Spambots

Code of conduct, technical issues and problems, suggestions, and/or complaints
User avatar
Zack Morris
Posts: 2837
Joined: Mon Dec 26, 2011 8:52 am
Location: Bayside High School

Spambots

Post by Zack Morris »

My experience suggests the following to be a good idea:

1. Ban *@mail.ru -- this will only stop a fraction of spammers, but I've never seen anything legitimate from this address.
2. Require that new users have their first 1 or 2 (1 is enough) posts moderated. New users are by default added to a New Users permissions group by phpBB and you can control for how many posts they remain there (before being promoted to ordinary users) and whether those posts should be moderated (that is, approved explicitly by the moderator).
3. Use the Q&A filter for registration. You will need to design intelligent questions that a human being will not know the answer to immediately unless he is a member of the target community. Also, make sure the questions are not easily answerable by plugging into Google.

Suggestion 3 is the most effective. You don't want the Members list to become full of inactive spambot accounts (which is what will happen if you only implement idea 2). What we need are some suggestions for questions and answers from other users. The answers should be at most one or two words. For those unfamiliar with how phpBB's Q&A works, the administrator enters questions and multiple responses for each question. Each individual response (a single line) is compared to directly against the user's input. So it's a very "dumb" system that cannot intelligently parse sentences.

I would suggest question/answer pairs like this:

Q:
Which German philosopher, whose name an Asia Times Online columnist used as his pen name for several years, is famous for proposing a cyclical theory of civilization?

A:
spengler
Spengler
oswald spengler
Oswald spengler
Oswald Spengler
oswald Spengler


For something more neutral, you can try this:


Q:
Enter the name of the capital of Japan but with each letter shifted by 1 (e.g. a -> b, g -> h, etc.). Use lower case.

A:
uplzp


Its effectiveness will depend on the laziness of the spammers.
User avatar
Zack Morris
Posts: 2837
Joined: Mon Dec 26, 2011 8:52 am
Location: Bayside High School

Re: Spambots

Post by Zack Morris »

Another alternative is to provide an email for the administrator requiring prospective users to write to for permission to join the board. A few explanatory sentences should be enough to weed out spammers. The administrator could then reply with a password, which would be used as the answer to the question "ENTER THE SECRET PASSWORD".

The problem with this is that it requires work on the part of the administrator. Because forum traffic is currently low, this won't be a problem, but if there are plans to substantially expand the membership, it can become a cumbersome task.
User avatar
Typhoon
Posts: 27242
Joined: Mon Dec 12, 2011 6:42 pm
Location: 関西

Re: Spambots

Post by Typhoon »

Thanks for your suggestions. Will look into the Q&A option.

This last Polish spambot, opelrodker, was nothing if not prolific, so it's clear that the time has come to harden the registration process.
May the gods preserve and defend me from self-righteous altruists; I can defend myself from my enemies and my friends.
User avatar
Zack Morris
Posts: 2837
Joined: Mon Dec 26, 2011 8:52 am
Location: Bayside High School

Re: Spambots

Post by Zack Morris »

Indeed. It will only get worse from here. It starts as a trickle but becomes a torrent. You can expect at least 5 a day within the next week or so.
User avatar
Typhoon
Posts: 27242
Joined: Mon Dec 12, 2011 6:42 pm
Location: 関西

Re: Spambots

Post by Typhoon »

The phpBB registration captcha has now been upgraded to the Google reCAPTCHA.

Let's see if this helps.
May the gods preserve and defend me from self-righteous altruists; I can defend myself from my enemies and my friends.
User avatar
Typhoon
Posts: 27242
Joined: Mon Dec 12, 2011 6:42 pm
Location: 関西

Re: Spambots

Post by Typhoon »

Zack Morris wrote:Indeed. It will only get worse from here. It starts as a trickle but becomes a torrent. You can expect at least 5 a day within the next week or so.
Fortunately the admin board has the capability to delete a registered spambot and all it's posts at once.
May the gods preserve and defend me from self-righteous altruists; I can defend myself from my enemies and my friends.
User avatar
Parodite
Posts: 5637
Joined: Sun Jan 01, 2012 9:43 pm

Re: Spambots

Post by Parodite »

Is it an option to register people personally?

Maybe assign a special "registration moderator" who does/allows for the final registration after somebody applied for registration with indeed a personal question and answer as Zack suggests, plus a short personal motivation textfield, plus the usual graphics letters to be typed in.

Point is to put a human being somewhere in the process.
Deep down I'm very superficial
User avatar
Typhoon
Posts: 27242
Joined: Mon Dec 12, 2011 6:42 pm
Location: 関西

Re: Spambots

Post by Typhoon »

Parodite wrote:Is it an option to register people personally?

Maybe assign a special "registration moderator" who does/allows for the final registration after somebody applied for registration with indeed a personal question and answer as Zack suggests, plus a short personal motivation textfield, plus the usual graphics letters to be typed in.

Point is to put a human being somewhere in the process.
Both Zack and your suggestions are good, but I would first like to see how well the Google reCAPTCHA performs in blocking spambots.

