Noticed what appears to be a SpamBot just signing up before, so that might be a problem as we have little protections in place, apart from CAPTCHA....which has been broken.
For time being I'll leave as is, but if we get more signups there is some decent checking solutions that can be put in place, funnily enough by MysteryFCM
http://temerc.com/forums/viewtopic.php?f=71&t=6103
SpamBots
- Ikeb
- Microsoft MVP with a slice of PITA
- Contact:
- Location: Ottawa, Ontario, Canada
- stan_qaz
- Omniscient Kiwi
- Location: Gilbert, Arizona
Post
Re: SpamBots
Can we get a Kitty capcha? Kittys are so darned cute and you don't have to guess if they are upper or lower case!
http://www.thepcspy.com/read/the_cutest ... kittenauth
http://www.thepcspy.com/read/improving_kittenauth
or if you gotta have letters
http://gadgets.boingboing.net/2008/05/1 ... -capt.html
but I don't like it any better than this guy
http://depressedprogrammer.wordpress.co ... tcha-ever/
And if you wanna get depressed...
http://www.schneier.com/blog/archives/2 ... captc.html
http://www.thepcspy.com/read/the_cutest ... kittenauth
http://www.thepcspy.com/read/improving_kittenauth
or if you gotta have letters
http://gadgets.boingboing.net/2008/05/1 ... -capt.html
but I don't like it any better than this guy
http://depressedprogrammer.wordpress.co ... tcha-ever/
And if you wanna get depressed...
http://www.schneier.com/blog/archives/2 ... captc.html
I am not a Firetrust employee just a MW user.
--
First rule of computer consulting: Sell a customer a Linux computer and you'll eat for a day,
sell a customer a Windows computer and you'll eat for a lifetime.
--
First rule of computer consulting: Sell a customer a Linux computer and you'll eat for a day,
sell a customer a Windows computer and you'll eat for a lifetime.
- rusticdog
- Firetrust Monkey
Post
Re: SpamBots
Certainly is an option, I need something else as well I can plug into the blog, that gets a little spam, though the stupidly plain CAPTCHA with the math question there gets most of it, but I've overloaded the blog comment modules ban list so it won't let me add any more IPs. Blog comments have to be approved first though, so it's not an issue with spam showing up on the site.
- rusticdog
- Firetrust Monkey
Post
Re: SpamBots
Urgh, had a bunch more signup, only noticed one actually posted though.
Will have to get something in place soon.
Will have to get something in place soon.
- stan_qaz
- Omniscient Kiwi
- Location: Gilbert, Arizona
Post
Re: SpamBots
I am not a Firetrust employee just a MW user.
--
First rule of computer consulting: Sell a customer a Linux computer and you'll eat for a day,
sell a customer a Windows computer and you'll eat for a lifetime.
--
First rule of computer consulting: Sell a customer a Linux computer and you'll eat for a day,
sell a customer a Windows computer and you'll eat for a lifetime.
- rusticdog
- Firetrust Monkey
Post
Re: SpamBots
Would be nice that's for sure. I've put the CAPTCHA settings higher, in case that helps..
- rusticdog
- Firetrust Monkey
- stan_qaz
- Omniscient Kiwi
- Location: Gilbert, Arizona
Post
Re: SpamBots
That looks interesting, I'm passing it along to a couple other forums that I frequent.
I am not a Firetrust employee just a MW user.
--
First rule of computer consulting: Sell a customer a Linux computer and you'll eat for a day,
sell a customer a Windows computer and you'll eat for a lifetime.
--
First rule of computer consulting: Sell a customer a Linux computer and you'll eat for a day,
sell a customer a Windows computer and you'll eat for a lifetime.
- AlphaCentauri
- Guardian Gecko
- Contact:
Post
Re: SpamBots
You've got to remove the incentive for the spamming. You can't leave live links in place. You can further discourage them by linking them with other pages that will worsen their search engine ranking or divert their traffic. For instance, users like elocoumubre, who lists his website as
http://levirta-us.info/levirta/site_map.html
has never posted, but lists his website URL in his profile He's hoping to drive traffic to his "Levirta" website, which is apparently designed to draw traffic of people who spell badly. His site's meta content looks like this:
<title>Levirta alternative online Levirta Buy levirta, cheap levirta, generic levirta, order levirta, online levirta Levirta consultation </title>
<meta name="description" content="consultation Buy levirta online online Levirta Cialiw visa ciails visa Buy levirta, cheap levirta, generic levirta. Levirta vs levirta levirta price canada levirta buy uk levirta buy cheap levirta online RX Buy levirta, cheap levirta Levirta Buy levirta, cheap levirta, generic levirta, order levirta drugstore Levirta" />
<meta name="keywords" content="Buy levirta, cheap levirta, generic levirta, order levirta, online levirta, buy levirta online, levirta online, discount levirta, order levirta online, buy cheap levirta, Levirta bestellen, what is levirta, pfizer levirta, levirta online uk, levirta order online, Levirta,extender Sialis visa c8alis visa, Buy levirta, cheap levirta, generic levirta. " />
That front page actually links to products at bestsellers-rx.com, a Glavmed/Canadian Pharmacy clone site most likely, based on the 1(210) 888-9089 phone number at the bottom of the page.
