Recent spammers attack

Our forum recently has been attacked by some spammers.
Since no sane human could post this number of spam messages I think that it was a bot.
Unfortunately, the only way to block the spam bots completely is forcing the users to pass a Turing test (Visual Confirmation) each time they post a message.
I am sure, everyone is familiar with the concept (it's when you're asked to enter the numbers or a phrase that are rendered on a picture with distortions no computer program can recognize).
So, if users are required to pass the Turing test each time they post a message it will be a small inconvenience, but this will block the bots entirely. (Of course, human spammers will remain).
There must be a plugin for phpBB that enables such a function. The only question is whether the other users find it necessary.
So what do you think?

For those, unfamiliar with the concept (though I doubt there will be any) you can look here for an example:
http://www.captcha.net/

Даже не знаю, что ответить. Не очень легко ответить "да". Меня, например, беспокоит то обстоятельство, что спамеры создают не больше двух тем в минуту. Не слишком ли медленно для бота?

In English or Russian?
Just curious, I've never seen on with Cyrillic characters.

Worst spam I've ever seen here. =@

capecoddah: You can input digits instead of text. The link I gave you is just an example.

Звездочет, я всё-таки думаю, что это скрипт. Он может работать быстро, но пропускная способность канала и время исполнения на сервере - величины ограниченные и не контролируемые спаммером.
Загрузить ссылку New Thread, сформировать сообщение, отослать обратно - само по себе это займет некоторое время, даже если скрипт написан грамотно. Я так думаю, что где-то секунд 10 в идеальном случае будет требоваться на одно сообщение. А если учесть, что форум всё-таки не из самых быстрых, и иногда на отклик требуется до 5 секунд (тем более, что спаммер, скорее всего, работал через прокси сервер, расположенный в Китае), то одно сообщение в 30 секунд - это очень хорошая скорость.

Вчера вручную удалила около 400 постов, пока МА не появился. Всего было запощено 853 примерно за полчаса.
Сегодня опять тот же порноспам под тремя никами! Успела их остановить после 70 постов.
:evil:

Quote:

---

Вчера вручную удалила около 400 постов, пока МА не появился.

---

:shock: За такой труд нужно орден выдавать!
http://tbn2.google.com/images?q=tbn:...bout/orden.png

И ты всё ещё думаешь, это не скрипт?
К тому же, по опыту на других форумах, не думаю, что ввести 4 цифры с картинки будет сильно напрягать пользователей при отправке сообщений.
А ограничения на регистрацию вводить бессмысленно - регистрируется человек, потом запускается скрипт.

Quote:

---

Originally Posted by Звездочёт

Quote:

---

Вчера вручную удалила около 400 постов, пока МА не появился.

---

:shock: За такой труд нужно орден выдавать!
http://tbn2.google.com/images?q=tbn:...bout/orden.png

---

Спасибо! :-)
Чтобы быстро кликать, я фламастером поставила точки на экране.

Quote:

---

И ты всё ещё думаешь, это не скрипт?
К тому же, по опыту на других форумах, не думаю, что ввести 4 цифры с картинки будет сильно напрягать пользователей при отправке сообщений.
А ограничения на регистрацию вводить бессмысленно - регистрируется человек, потом запускается скрипт.

---

Не скажу, что в восторге от такой от такой меры, но труд Лампады вдохновил меня повставить своё "за". :)

Давайте подождём немного. Хочется, чтобы у всех был лёгкий доступ к форуму.
Может быть, этим спаммерам надоест с нами иметь дело?
А пока мне нужно уйти от компа. Держитесь!

Может быть, спрашивать у пользователя, умеет ли он читать и писать (то, что ты называешь turing test) только в случае, если в сообщении есть такие слова как gay, porn, bitch, rent your home, и прочее?

Quote:

---

Originally Posted by Zubr

Может быть, спрашивать у пользователя, умеет ли он читать и писать (то, что ты называешь turing test) только в случае, если в сообщении есть такие слова как gay, porn, bitch, rent your home, и прочее?

---

Вообще, они очень изобретательны. К тому же, похоже, это целенаправленная атака. MasterAdmin - изучай логи. Что-то мне подсказывает, что кому-то не нравится именно MasterRussian. Или переходи на круглосуточное дежурство )))

it really does not bother me to much to do that. It just will take a bit longer to post.

I am on another forum for ballroom dancing. We had a similar situation.I know one of our administrators has something he has put into use to catch spammers before they post. It has something to do with certain ISPs the bots/spammers are using or coming from. Since he did whatever he did with this patch, we have had a lot less spam/bot things "popping" up on the boards.

Would you like me to find out and see if I can get the information for you for this forum?

C

Is there not an option that users cannot start a new threat until they do not have at least, I don't know, 3 posts? I know that's how it was worked out on another forum. Although, I know it might not exactly work here, since lots of new people just register in order to ask one question and then vanish :dunno:

As for the Turing test, if theres no other option, I'm all for it, as long as it's not illegible!

Quote:

---

Originally Posted by kamka

Is there not an option that users cannot start a new threat until they do not have at least, I don't know, 3 posts? I know that's how it was worked out on another forum. Although, I know it might not exactly work here, since lots of new people just register in order to ask one question and then vanish :dunno:

As for the Turing test, if theres no other option, I'm all for it, as long as it's not illegible!

---

Spammers have posted over 1000 messages by now (including those Lampada had deleted). And that limit somehow defeats the purpose of, say, "Translate this" forum.
But it will be possible, I think, to force new users to pass the Turing test until they have successfully posted their first 10 (100) posts. After this the requirement to type visual confirmations could be lifted.