It's a bit early to be optimistic, but so far the recent increase in spambot registration has been stopped.

Now all we need is for some real humans to register :wink:
May the gods preserve and defend me from self-righteous altruists; I can defend myself from my enemies and my friends.
User avatar
Parodite
Posts: 5637
Joined: Sun Jan 01, 2012 9:43 pm

Re: Spambots

Post by Parodite »

Typhoon wrote:Now all we need is for some real humans to register :wink:
It's a matter of time something named Turing will register, wanting to find out if we are true bots or merely human. :P

Image
Deep down I'm very superficial
User avatar
Typhoon
Posts: 27242
Joined: Mon Dec 12, 2011 6:42 pm
Location: 関西

Re: Spambots

Post by Typhoon »

It has now been over one week since the Google reCAPTCHA for registration has been installed.

During this time no new spambots have registered.
May the gods preserve and defend me from self-righteous altruists; I can defend myself from my enemies and my friends.
User avatar
Parodite
Posts: 5637
Joined: Sun Jan 01, 2012 9:43 pm

Re: Spambots

Post by Parodite »

Typhoon wrote:It has now been over one week since the Google reCAPTCHA for registration has been installed.

During this time no new spambots have registered.
Wow. C'est bien.
Deep down I'm very superficial
Hoosiernorm
Posts: 2206
Joined: Fri Dec 16, 2011 7:59 pm

Re: Spambots

Post by Hoosiernorm »

Been busy doing stuff
User avatar
YMix
Posts: 4631
Joined: Mon Dec 12, 2011 4:53 am
Location: Department of Congruity - Report any outliers here

Re: Spambots

Post by YMix »

The topic was deleted and the spambot was banned.
“There are a lot of killers. We’ve got a lot of killers. What, do you think our country’s so innocent? Take a look at what we’ve done, too.” - Donald J. Trump, President of the USA
The Kushner sh*t is greasy - Stevie B.
Hoosiernorm
Posts: 2206
Joined: Fri Dec 16, 2011 7:59 pm

Re: Spambots

Post by Hoosiernorm »

YMix wrote:The topic was deleted and the spambot was banned.
A look behind the scenes at how the Freepers handle these things
Been busy doing stuff
User avatar
monster_gardener
Posts: 5334
Joined: Fri Dec 23, 2011 12:36 am
Location: Trolla. Land of upside down trees and tomatos........

Spam Alert Congratulations

Post by monster_gardener »

Thank you Very Much for the maintenance of the Forum

Spam Alert

viewtopic.php?f=3&t=787

Current events at top of forum.

WOW!

Congrats.......... You got it already!
For the love of G_d, consider you & I may be mistaken.
Orion Must Rise: Killer Space Rocks Coming Our way
The Best Laid Plans of Men, Monkeys & Pigs Oft Go Awry
Woe to those who long for the Day of the Lord, for It is Darkness, Not Light
User avatar
monster_gardener
Posts: 5334
Joined: Fri Dec 23, 2011 12:36 am
Location: Trolla. Land of upside down trees and tomatos........

Re: Spambots

Post by monster_gardener »

Thank You Very Much for maintaining the forum.

Spambot sighting..........

viewtopic.php?f=3&t=428#p23886
For the love of G_d, consider you & I may be mistaken.
Orion Must Rise: Killer Space Rocks Coming Our way
The Best Laid Plans of Men, Monkeys & Pigs Oft Go Awry
Woe to those who long for the Day of the Lord, for It is Darkness, Not Light
User avatar
YMix
Posts: 4631
Joined: Mon Dec 12, 2011 4:53 am
Location: Department of Congruity - Report any outliers here

Re: Spambots

Post by YMix »

Deleted & Banned. Thanks for being vigilant, citizen! :)
“There are a lot of killers. We’ve got a lot of killers. What, do you think our country’s so innocent? Take a look at what we’ve done, too.” - Donald J. Trump, President of the USA
The Kushner sh*t is greasy - Stevie B.
User avatar
monster_gardener
Posts: 5334
Joined: Fri Dec 23, 2011 12:36 am
Location: Trolla. Land of upside down trees and tomatos........

Spambot sighting

Post by monster_gardener »

Thank you Very Much for maintaining the Forum

Another Spambot alert.......... weird one........ ;)

viewtopic.php?f=3&t=987
For the love of G_d, consider you & I may be mistaken.
Orion Must Rise: Killer Space Rocks Coming Our way
The Best Laid Plans of Men, Monkeys & Pigs Oft Go Awry
Woe to those who long for the Day of the Lord, for It is Darkness, Not Light
User avatar
YMix
Posts: 4631
Joined: Mon Dec 12, 2011 4:53 am
Location: Department of Congruity - Report any outliers here

Re: Spambots

Post by YMix »

Deleted & Banned. We're getting upper class spambots.
“There are a lot of killers. We’ve got a lot of killers. What, do you think our country’s so innocent? Take a look at what we’ve done, too.” - Donald J. Trump, President of the USA
The Kushner sh*t is greasy - Stevie B.
AzariLoveIran

Re: Spambots

Post by AzariLoveIran »

.