The links I have in this post don't go to his site. They go to http://spamtrackers.eu/wiki/index.php/Canadian_Pharmacy , the spamwiki article for Canadian Pharmacy. If you remove the active link in his profile, the sum total of his efforts will be to reduce the odds someone who googles "levirta" will get his site and increase the chances that the spamwiki article will be a higher result. After that happens a few times, he'll likely stop trying to spam this forum, and you won't have to worry about how tough your CAPTCHA is or how many proxy IP numbers you can block.
http://levirta-us.info/levirta/site_map.html
has never posted, but lists his website URL in his profile He's hoping to drive traffic to his "Levirta" website, which is apparently designed to draw traffic of people who spell badly. His site's meta content looks like this:
<title>Levirta alternative online Levirta Buy levirta, cheap levirta, generic levirta, order levirta, online levirta Levirta consultation </title>
<meta name="description" content="consultation Buy levirta online online Levirta Cialiw visa ciails visa Buy levirta, cheap levirta, generic levirta. Levirta vs levirta levirta price canada levirta buy uk levirta buy cheap levirta online RX Buy levirta, cheap levirta Levirta Buy levirta, cheap levirta, generic levirta, order levirta drugstore Levirta" />
<meta name="keywords" content="Buy levirta, cheap levirta, generic levirta, order levirta, online levirta, buy levirta online, levirta online, discount levirta, order levirta online, buy cheap levirta, Levirta bestellen, what is levirta, pfizer levirta, levirta online uk, levirta order online, Levirta,extender Sialis visa c8alis visa, Buy levirta, cheap levirta, generic levirta. " />
That front page actually links to products at bestsellers-rx.com, a Glavmed/Canadian Pharmacy clone site most likely, based on the 1(210) 888-9089 phone number at the bottom of the page.
The links I have in this post don't go to his site. They go to http://spamtrackers.eu/wiki/index.php/Canadian_Pharmacy , the spamwiki article for Canadian Pharmacy. If you remove the active link in his profile, the sum total of his efforts will be to reduce the odds someone who googles "levirta" will get his site and increase the chances that the spamwiki article will be a higher result. After that happens a few times, he'll likely stop trying to spam this forum, and you won't have to worry about how tough your CAPTCHA is or how many proxy IP numbers you can block.
- rusticdog
- Firetrust Monkey
Post
Re: SpamBots
Though I ban users, they still appear in the memberlist, so that needs to be fixed.
The fSPamList also doesn't appear to be working right, had a user sign up earlier who had a record at BotScout http://www.botscout.com/search.htm?ster ... om&stype=q so that should have been prevented, will have to figure that one out.
Still need to go through the user sign ups and remove their URLs.
The fSPamList also doesn't appear to be working right, had a user sign up earlier who had a record at BotScout http://www.botscout.com/search.htm?ster ... om&stype=q so that should have been prevented, will have to figure that one out.
Still need to go through the user sign ups and remove their URLs.
- rusticdog
- Firetrust Monkey
Post
So it's blocking now, done about 8 so far, I've still got to go through and cleanup the users as well
These seem to be Bots though, not manual sign ups, PHPBB forums getting hit hard by spam complaints lately and PHPBB only comes with a SpamCop IP check which is pretty weak.
Re: SpamBots
There was a bug that Steven has now fixed, we also had to tweak slightly for PHP v 4.xstan_qaz wrote:That looks interesting, I'm passing it along to a couple other forums that I frequent.
So it's blocking now, done about 8 so far, I've still got to go through and cleanup the users as well
These seem to be Bots though, not manual sign ups, PHPBB forums getting hit hard by spam complaints lately and PHPBB only comes with a SpamCop IP check which is pretty weak.
- rusticdog
- Firetrust Monkey
Post
Re: SpamBots
Think I got them all now, no doubt I deleted a few legit users.....went from 1318 to 1172, so that was only 146 users......but as PHPBB sucks for deleting users, deleting just one takes 6 mouse clicks.
The blocking is going well, 29 attempts in last 2 hours stopped.
The blocking is going well, 29 attempts in last 2 hours stopped.
- MysteryFCM
- Travelling Tuatara
- Contact:
- Location: Tyneside, UK
Post
Re: SpamBots
hehe glad it's working dude
What blog software is it? Shouldn't be too hard to integrate the SBST into it (wrote a mod for Wordpress that uses it on the fSpamlist blog). Infact, the WP mod should work for all other blog software (though the placement of it will be different), aslong as the vars are changed to reflect the vars used by the software to pass the username/email etc).rusticdog wrote:Certainly is an option, I need something else as well I can plug into the blog, that gets a little spam, though the stupidly plain CAPTCHA with the math question there gets most of it, but I've overloaded the blog comment modules ban list so it won't let me add any more IPs. Blog comments have to be approved first though, so it's not an issue with spam showing up on the site.
Regards
Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net
Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net
- rusticdog
- Firetrust Monkey
Post
Re: SpamBots
It's Drupal, but not sure what blog mod it is. I am sure it will be easy to add though, we've got a guy in the office getting up to speed on Drupal now....the site was set up by contractors, I can ask him to take a look and give you the code when he's done.
I just got an email from BotScout, any idea what they mean with this
I just got an email from BotScout, any idea what they mean with this
Thank you for using the BotScout screening service. We noticed that you're doing 3 checks for each bot-screening test, and we wanted to suggest that you set your software to do the 'MULTI' test to make things more efficient on your end. If you have any questions, please let us know and we'll be glad to help.