News:

Bored?  Looking to kill some time?  Want to chat with other SMF users?  Join us in IRC chat or Discord

Main Menu

Stop Spammer

Started by M-DVD, December 31, 2008, 07:31:43 AM

Previous topic - Next topic

Angie on Dialysis

I have this on my site and my fiance's site and it works great but I am also a mod on another site I recommended this to and when he upgraded to 1.12 the images disappeared (even though they are there). I told him to install the latest version. Will that work or is there something else he should do? Does he need to uninstall the old version?

Sorry lack of information here but since I am not the admin of his site but just the spam fighter this is all I can say..

snoopy_virtual

I suppose it is because your friend haven't got an API key from www.stopforumspam.com

All the mods without their own API key stopped working when the admin of that site deleted the default API key this mod was using before, due to abuse of some people.

To sort the problem he should register in www.stopforumspam.com, ask for an API key and then update to the new version.

And yes, to install the new version he will need to uninstall first the old one.

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

Angie on Dialysis

Quote from: snoopy_virtual on December 29, 2010, 05:43:59 PM
I suppose it is because your friend haven't got an API key from www.stopforumspam.com

All the mods without their own API key stopped working when the admin of that site deleted the default API key this mod was using before, due to abuse of some people.

To sort the problem he should register in www.stopforumspam.com, ask for an API key and then update to the new version.

And yes, to install the new version he will need to uninstall first the old one.

Thanks. I sent him a PM about this referring him to this thread.

cypdevil

I have a suggestion for future versions. Basically, it is to add a weighted score based on the profile summary and, if the score exceeds an arbitrary value, then it flags the yellow or red icons. This is based on the probability of spammers' behaviour when a bot fills in the form. It would probably not catch a manual spammer. I base this on a subjective appreciation of several 100 profiles. I'm not a php scripter, so I'll illustrate what I mean in plain language.

If Name >8 characters add +1 to score (the actual values are arbitrary. Few genuine names are long, many spammers ones are)

If Name has both alpha and numeric characters +1

If Name is a listed forename -2 (a db of common forenames is needed)

If IP is same as another registered IP +2

If IP is country specific to N. America or Europe -1

If Hostname ends in .cn, .ru, (etc,) +5

If Hostname is same as (contains?) IP +3

If ICQ, AIM, MSN or YIM -1 (spammers rarely fill these in)

If Email domain yahoo, gmail, hotmail or similar +2

If Email name = Name -1

If Website -1 (85% spammers don't add one, 45% hammers do)

If Gender, Age, Location, Language, Signature -1 each

If Additional Information -2
___________

If score >10 (arbitrary figure), automatically ban, fix Name in ad hoc db, delete and add to spammer db
If score >2 raise check warning.

If one of you scripting wallahs wishes to pursue this idea, I can fill in more details.


Angie on Dialysis

#1024
I don't think all of those triggers would be good indicators of a new registrant being a spammer.

First of all, I have seen real people register with email addresses as their name (and I have had to change them for them for security reasons) and I have also helped people get their computers clean that were sending out spam emails without them knowing or talked them how to get their email clean if it was hijacked (I know 4 people in the last 6 months alone that that happened to). Also I have seen plenty of spammers fill in the ICQ, AIM, MSN or YIM with real looking information as well as real people DO use gmail (I do) and yahoo (I do) and hotmail (almost my whole family does even though I told them how much it sucks). Also many MANY times spammers will put in a website address but many times spammers wait until they know they got into the forums successfully and then will edit their profile to add their website after they feel you are no longer going to keep an eye on their profile information. Gender, Age, Location is the same like ICQ, AIM, MSN or YIM. Some will fill ALL these out and other spammers will only fill out what is necessary. Signature is the same as personal website .. they wait to add it once you are not looking at their profile anymore as they want to make sure you don't remove it as to them it is the same as spamming links in threads except less of a chance of you catching it in profiles.  Also when it comes to letting more than one registrant per IP I have my forums set up so that they must contact me first as I have had fellow family members with the same IP want to register. They get flagged if they have the same IP right now on my forums.

The thing is, what you are suggesting will ONLY work if ALL spammers are alike. Sadly they are not.

Even though instant ban would only happen if a new member is from China or Russia (I have had a valid one from China before) at least what your suggesting is not terribly bad. Just think it needs more research.

There are spammers that use programs to spam (what we know as spam bots) and there are spammers that use templates (or formats as they call them) to know what to put where without even going to the forums and just letting their spam programs visit through proxies. Actually no anti-spam method is fail proof. Spammers will use hijacked email accounts or quickly generated ones or ones like mail.com where you can even choose your own domain (it is disturbing how they can register as @accountant.com or @doctor.com and have no affiliation with the sites called accountant.com or doctor.com) and go through proxies so you can't pinpoint their IP neither. Then there area REAL members who will use alternate emails as they have heard the horror stories of spammers getting their email off forums and then spamming them. Take for example Earthlink email. You can make an email that ends in @mypacks.net which is great because that way spammers don't get your real email address and just send to that one. But that email address at mypacks (is Earthlink but ends in mypacks) will commonly be blocked on forums by people who do not realize that email address is very rarely (if ever) abused since it is a paid ISP email account). There are also spammers that their whole job is just to attempt to register but not follow through just so they can record the format of how the registration form looks. Then that gets passed on to other spammers who fill it out without reading it (they don't need to know your language that way).  If one thing I would like to see in all forums would be a feature where the order of things would constantly change so that spammers would no longer be able to depend on .. name first.. password, .. email ..  and so on.

That is why I like the Stop Spammer plugin that checks current black list called Stop Forum Spam. You click on the magnified glass and can check the black list and if there has been no bad activity within the last few months it will say something like:

"No activity seen from this IP in approx 4 months"

Cypdevil, do you feel that your forums are getting hit with an unusual amount of spammers? Spammers are attracted to a few things when it comes to forums:

Forums that allow guests to see profiles (because then spammers know when they register that any links they put in their profile will be seen by search engines .. at least that is how they think).

Forums that have email addresses are showing up visibly (because there are a type of spammer out there called Email Harvesters that record all email addresses they can find to add to lists to sell to others spammers to spam those email addresses). On my forums even members cannot see the email addresses! Only admins can!

Forums that are not on top of spam or hosted on a site that has security holes such as sites that have a weak email form on it (SMF forums have a good one .. I am talking about something I noticed years ago on my site outside of the forums that I have fixed since) or poor scripted image uploader or old version of Copermine installed.

Sorry I am not knocking your ideas. Just letting you know that innocent people would be caught by those triggers you suggested as well and that there is a lot more to spammers that just annoying Russians..

snoopy_virtual

@cypdevil I was going to answer you with something very similar to what Angie have already said, so I won't repeat it.

I will only add that anyway I think the idea is interesting. I will think about it more in the future.

@Angie KidneyKorner If you don't mind I am going to bookmark your post for future references. For example, when I finally find some time to write the tutorial for this mod, it will save me a lot of time if I quote some parts of this post instead of writing them myself.

QuoteThat is why I like the Stop Spammer plugin that checks current black list called Stop Forum Spam. You click on the magnified glass and can check the black list and if there has been no bad activity within the last few months it will say something like:

"No activity seen from this IP in approx 4 months"

That's something I have already in my TODO list to add it in future versions in a more automated way.

The way it is just now, the mod check if a spammer is in the SFS (Stop Forum Spam) DB at registration time looking only at the username, IP and/or email, but it never looks into the "amount of days since last bad activity" (if you want to do that you need to do it manually as you explained).

The way I'm planing will be something like:

The email is in SFS DB => 99% sure it's a spammer => Go to approval and let the admin decide.

IP in SFS DB AND the last bad activity was just a few days ago => 99% sure it's a spammer => Go to approval and let the admin decide.

IP in SFS DB BUT the last bad activity was ages ago => almost sure it's NOT a spammer => Let the guy register but tell the admin to keep an eye just in case.

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

Angie on Dialysis

Quote from: snoopy_virtual on January 03, 2011, 10:07:20 AM

@Angie KidneyKorner If you don't mind I am going to bookmark your post for future references. For example, when I finally find some time to write the tutorial for this mod, it will save me a lot of time if I quote some parts of this post instead of writing them myself.

QuoteThat is why I like the Stop Spammer plugin that checks current black list called Stop Forum Spam. You click on the magnified glass and can check the black list and if there has been no bad activity within the last few months it will say something like:
"No activity seen from this IP in approx 4 months"

That's something I have already in my TODO list to add it in future versions in a more automated way.

The way it is just now, the mod check if a spammer is in the SFS (Stop Forum Spam) DB at registration time looking only at the username, IP and/or email, but it never looks into the "amount of days since last bad activity" (if you want to do that you need to do it manually as you explained).

The way I'm planing will be something like:

The email is in SFS DB => 99% sure it's a spammer => Go to approval and let the admin decide.

IP in SFS DB AND the last bad activity was just a few days ago => 99% sure it's a spammer => Go to approval and let the admin decide.

