Mike
We've had 28 porn spammers register on the Board on Christmas Day and 8 so far on boxing day. Is there a more or less non intrusive manner of screening to allow just legitimate users the ability to register?
spammers
-
Peter McKercher
- Posts: 1074
- Joined: Sun Nov 27, 2005 4:26 am
- First Name: Peter
- Location: Ontario, Canada
- Contact:
spammers
Peter McKercher
Vice President - NASOC
Pre war Singer Specialist and Collector
Automotive Historian
Author of "Racing Roadsters"
Vice President - NASOC
Pre war Singer Specialist and Collector
Automotive Historian
Author of "Racing Roadsters"
-
mikeyr
- Site Admin
- Posts: 1347
- Joined: Thu Nov 17, 2005 10:20 am
- First Name: Mike
- Location: S. Calif.
- Contact:
NOPE !
And by the way it is WAY more than 28, there have been days where I have removed near 50.
I have made as hard as possible, I have the Captcha as strict as possible and I make them wait for my confirmation. The confirmation part means when someone registers, I get sent a e-mail and I have to confirm/deny their registration, that prevents them from posting spam/porn messages on the forum since all they are is "registered" but not approved. Unfortunately their name still shows up in the list of members. The Captcha is a series of numbers in a small graphic that is randomly created and I have made it so strict even I have a hard time reading it.
I actually wonder if the strict Captcha is something preventing normal users from registering.
Anyway, what we have had is 1 or more spammers register manually to figure out the questions that are asked, then they wrote some code to automatically register a few times a hour with different user names but almost always pointing to the same porn/drug site. Sometimes there are so many registering at one time that it has noticeably slowed the server, I logged in the other day and there 11 people registering at the same time.
The reason they do it is to get their websites listed in the search engines, search engines these days give some extra weight to links from "old" websites and this website has been up well over a decade which makes it very old in internet standards so we are a prime target(cool fact, there is a estimated 9-10 Billion, yes Billion with a B, websites on the net according to Google and when this website was first created it was less than 1 Million, this website is OLD), the search engines theory is that the old sites are more stable and they have survived this long because they are of some value to the net, so they give a tiny (and I mean TINY) little bit more weight to links from old sites.
The reason spammers can do this is because some absolute slimeball whose parents should have been sterilized decades ago before they unleashed such a lowlife on this planet, figured out the code and wrote a program to figure out the Captcha that phpbb uses, and released it to the internet. So what was supposed to be a tool to catch non-humans is now useless.
I was able to catch this in the past because I just blocked lots of countries like China and Korea from registering but they got smart and now register with U.S. IPs defeating that defense.
Its not a problem with us only, all the forum sites are getting the same issue and not just phpbb (the software we use) but Vbulletin and Dupral and the dozens of other major forum softwares have the same problem.
Never fear a temporary fix is in the works, the new version of this software was finally released 2 weeks ago (Dec. 13) and I have frantically been working on the upgrade. This release was supposed to be done before Thanksgiving but they held it back until a few weeks ago. Unfortunately, this release means upgrading lots of other software on the server and I am done, just doing some testing and it will be up on the 1st.
At this time there is no crack for the Captcha used by the new version so there can be no automated spammers, although that will come with time which is why I said "temporary" fix, there are a few new features as well such as required questions where the user has to type in a answer, basically something like "What is 2+2? hint the answer is 4, type in a 4" and then they type in 4, I can give the question and the answer because a machine will not be able to identify that easily so it wont prevent users from registering, I will of course make the questions Singer relevant.
The issue with this is that it will NOT stop a real live lowlife from registering and there are now reports of "spam mills" in foreign countries where spammers hire people to do one thing and one thing only, register on forums thereby bypassing all automated controls. The good news about that is we will have fewer hits of course.
Also I believe but i am not sure that un-approved users do not show up in the membership list, if that is the case (and I think it is but need to check) then registering will no longer have any value to them IF the access logs are protected, problem is that many forums do not protect their access logs and are of value to the spammers, since they don't check ahead of time we will still get some.
And lastly, the new version has a checkbox that you can bet I have checked, a user will not be able to type in a web URL for his/her website until I have approved them as a real user, right now its all done during registration, now they will have to register, be approved and then put in their web address, that will yet again lower the value of registering since it is more work for a spammer, a real user will not have a issue with this.
Long winded answer eh ?
And by the way it is WAY more than 28, there have been days where I have removed near 50.
