SpamBots

[rusticdog]

Noticed what appears to be a SpamBot just signing up before, so that might be a problem as we have little protections in place, apart from CAPTCHA....which has been broken.

For time being I'll leave as is, but if we get more signups there is some decent checking solutions that can be put in place, funnily enough by MysteryFCM

http://temerc.com/forums/viewtopic.php?f=71&t=6103

[Ikeb]

Where have I heard that name before?

[stan_qaz]

Can we get a Kitty capcha? Kittys are so darned cute and you don't have to guess if they are upper or lower case!

http://www.thepcspy.com/read/the_cutest ... kittenauth

http://www.thepcspy.com/read/improving_kittenauth


or if you gotta have letters

http://gadgets.boingboing.net/2008/05/1 ... -capt.html

but I don't like it any better than this guy

http://depressedprogrammer.wordpress.co ... tcha-ever/


And if you wanna get depressed...

http://www.schneier.com/blog/archives/2 ... captc.html

[rusticdog]

Certainly is an option, I need something else as well I can plug into the blog, that gets a little spam, though the stupidly plain CAPTCHA with the math question there gets most of it, but I've overloaded the blog comment modules ban list so it won't let me add any more IPs. Blog comments have to be approved first though, so it's not an issue with spam showing up on the site.

[rusticdog]

Urgh, had a bunch more signup, only noticed one actually posted though.

Will have to get something in place soon.

[stan_qaz]

How about getting this working

http://tgiokdi.blogspot.com/2006/01/pun ... tcpip.html

[rusticdog]

Would be nice that's for sure. I've put the CAPTCHA settings higher, in case that helps..

[rusticdog]

Righty, we've got fSpamList installed now.....will see how this goes

[stan_qaz]

That looks interesting, I'm passing it along to a couple other forums that I frequent.

[AlphaCentauri]

You've got to remove the incentive for the spamming. You can't leave live links in place. You can further discourage them by linking them with other pages that will worsen their search engine ranking or divert their traffic. For instance, users like elocoumubre, who lists his website as
http://levirta-us.info/levirta/site_map.html
has never posted, but lists his website URL in his profile He's hoping to drive traffic to his "Levirta" website, which is apparently designed to draw traffic of people who spell badly. His site's meta content looks like this:
<title>Levirta alternative online Levirta Buy levirta, cheap levirta, generic levirta, order levirta, online levirta Levirta consultation </title>
<meta name="description" content="consultation Buy levirta online online Levirta Cialiw visa ciails visa Buy levirta, cheap levirta, generic levirta. Levirta vs levirta levirta price canada levirta buy uk levirta buy cheap levirta online RX Buy levirta, cheap levirta Levirta Buy levirta, cheap levirta, generic levirta, order levirta drugstore Levirta" />
<meta name="keywords" content="Buy levirta, cheap levirta, generic levirta, order levirta, online levirta, buy levirta online, levirta online, discount levirta, order levirta online, buy cheap levirta, Levirta bestellen, what is levirta, pfizer levirta, levirta online uk, levirta order online, Levirta,extender Sialis visa c8alis visa, Buy levirta, cheap levirta, generic levirta. " />

That front page actually links to products at bestsellers-rx.com, a Glavmed/Canadian Pharmacy clone site most likely, based on the 1(210) 888-9089 phone number at the bottom of the page.

The links I have in this post don't go to his site. They go to http://spamtrackers.eu/wiki/index.php/Canadian_Pharmacy , the spamwiki article for Canadian Pharmacy. If you remove the active link in his profile, the sum total of his efforts will be to reduce the odds someone who googles "levirta" will get his site and increase the chances that the spamwiki article will be a higher result. After that happens a few times, he'll likely stop trying to spam this forum, and you won't have to worry about how tough your CAPTCHA is or how many proxy IP numbers you can block.

[rusticdog]

Though I ban users, they still appear in the memberlist, so that needs to be fixed.

The fSPamList also doesn't appear to be working right, had a user sign up earlier who had a record at BotScout http://www.botscout.com/search.htm?ster ... om&stype=q so that should have been prevented, will have to figure that one out.

Still need to go through the user sign ups and remove their URLs.

[rusticdog]

That looks interesting, I'm passing it along to a couple other forums that I frequent.

There was a bug that Steven has now fixed, we also had to tweak slightly for PHP v 4.x

So it's blocking now, done about 8 so far, I've still got to go through and cleanup the users as well


These seem to be Bots though, not manual sign ups, PHPBB forums getting hit hard by spam complaints lately and PHPBB only comes with a SpamCop IP check which is pretty weak.

[rusticdog]

Think I got them all now, no doubt I deleted a few legit users.....went from 1318 to 1172, so that was only 146 users......but as PHPBB sucks for deleting users, deleting just one takes 6 mouse clicks.

The blocking is going well, 29 attempts in last 2 hours stopped.

[MysteryFCM]

hehe glad it's working dude

Certainly is an option, I need something else as well I can plug into the blog, that gets a little spam, though the stupidly plain CAPTCHA with the math question there gets most of it, but I've overloaded the blog comment modules ban list so it won't let me add any more IPs. Blog comments have to be approved first though, so it's not an issue with spam showing up on the site.

What blog software is it? Shouldn't be too hard to integrate the SBST into it (wrote a mod for Wordpress that uses it on the fSpamlist blog). Infact, the WP mod should work for all other blog software (though the placement of it will be different), aslong as the vars are changed to reflect the vars used by the software to pass the username/email etc).

[rusticdog]

It's Drupal, but not sure what blog mod it is. I am sure it will be easy to add though, we've got a guy in the office getting up to speed on Drupal now....the site was set up by contractors, I can ask him to take a look and give you the code when he's done.

I just got an email from BotScout, any idea what they mean with this

Thank you for using the BotScout screening service. We noticed that you're doing 3 checks for each bot-screening test, and we wanted to suggest that you set your software to do the 'MULTI' test to make things more efficient on your end. If you have any questions, please let us know and we'll be glad to help.