Had two spammers get through with toxic domains... outage?

kpatz · 2020-08-27 9:19 pm

2 days ago this spammer hit my forum and got through, spammed, and I banned and submitted. Evidence

Today, another one got through, spammed, and I submitted: Evidence

After 2 submissions today (which is rare for my forum) I looked at "My Spammers" and noticed these two are marked as toxic under the email column. They should not have been able to register on my site at all as a toxic IP or domain always shows high confidence in the API and I block these automatically upon registration and/or activation.

On the first one (from 2 days ago), my cached "SFS Status Flags" showed that the entry had no hits at all when they registered. Nothing on username, email or IP. Requerying today shows the "255 count" on the email indicating it's toxic. Today's entry was similar... it shows as toxic (including "255 times") now, but didn't prior to my submission.

So, how did these get through? If it was an outage my status flags would have shown this. Additionally, when I get the email of a new user registering, I recheck the API myself, and these ones were clean until I submitted.

Were these just added recently as toxic? Or was the toxic domain list broken for a while?

pedigree · 2020-08-28 12:03 am

are you passing &nobademail or &nobadall to the API?

the toxic domain list is hard coded into the API code itself, and the API won't compile and deploy unless its there, so I'm not sure that's the problem. I have no logs for the API so can't look at those but I'll have a look at the database for domain timestamp

pedigree · 2020-08-28 12:07 am

2020-08-27 20:10:03 adding quarnipe.ml

that's UTC time, so it was only added to the blacklist some 4 hours ago

kpatz · 2020-08-28 1:45 pm

Thanks, that answers that one. Though, now when I look at My Spammers, that domain doesn't have the toxic icon next to it anymore. Hmm...

Also, I realized I posted the same evidence URL twice. Here's the one from the 25th: Evidence Domain is banetc.com. Was that one just added as well?

pedigree · 2020-08-29 4:52 am

I did some messy stuff today that involved removing 1500 domains from the blacklist and repopulating it. that was one of the domains, but its back in there now.

kpatz · 2020-08-29 6:12 pm

Just looked at My Spammers again. Now both domains that spammed me on the 27th are showing up as toxic.

I hope this isn't a new trend... targeting my forum from newly "toxic" domains before they're added to the toxic list. The vast majority of blocked registration attempts lately have been from toxic domains and/or IPs. If not for SFS I'd have to throw in the towel as I'd be working full time just cleaning up messes left by these morons.

P.S. Check out my new signature line...

Last edited by kpatz (2020-08-29 6:17 pm)

#1 2020-08-27 9:19 pm

Had two spammers get through with toxic domains... outage?

#2 2020-08-28 12:03 am

Re: Had two spammers get through with toxic domains... outage?

#3 2020-08-28 12:07 am

Re: Had two spammers get through with toxic domains... outage?

#4 2020-08-28 1:45 pm

Re: Had two spammers get through with toxic domains... outage?

#5 2020-08-29 4:52 am

Re: Had two spammers get through with toxic domains... outage?

#6 2020-08-29 6:12 pm

Re: Had two spammers get through with toxic domains... outage?

Board footer