Quote:

---

Originally Posted by Ramil

And that limit somehow defeats the purpose of, say, "Translate this" forum.

---

I suppose it is a slightly different situation, since it's a peculiar sort of forum.
It was just a random suggestion, as I know that's how such problem was solved elsewhere. :)

Ramil,

Could you please add a choice of "Don't Care" or "Doesn't Matter" as to me it really doesn't matter whatever the group decides is the best way to handle this is fine with me and I will go with. Maybe there are others like me. :unknown:

Yay for cyrillic captcha! It even don't have to use some distorted letters - just check the ability of typing cyrillic letters.
Or play devil and use something like 'семеро ... не ждут' -> enter the missing word here. For those who can't there is premoderation.

Quote:

---

Originally Posted by kamka

Is there not an option that users cannot start a new threat until they do not have at least, I don't know, 3 posts?

---

something like that sounds good...that Turing thing's a pain in the butt (скажите ли, как по-русски pain in the butt или что-то подобное.)

Quote:

---

Originally Posted by sperk

...that Turing thing's a pain in the butt (скажите ли, как по-русски pain in the butt или что-то подобное.)

---

Оно мне нужно как головная боль.

This is probably a bot with time delay between post to bypass time-based security measures.
I don't like the idea of captcha for every new post. Это то же самое, что забивать гвоздь кувалдой.
For now, I will be doing activation of all new accounts by admin.

Quote:

---

Originally Posted by MasterAdmin

This is probably a bot with time delay between post to bypass time-based security measures.
I don't like the idea of captcha for every new post. Это то же самое, что забивать гвоздь кувалдой.
For now, I will be doing activation of all new accounts by admin.

---

How that is supposed to stop the spammer? He (or she) will register, wait for the activation and then fill the board with spam again.

It is usually easy to see who is a spammer and who's not. Most spammers would move on to an easier target. They have 1000 more sites to spam and their time is limited.

So far all those porn-spammers (6 nicknames) have been registered here in April, May and June.

China
Age: 38
Occupation: Manufacturing, operations
Interests: Religion, spiritual

Quote:

---

Originally Posted by Ramil

Quote:

---

Originally Posted by Zubr

Может быть, спрашивать у пользователя, умеет ли он читать и писать (то, что ты называешь turing test) только в случае, если в сообщении есть такие слова как gay, porn, bitch, rent your home, и прочее?

---

Вообще, они очень изобретательны. К тому же, похоже, это целенаправленная атака. MasterAdmin - изучай логи. Что-то мне подсказывает, что кому-то не нравится именно MasterRussian. Или переходи на круглосуточное дежурство )))

---

Не нравится? Мне кажется им наоборот очень даже нравится :)

Просто нужна функция, ограничивающая количество новых тем или постов, которые может сделать новоиспеченный пользователь.

Буду заниматься вот этими добавками http://www.phpbb.com/mods/db/index.php? ... b=antispam

Here is some information that I have gotten bt our administrator of my ballroom forum. He said I could pass it along and hopefully it will help you. :D

From DC ...

I've been investigating our recent spammers, and I suspect that they are actually all the same person/group. Looking over the reports on stomforumspam for the various IP addresses they are using, I see a pattern. I've posted at the simplemachines forum to see if anyone has any idea how they are beating the Are You Human question (which I've verified is still working). But here's a scary thought: It seems that some spammers are paying people in Third World countries to go around registering on forums, and then sending the usernames to the spammers for them to run scripts on. If that starts happening on a large scale, it will be nearly impossible to beat. Worst case, it will force all forums on the Internet to either go to admin approval for registrations, or make registration by invitation only. Arrrgh!

Believe it or not, the "are you human" thing has made a significant difference for us. I think the key is that it puts the answers in a random order each time the page is accessed, so a script can't just assume that the Nth thing in the list is the right answer.

Each time a new user registers, if they don't post something on-topic right away, I take a look at their IP address and check stopforumspam.com to see if they have reports of spam coming from that IP address. I also look at things in their profile. They often put links to spam sites in their profile. If I see that, I ban them right away. I also ban them if the email is clearly bogus, e.g., "name@address.com". Things I regard as suspicious:

* hostname that corresponds to the IP address is clearly bogus (no such domain or .arpa domain)
* whois reports that the IP address is reserved or not assigned
* whois reports that the IP address is for a computer or network in a different country than the email host
* Email address is for one of the free email services like hotmail, gmail, or mail.ru

Also, there is an ISP in Russia that is notorious for being spammer-friendly. I'd say that at least half of all of the spam attempts we get at PDO come from that one source. The ISP is called Dragonara, and they own a set of IP addresses that all need to be banned. Let me go look at what I did and I'll post a followup here in a few minutes.

I just looked... Dragonara's IP addresses are 194.8.72.*, 194.8.73.*, 194.8.74.*, and 194.8.75.*. The forum operator needs to ban all of these.

Yeah, the "are you human" thing appears on the registration page and you have to answer it correctly. Just for fun: Log out of PDO, and then when it takes you to the guest index pages, go to the registration page. You'll see the question and the list of possible answers, some of which are rather humorous. The idea is that a person can easily figure out what the correct answer is, but a script has no clue. The answers are put in a random order for each registration attempt.

BTW, the one other thing I forgot to mention is that the forum operator has to stay on top of software updates. PDO uses software from Simple Machines (www.simplemachines.com; it's free), and they have released two security patches over the past two months. They seem to do a pretty good job of patching security holes promptly.