Recent problems with spambots

[wesley123]

The other thing is that these aren't bots from infected computers, they nearly all originate from IPs in Pakistan, India or Russia. I'd expect infected computers to come from a broader range of countries?

Not if it was a direct attack towards that area(see, Stuxnet for example.).

Also, who says they are infected? Believe it or not, there is good money in doing such bad, bad things on the internet. People pay a good amount of money to have Captcha's cracked, for example, there are lots of services in those areas of the globe where people just solve captchas all day.

But on the Captcha thing. I heard that Google was trying out a new form where it simply checks user action to determine if it's a bot or not, saw it implemented on Tumblr, but I'd doubt that would work if it's an actual human being making these spam accounts.

Never heard of the hiddenfield trick before, certainly an interesting one. It might work if that field refers to validating your e-mail(typing it a second time) without it actually being necessary. A spambot would fill it in as it needs to verify it's e-mail adress twice.

[strad]

but i cant imagine so eone taking the time to so with so little "reward".

OH but they do.. and I think it is this ...

Sometimes, they just exist for the pure sake of a bit of fun by the creator to see his little 'work of art populate the internet and spread the love...err message'.

.. Why else would some Russian repeatedly insert malware into my pitiful, nothing site where there was none, nada, zero reward... Except perhaps the fun of driving me crazy removing it over and over, to the point I pulled the site.

[Phil]

Never heard of the hiddenfield trick before, certainly an interesting one. It might work if that field refers to validating your e-mail(typing it a second time) without it actually being necessary. A spambot would fill it in as it needs to verify it's e-mail adress twice.

It's a neat trick, something I came up with a while ago and has pretty much solved my spam-bot issues on the sites I included it on. Of course this doesn't make it an impossibility - if you have someone dedicated enough that is targeting *your* site, it's easy to circumvent. But statistically speaking, spamers are not interested in hacking a single site (unless we are talking about a high traffic site), it's all about reaching the masses by programming a script that can spread its wings by working on as many sites as possible. So the key here is lowest-common-denominator.

BTW; It doesn't have to be an email address field at all, it can be anything. The important thing is, it has to look like a normal inputfield (so no using the type="hidden"), but needs to be turned invisible through a CSS (preferably linked externally) attribut. Why? It's easy to program a bot - the most simple one will require no more than 10 lines of code. However if you start using attributs through externally linked CSS files, the bot would need to interpretate those too, which would mean A LOT of added complexity with no guarantee that it will work.

Other tricks to determine if the user is a bot or a human is by checking if the visitor is using an actual browser to view the page. Using javascript to generate a captcha of some sort (or an inputfield that is a must-field) works here. Bots are scripts and usually don't have have a javascript engine, (so they can't intepretate any js code as a browser will)... they simply look at the underlying HTML code.

The best solution to protect yourself against bots is to start simple and perhaps use a combination of the above. A hidden inputfield will already block most unwanted spam. Adding a javascript to generate some dynamic inputfield at runtime would give another layer.

I don't like captchas, which is why I've been working on solutions that work by exploiting simple bot behaviour.


@Richard,
This forum has become quite slow when submitting posts lately. Has this to do with the external databases the site is checking to see if the ip address is on a black-list for spam-bots?

[hollus]

@Richard,
This forum has become quite slow when submitting posts lately. Has this to do with the external databases the site is checking to see if the ip address is on a black-list for spam-bots?

Actually, it is not slow at all. The post is submitted almost instantly, if you have a second window open to check it, it will show your post nicely almost as fast as you can refresh that window. It is the page showing that the post has been sent that takes forever to appear causing people to double and triple click the submit button.

[Richard]

The site only uses the spam database at registration and the naughty word filter for a member's first 10 posts. So the CPU load is very low. After that we assume the person is safe. It used to be for the first 5 posts until we had someone a few years ago who got to 7 posts before getting caught!

[Steven]

A few short notes:

- The updated forum will enable us to have many more different methods to avoid spam registration
- The spamfilter will also check the spam database on posting, not only on registration
- F1Technical runs on our very own server, so everything is possible (and to be clear, CPU load is less than 5% or most of the time)

[djos]

The spammers are back with a vengeance.

[mikeerfol]

It's getting worse and worse

[Phil]

If you guys need some help regarding the spam-bots, PM me.

PS: Logs would be very interesting. Logs with both POST and GET access for the particular spammer. But they are bots, not 'humans' doing this.

[George-Jung]

ohhh ---..

[turbof1]

That was literally the sh*t river we had to peddle through. And it's not over; this attack keeps registering bots. I think I got rid of the filth for now, but I hope Steven comes along soon since this is just crazy. I spend the last 45 minutes removing spam.

[Just_a_fan]

I reported a few spam posts last night. I guess that's all we users can do to help. Keep up the good work mods, we appreciate it =D>

[Tim.Wright]

I've mentioned this before but why can't you implement a system which disables a user's account if it is reported for spam?

[turbof1]

I've mentioned this before but why can't you implement a system which disables a user's account if it is reported for spam?

Like automatically? That'll easily lead to childish abuse, as anyone registered could flag a post as spam.

We could perhaps implement something that when a member has multiple posts flagged bty multiple people be automatically banned until a moderator can assess the situation.

However, in this case it would have done very, very little. The latest spam attack did not came from one user account, but from 6-7 user accounts at once. Before the first post has been flagged as spam, one account could have made a dozen post already. Then a second registers and the whole cycle repeats.

IMO, we should be focussing on the registering. Maybe take a whole different approach on the security questions, like showing an image and ask "what do you see", with a list of options shown below. That will exclude automatic registering spambots, it will however not exclude humans who manually register spambots (yes, there's such a thing!). So it remains difficult.

[Tim.Wright]

The abuse problem is easy to fix. Just implement it without telling anyone so no-one will know its operating

How often do you see abuse of the spam report function now??

Anything that gets reported wrongly (i.e. by accident) would be picked up by the mods when you scan through the reports.