I have made as hard as possible, I have the Captcha as strict as possible and I make them wait for my confirmation. The confirmation part means when someone registers, I get sent a e-mail and I have to confirm/deny their registration, that prevents them from posting spam/porn messages on the forum since all they are is "registered" but not approved. Unfortunately their name still shows up in the list of members. The Captcha is a series of numbers in a small graphic that is randomly created and I have made it so strict even I have a hard time reading it.
I actually wonder if the strict Captcha is something preventing normal users from registering.
Anyway, what we have had is 1 or more spammers register manually to figure out the questions that are asked, then they wrote some code to automatically register a few times a hour with different user names but almost always pointing to the same porn/drug site. Sometimes there are so many registering at one time that it has noticeably slowed the server, I logged in the other day and there 11 people registering at the same time.
The reason they do it is to get their websites listed in the search engines, search engines these days give some extra weight to links from "old" websites and this website has been up well over a decade which makes it very old in internet standards so we are a prime target(cool fact, there is a estimated 9-10 Billion, yes Billion with a B, websites on the net according to Google and when this website was first created it was less than 1 Million, this website is OLD), the search engines theory is that the old sites are more stable and they have survived this long because they are of some value to the net, so they give a tiny (and I mean TINY) little bit more weight to links from old sites.
The reason spammers can do this is because some absolute slimeball whose parents should have been sterilized decades ago before they unleashed such a lowlife on this planet, figured out the code and wrote a program to figure out the Captcha that phpbb uses, and released it to the internet. So what was supposed to be a tool to catch non-humans is now useless.
I was able to catch this in the past because I just blocked lots of countries like China and Korea from registering but they got smart and now register with U.S. IPs defeating that defense.
Its not a problem with us only, all the forum sites are getting the same issue and not just phpbb (the software we use) but Vbulletin and Dupral and the dozens of other major forum softwares have the same problem.
Never fear a temporary fix is in the works, the new version of this software was finally released 2 weeks ago (Dec. 13) and I have frantically been working on the upgrade. This release was supposed to be done before Thanksgiving but they held it back until a few weeks ago. Unfortunately, this release means upgrading lots of other software on the server and I am done, just doing some testing and it will be up on the 1st.
At this time there is no crack for the Captcha used by the new version so there can be no automated spammers, although that will come with time which is why I said "temporary" fix, there are a few new features as well such as required questions where the user has to type in a answer, basically something like "What is 2+2? hint the answer is 4, type in a 4" and then they type in 4, I can give the question and the answer because a machine will not be able to identify that easily so it wont prevent users from registering, I will of course make the questions Singer relevant.
The issue with this is that it will NOT stop a real live lowlife from registering and there are now reports of "spam mills" in foreign countries where spammers hire people to do one thing and one thing only, register on forums thereby bypassing all automated controls. The good news about that is we will have fewer hits of course.
Also I believe but i am not sure that un-approved users do not show up in the membership list, if that is the case (and I think it is but need to check) then registering will no longer have any value to them IF the access logs are protected, problem is that many forums do not protect their access logs and are of value to the spammers, since they don't check ahead of time we will still get some.
And lastly, the new version has a checkbox that you can bet I have checked, a user will not be able to type in a web URL for his/her website until I have approved them as a real user, right now its all done during registration, now they will have to register, be approved and then put in their web address, that will yet again lower the value of registering since it is more work for a spammer, a real user will not have a issue with this.
Long winded answer eh ?
Mike Rambour. Site Administrator
1953 Singer 4ADT (sold), 1934 Singer 9 Le Mans, 1934 Singer 1 1/2 4-Seater Sports (sold), 2009 BMW K1300GT
1953 Singer 4ADT (sold), 1934 Singer 9 Le Mans, 1934 Singer 1 1/2 4-Seater Sports (sold), 2009 BMW K1300GT
-
Paul Bouchard
- Posts: 414
- Joined: Thu Nov 17, 2005 9:35 pm
- First Name: Paul
- Location: Deux-Montagnes, Quebec, Canada
- Contact:
Wow,
The extent to which people will go is amazing. Pity that so much time and resources must go to combatting these unwanted "advances". With the firewalls, anti-virus, anti-spam and everything else out there, someone is making $$$.
Paul
The extent to which people will go is amazing. Pity that so much time and resources must go to combatting these unwanted "advances". With the firewalls, anti-virus, anti-spam and everything else out there, someone is making $$$.
Paul
Paul Bouchard
President, NASOC
Nine Roadster Registrar
1948 A Series Roadster
1947 Super Ten Saloon
1935 Le Mans Super Speed Model
Just enjoying the ride.
President, NASOC
Nine Roadster Registrar
1948 A Series Roadster
1947 Super Ten Saloon
1935 Le Mans Super Speed Model
Just enjoying the ride.
-
Peter McKercher
- Posts: 1074
- Joined: Sun Nov 27, 2005 4:26 am
- First Name: Peter
- Location: Ontario, Canada
- Contact:
Would it help to eliminate allowing people to identify their web site address. This isn't really needed for this site and would eliminate redirection and the benefit to them of listing on the board
Peter McKercher
Vice President - NASOC
Pre war Singer Specialist and Collector
Automotive Historian
Author of "Racing Roadsters"
Vice President - NASOC
Pre war Singer Specialist and Collector
Automotive Historian
Author of "Racing Roadsters"
-
mikeyr
- Site Admin
- Posts: 1347
- Joined: Thu Nov 17, 2005 10:20 am
- First Name: Mike
- Location: S. Calif.
- Contact:
Yes, but that is not possible in this version without editing/modifying the code and that is too much work seeing as I have the new version working.
I had considered that during the summer and it was quite a bit of work and I was afraid of breaking other parts that may depend on that code.
I had considered that during the summer and it was quite a bit of work and I was afraid of breaking other parts that may depend on that code.
Mike Rambour. Site Administrator
1953 Singer 4ADT (sold), 1934 Singer 9 Le Mans, 1934 Singer 1 1/2 4-Seater Sports (sold), 2009 BMW K1300GT
1953 Singer 4ADT (sold), 1934 Singer 9 Le Mans, 1934 Singer 1 1/2 4-Seater Sports (sold), 2009 BMW K1300GT
-
mikeyr
- Site Admin
- Posts: 1347
- Joined: Thu Nov 17, 2005 10:20 am
- First Name: Mike
- Location: S. Calif.
- Contact:
Re: spammers
Ok, lets see what happens with Spammers now. The new software currently should prevent automated spammers, I am sure they will figure out how to automate the steps soon enough.
Right now the only new registrations we will get will be live humans registering, that does not mean they are not spammers but its a start. I deleted 114 spam registrations when I set up this board, that was only 3 of not paying attention, so far with the new forum 12 hours and none. Hope it lasts a long time but I seriously doubt it.
Right now the only new registrations we will get will be live humans registering, that does not mean they are not spammers but its a start. I deleted 114 spam registrations when I set up this board, that was only 3 of not paying attention, so far with the new forum 12 hours and none. Hope it lasts a long time but I seriously doubt it.
Mike Rambour. Site Administrator
1953 Singer 4ADT (sold), 1934 Singer 9 Le Mans, 1934 Singer 1 1/2 4-Seater Sports (sold), 2009 BMW K1300GT
1953 Singer 4ADT (sold), 1934 Singer 9 Le Mans, 1934 Singer 1 1/2 4-Seater Sports (sold), 2009 BMW K1300GT
-
Peter McKercher
- Posts: 1074
- Joined: Sun Nov 27, 2005 4:26 am
- First Name: Peter
- Location: Ontario, Canada
- Contact:
Re: spammers
Well done, Mike. Looks like the spammers are finally under control. That was quite a flurry over the holidays
Peter McKercher
Vice President - NASOC
Pre war Singer Specialist and Collector
Automotive Historian
Author of "Racing Roadsters"
Vice President - NASOC
Pre war Singer Specialist and Collector
Automotive Historian
Author of "Racing Roadsters"
-
mikeyr
- Site Admin
- Posts: 1347
- Joined: Thu Nov 17, 2005 10:20 am
- First Name: Mike
- Location: S. Calif.
- Contact:
Re: spammers
seems to be controlling them now, no new registrations in 2 days...I sure wish it would last but most people are saying a month or so before they figure it out.
One thing is on this version that you can't see the "members" list until you register so maybe it will have no value to them and they wont try.
One thing is on this version that you can't see the "members" list until you register so maybe it will have no value to them and they wont try.
Mike Rambour. Site Administrator
1953 Singer 4ADT (sold), 1934 Singer 9 Le Mans, 1934 Singer 1 1/2 4-Seater Sports (sold), 2009 BMW K1300GT
1953 Singer 4ADT (sold), 1934 Singer 9 Le Mans, 1934 Singer 1 1/2 4-Seater Sports (sold), 2009 BMW K1300GT