News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

Any way to purge spambots?

Started by rexall9000, October 07, 2015, 10:41:29 PM

Previous topic - Next topic

rexall9000

Thu 8 Oct 2015, 9:32 am

Hi ForumMates,

I have five forums, and am having SPAM/malicious problems with (only) one,  http://www.MindBodyThailand.com .  SMF 2.0.11. I assume that this is because this forum has been around since 2007, was originally a vBulletin installation that we migrated over to SMF a couple of years ago.  Apparently we had not set the security adequately in the vBulletin days and it harbored a bunch h of spambots.  We have 25 pages of members, very few who actually participate.   Every day, I have to delete accounts that are posting porn and SPAM and malicious stuff.  As we pipe our posts over to the sister facebook page, I have to delete this stuff twice!  It gets to be a pain and is less than charming for visitors.

Anywho, any options, strategies suggestions for identifying and purging this stuff?

thanks for your help.  Much appreciated.

Rex

Kindred

Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

rexall9000

Thanks for the link, Kindred. However, the remedies in the link are spam prevention; keeping spambots from getting into forums in the first place.  If you had read my message, you would have realized that my problem is not keeping them out, but dealing with an existing infestation. 

Kindred

then you will just have to delete them, like any other user...
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

vbgamer45

I was thinking about doing a service for forums. Just comparing exiting users that are registered based on email/username and then removing them if they are a spambot
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

Sir Osis of Liver

Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

rexall9000

Quote from: Kindred on October 08, 2015, 12:31:31 PM
then you will just have to delete them, like any other user...

Sir, in all due respect, you would have saved yourself time and effort if you had read message carefully before you taking the time to post responses that are unhelpful.   I asked a specific question :  "Anywho, any options, strategies suggestions for identifying and purging this stuff?.  I assume that most of my members are spambots.  Is there any way to determine which ones are malicious and delete thembefore they have a chance to post? I am not technical and I don't know how spambots work, but I assume they have are on some kind of a timer which is why their posts keep dribbling in one or two at a time almost every day.

rexall9000

Quote from: vbgamer45 on October 08, 2015, 01:27:30 PM
I was thinking about doing a service for forums. Just comparing exiting users that are registered based on email/username and then removing them if they are a spambot

How do you know if they are a spambot?

br360

The best way to keep further spambots from registering would be to read the link that kindred posted above. You may be able get rid or verify your current members, but it is important to try to make sure that you can keep new spammers out.

If you are trying to identify whether a member is a spammer or not, try using ip address look ups like http://whatismyipaddress.com/ip-lookup, or running their IP/email address through http://www.stopforumspam.com/ and see what comes up.

rexall9000

Current security measures are adequate. We have five forums, and the one in question is the only one that has this problem.   The 1,000 or so members are mostly ones we migrated over from vBulletin.  Obviously, we were naive about security in the vBulletin days, but that is all water under the bridge.  The challenge is trying to separate the few real members from the overwhelming majority of spambots.  I suppose we could just purge everyone e who has not posted in, say, six months.  That is a bit brutal, but would probably be 90% effective, and we would then just live with the 10% collateral damage.


br360

Did you get a chance to test some of your members that you think may be spammers using the ip adress lookup or stop forum spam links?

If you purge all of the members that haven't posted in say six months; what about any spammers you would still have that registered say a couple months ago that have yet to come back to your forum; but once they do, may put up 100's of posts overnight?

Have you considered moderating members who may not have posted yet; meaning that any of their posts wouldn't show up on the board until manually approved?

This link has some great info on how you can accomplish that-  http://www.simplemachines.org/community/index.php?topic=453907.msg3172296#msg3172296

vbgamer45

Quote from: rexall9000 on October 08, 2015, 08:32:40 PM
Quote from: vbgamer45 on October 08, 2015, 01:27:30 PM
I was thinking about doing a service for forums. Just comparing exiting users that are registered based on email/username and then removing them if they are a spambot

How do you know if they are a spambot?
Basiclly from spambot lists such as stopforumspam
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

rexall9000

You have to check 1,000 e-mail addy's agains a list one-at-a-time?

shawnb61

Here are a couple of thoughts...

Idea #1:  The StopForumSpam website lets you download lists of known IPs & email addresses & usernames for known spammers/hackers:
https://www.stopforumspam.com/downloads/

I would do a dump of smf_members into Excel & do a VLookup against these lists.  You could try either IP and/or email address and/or username.

That would give you a list of suspects pretty quick.   

IP addresses are NOT the best way to ID spammers, since some are working from ISPs and their IP address changes over time.  I had a regular user who was challenged by my StopForumSpam mod.  He used an ISP/DHCP so his IP changed over time, and his IP that day was "close" to that of a known spammer.   

Despite this, it will give you a bunch of users to look at.  Then you can pull them up in your forum, look at their post history & decide whether to purge or not.   


Idea #2:  If these guys are simply idle until they strike, then purge members that have been unused.  SMF provides tools for doing such pruning.


If I were in your shoes, I would start with Idea#2, then do Idea#1...   

Hope this helps,
Address the process rather than the outcome.  Then, the outcome becomes more likely.   - Fripp

vbgamer45

Yeah I would only really go by email since that is unique enough.
Community Suite for SMF - Take your forum to the next level built for SMF, Gallery,Store,Classifieds,Downloads,more!

SMFHacks.com -  Paid Modifications for SMF

Mods:
EzPortal - Portal System for SMF
SMF Gallery Pro
SMF Store SMF Classifieds Ad Seller Pro

shawnb61

Well, I just tried my own advice & learned a couple of things...

First, the email & username lists are too long to work with in Excel.  The IP list worked OK. 

Second, with StopForumSpam installed, if you search for a user in the Admin view, there is a handy little lookup directly from the members view into the StopForumSpam website, which makes it easy to double-check the email & username.   

Third, this process gave me a list of suspicious characters in my own forum...   Off to go purge a few...
Address the process rather than the outcome.  Then, the outcome becomes more likely.   - Fripp

Advertisement: