP Address geolocation". That can be installed via a downloable-DB on to your server & then lookup from the DB. Alternatively, here are the results from the first result using DuckDuckGo:-

IP Address        Country        Region    City    
73.243.172.216    United States  Colorado  Fort Collins

ISP                 Organization   Latitude   Longitude
Comcast Cable       Not Available  40.5853    -105.0844
Communications LLC

Offline

#8 2018-11-27 10:58 pm

coffee time
Member
Registered: 2018-11-26
Posts: 4

Re: New, questions

I'm not talking about each individual ip. I'm talking about groups of ip's

Offline

#9 2018-11-27 11:19 pm

Alex Kemp
Moderator
From: Nottingham, England
Registered: 2009-12-02
Posts: 1,988
Website

Re: New, questions

In that case you need the ASN. However, pay attention to the warning on the ip-to-asn mapping page:-

IMPORTANT NOTE: Country codes are likely to vary significantly from actual IP locations, and we must strongly advise that the IP to ASN mapping tool not be used as an IP geolocation (GeoIP) service.

You will also see links on the same page for ip geolocation services.

I have found Team Cymru to be a very reliable source for ASN. http://www.cidr-report.org/ is another very useful resource for ASN. Here is an example via whois:-

$ whois -h whois.cymru.com " -v 73.243.172.216"
AS      | IP               | BGP Prefix          | CC | Registry | Allocated  | AS Name
7922    | 73.243.172.216   | 73.0.0.0/8          | US | arin     | 2005-04-19 | COMCAST-7922 - Comcast Cable Communications, LLC, US

The IP aggregation tool (link in my sig & also available via the 'Resources' link) can aggregate groups of IPs using their ASN.

Offline

#10 2018-11-27 11:38 pm

Oblivian
Member
Registered: 2018-11-04
Posts: 11

Re: New, questions

I throw mine into geoiplookup.net, using both the ISP allocation and region as secondary lookup ontop of the name/email searches. If it's a VPS provider. Buh-bye. Unless you have a really good reason to bypass your own ISP via a hosted server, almost guarantee its a bot on a spun up trial server.

Same as handover from DNS hiding and amazonanws registration IPs.

They seem to get in and get out as soon as they can.

Kind of surprising how with googles good spam filtering, that it doesn't trigger a sort of alert when a recent made email account receives a tonne of responding messsages from the various forums they hit in a short space of time. It's not like people will make a disposable email and then sign themselves up for a spam test on purpose.

Offline

Board footer

Powered by FluxBB

Close
Close