The "I Found A Spammer" Thread

By the way, the spam prevention question of 1-2-1997 obviously does not appear to be working.

What's more concerning, the reCAPTCHA is clearly not working either, and that is a much stronger measure.

Think it would be too much of a hassle to alter that question, if possible, to say something like "...please enter the following exactly as you see it, except for the last digit: 1-2-1997"?

 
The 1-2-1997 thing hasn't worked forever. I changed mine a long time ago to see what would happen, and it didn't do anything. I think mine has said 1-2-1996 for two years.

Overall, the registration process seems to have bugs. Many people never get their validation email, and if the spam preventer and the reCAPTCHA isn't working, we have problems.

 
It's been a busy afternoon/evening. I've flagged a bunch of people as spammers so far. Each of them has joined and put spam links in their Status Updates. Only a couple of them have made threads, but most of those are from Russia - with one guy from Beijing.

So far I've flagged/removed Status Updates/moved threads for:

flushdnsorg

SeRviceVar

oxychorritync

atonsealego

ahigalldi

greeckjenss

Nikolirons

These people I strongly suspect of being spammers, but since I can't check their IP address in this version until they post something, I can't be sure:

meerryPep

sparyRepe

Troy06

lorreyn

heittysmirm

jailiDave

Calciumcarbide

HotMomSweme

reoveawoverry

neeminpulge

Kewqnwy

AttacyPoomo

Pefmpys

 
Last edited by a moderator:
The CAPTCHA option is enabled in the Control Panel. However, the Registration Question (1-2-1997) was not set up. I've used zoogies' suggestion, above. Let's see if that doesn't slow things down a bit. Meanwhile, I'll ban all the accounts and IPs, and see if I can't wildcard a few more of them.

 
Of the listed of suspected spammers, there are four with IPs that resolved to America or Canada. They are meerryPep (Canada), jailiDave (Alabama), Kewqnwy (Connecticut), and Pefmpsys (Connecticut). I can ban them, but I don't want to ban the IP or wildcard it, because I suspect that the IPs are for computers that have been taken over by a bot.

 
AR Husker Fan said:
The CAPTCHA option is enabled in the Control Panel. However, the Registration Question (1-2-1997) was not set up. I've used zoogies' suggestion, above. Let's see if that doesn't slow things down a bit. Meanwhile, I'll ban all the accounts and IPs, and see if I can't wildcard a few more of them.
Click to expand...
Uh oh, now the question appears twice. The old question is still there, and the new question as well. Both appear to be functioning. Should we just remove the new one for now? It seems to be in a custom field of some kind, but I don't know where.

Even digging into the registerForm page of the template didn't work.

Here's a link to the registration page

Fair warning, the link will log you out.

 
I've removed it.

I don't get why CAPTCHA and the old question aren't working. I have an odd feeling that the problem is going to be another permissions issue or server setting that we can't enable through the Control Panel.

 
Well, the old question was functioning correctly. The spammers must have gotten it right.

I found out where it was, though, and removed it. I also added a new question back in. Let's see where this gets us!

 
zoogies said:
Well, the old question was functioning correctly. The spammers must have gotten it right.

I found out where it was, though, and removed it. I also added a new question back in. Let's see where this gets us!
Click to expand...
I'm guessing the old one was an IP.Board default, and the bots were programmed to automatically enter the default answer. Good going!

 
zoogies said:
We're still under siege. I wish I knew what was going on.

putmimisi72

riseegioviess

SCBrian

Some of these guys I am almost certain are spammers. Look at the email address on that first one: greenfildmon.o.ba.g.f.gh.s.fh.a@gmail.com

Just like the emails of many of these other spammers we've banned recently. Should we do a pre-emptive in a case like that, or wait until they do something?
Click to expand...
It's getting out of hand. Let's be preemptive. If it's a legit registration, they'll most likely contact us to ask why they were banned, and we can always un-ban them. I've banned those three accounts.

 
Last edited by a moderator:
Found this in a thread on Invision's help boards. Could be something to help with spammers from China, Russia, etc.

You must understand that all spam does not come from bots. Improvements in CAPTCHA and addition of Q & A has made it extremely hard for bots to break past registration.
However in answer to greater security spammers hire people in 3rd world countried for a buck or so a day to register and spam websites, including forums.

So against humans CAPTCHA and Q & A these are not effective. The best bet in such cases is to use the IPS anti-spam service free for active licenses, and also use the Forum Spammer IP & Email Check hook. You need both, because IPS spam service only contains spammers that have attacked other IP.Board forums. The hook contains spammers from all types of websites including forums.
Click to expand...
 
Back
Top