Colonel and YMix, thanks for maintaining the forum .. Merci


.
User avatar
monster_gardener
Posts: 5334
Joined: Fri Dec 23, 2011 12:36 am
Location: Trolla. Land of upside down trees and tomatos........

TurnitinBot... for high quality forums vs. Plagiarism

Post by monster_gardener »

Thank You For Maintaining the Board, Admins.

Found a bot that I had not seen before reading in Current Events.

TurnitinBot

Looked it up...........

http://www.webmasterworld.com/forum11/2899.htm

Apparently the level of the discussion here may be of such high quality that students plagiarize it ;) 8-)

TurnitinBot/2.0 [turnitin.com...]
is thisbotis harmfull ... is this bot can help me any way... or it is useless... please help me out


kevinpate

[print msg]


msg:404508 3:25 pm on Jul 18, 2005 (gmt 0)

The bot exists to gather information for their service, a service sold to school instructors to aid them in detecting plagiarism by their students.
Clint

[print msg]


msg:404509 5:32 pm on Jul 18, 2005 (gmt 0)

[webmasterworld.com...]

Other info I see on it states that it tries to exploit webserver vulnerabilities. Do a search on it (TurnitinBot).
osujit

[print msg]


msg:404510 5:41 am on Jul 19, 2005 (gmt 0)

Thanks... for the reply ...
SO it is Not really a search engine, but. turnitinbot/1.4. .is an User Agent: TurnitinBot/1.4
[turnitin.com...] IP: 64.140.48.25...
not much use full taking unnecessary bandwidth.
thanks again
-sujit
Dijkgraaf

[print msg]


msg:404511 9:38 pm on Jul 19, 2005 (gmt 0)

Well it might catch students who are trying to pass your work of as their own.
keyplyr

[print msg]


msg:404512 9:48 am on Jul 24, 2005 (gmt 0)

As an educator myself, at first I was theoretically supportive of TurnitinBot until it came by my site. It requested robots.txt and then proceeded to ignore disallowed list.

Upon further investigation at their site, I found cached copies of my heavy content webpages. The very same pages I don't want copied - LOL

Yes, they sell their service, but so far they haven't offered me my cut.

I emailed them demanding they remove my property from their DB but never received a reply. I now ban them by UA.
Clint

[print msg]


msg:404513 12:11 pm on Jul 24, 2005 (gmt 0)

Are all of you showing the bot's IP is 64.140.48.25? I want to go ahead and block it now.
GaryK

[print msg]


msg:404514 6:52 pm on Jul 24, 2005 (gmt 0)

These are the IP Addresses I have on file for this bot:

64.140.49.66
64.140.49.68
64.140.49.69
204.9.204.203
Clint

[print msg]


msg:404515 9:35 am on Jul 25, 2005 (gmt 0)

Thanks. :)

You don't have 64.140.48.25 listed?
GaryK

[print msg]


msg:404516 3:27 pm on Jul 25, 2005 (gmt 0)

Nope. But that doesn't mean anything really. Perhaps it uses different IP blocks to crawl different geographic regions. My servers are located in Virginia and Texas in the USA.
Global Options:
top home search open messages active posts
For the love of G_d, consider you & I may be mistaken.
Orion Must Rise: Killer Space Rocks Coming Our way
The Best Laid Plans of Men, Monkeys & Pigs Oft Go Awry
Woe to those who long for the Day of the Lord, for It is Darkness, Not Light
Hoosiernorm
Posts: 2206
Joined: Fri Dec 16, 2011 7:59 pm

Re: Spambots

Post by Hoosiernorm »

https://www.turnitin.com/robot/crawlerinfo.html

That is an interesting little bot
Been busy doing stuff
User avatar
Typhoon
Posts: 27242
Joined: Mon Dec 12, 2011 6:42 pm
Location: 関西

Re: Spambots

Post by Typhoon »

Over the last couple of days we've had a increase in spambots getting past the captcha.

All were from Russia and the Ukraine.

Sorry for the inconvenience.

Will look into how we can further make it difficult for spambots to register and spam.
May the gods preserve and defend me from self-righteous altruists; I can defend myself from my enemies and my friends.
User avatar
Typhoon
Posts: 27242
Joined: Mon Dec 12, 2011 6:42 pm
Location: 関西

Re: Spambots

Post by Typhoon »

I've replaced that Google reCAPTCHA visual challenge, which apparently has now been hacked, with a Question and Answer challenge for the registration process
as a test to determine if this will reduce the number of spambots registering.
May the gods preserve and defend me from self-righteous altruists; I can defend myself from my enemies and my friends.
User avatar
Typhoon
Posts: 27242
Joined: Mon Dec 12, 2011 6:42 pm
Location: 関西

Re: Spambots

Post by Typhoon »

Typhoon wrote:I've replaced that Google reCAPTCHA visual challenge, which apparently has now been hacked, with a Question and Answer challenge for the registration process
as a test to determine if this will reduce the number of spambots registering.
So far the new Q & A registration challenge appears to be working.

No spambots have been able to register since it was implemented.
May the gods preserve and defend me from self-righteous altruists; I can defend myself from my enemies and my friends.
Post Reply