IP in SFS DB BUT the last bad activity was ages ago => almost sure it's NOT a spammer => Let the guy register but tell the admin to keep an eye just in case.

Sounds good! I know many people are like my fiance who just checks to see if they are red and goes by that. Most aren't like me and actually investigate but if any doubt just deny. I actually like to let them in a special section that only their member group can see (suspicious) and let them post and see if they spam or not and if they spam I add the data to blacklists I have API keys at. Most can't be bother to investigate but just want their forums clean. So I think the ideas you have are great and will improve this mod greatly!

Yeah you can quote me. :)

Another thing I noticed is it only checks on registration and if it is a new spammer (not blacklisted yet in Stop Forum Spam) then it will show up as blue.  I check manually anyway when they are blue and sometimes they are red by that time and I am glad I checked. ;)

plugger

Hi,

I'm the friend who Angie spoke of.  I went to the Stop Forum Spam site and got a new API key as instructed, uninstalled and reinstalled the SFS software as instructed - spammers are still getting blocked the same way: either I've got their IPs blocked or the SFS software checks the database and blocks them if it finds them there.  For me, I might actually prefer that, unless the SFS software is blocking people with common names spammers might also use, as Angie pointed out to me.  Otherwise if somebody is being blocked in error I guess I figure they can contact me through the website.

But let me say this has been one great mod!  It has saved me a lot of headaches.

Chris
hxxp:www.dialysisethics2.org/ [nonactive]

GJSchaller

Something I ran into this morning - a Human / Manual Spammer made a post that I needed to remove.  Before I could whack the Spam account, I needed to report the account, delete the account, and then delete the post - three separate actions.

The ability to simply mark a post as Spam and, in one shot: A) Report the spammer, B) Disable or Delete the account, and C) Delete the post, would be great.  It would consolidate several steps into one, making it a lot less work (and a lot less frustrating) to deal with spammers and spam comments.

The other thought that came to mind is that when removing accounts using the Stop Spammer control panel, it should ask (or let you set an option) to delete that user's posts, too.  This way, if a Spammer makes several posts, you can whack them all at once when removing the account, rather than hunting them down manually.

Thank you!
Geoffrey J. Schaller
Knight Realms - Technical Officer
http://www.knightrealms.com/

impreza

Good modification, thank you
Portal ToTemat.pl - treści w postaci artykułów i filmów tematycznych.

snoopy_virtual

@Angie KidneyKorner

I suppose you don't have mod httpBL. If you had it you wouldn't have so many spammers registering.

@plugger

I wouldn't recommend you to check usernames. A lot of normal names are already inside the DB, so it's not really worth it. I have been even thinking on deleting completely that option.

@GJSchaller

2 really nice suggestion. Added to the TODO list.

@tomeh

You are welcome.

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

plugger

Quote from: snoopy_virtual on January 03, 2011, 08:00:56 PM


@plugger

I wouldn't recommend you to check usernames. A lot of normal names are already inside the DB, so it's not really worth it. I have been even thinking on deleting completely that option.


Actually, I'm not sure what I'm checking right now.  I reinstalled the SFS software and I can see from the error log the SFS database is being checked and spammers are being stopped, but I'm not sure what is being checked to stop them.  I'm looking through the settings of the forum software but so far haven't found anything where I could change the settings.

snoopy_virtual

Go to Admin => Members => Registration => Settings => Scroll down and you will find the Stop Spammer settings.

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

plugger

Ok, I see it now!  I've got the username option box unchecked.  Should be good!

Thanks again for all your help!  (Eyes aren't what they used to be)

Love this anti-spam software!  Felt like a cockroach infestation on our old forums at times.

Squash

Just wanted to say thank you for a wonderful anti spam add-on. Awesome

snoopy_virtual


El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

tm82

Great mod, thanks snoopy for the continued development! 

I've noticed since about 12 hours ago, every check results in "yellow" icons.  I went to the stopforumspam.com [nofollow] site, requested, received, and set my own "API Key", but still same results.  Anyone else noticing this?

snoopy_virtual

It's strange. I had to check today a few members I had no errors. Maybe the server was down just when you were checking.

Are you still getting yellow icons?

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

tm82

Quote from: snoopy_virtual on January 04, 2011, 08:22:10 PM
It's strange. I had to check today a few members I had no errors. Maybe the server was down just when you were checking.

Are you still getting yellow icons?

Yes, just check at time of this posting.  Anything I should ask of my ISP?

busterone

It sounds like your host may not be allowing the connection to the SFS website. I would check that first.

I have been running checks sporadically for about the last 5 hours with no issues.

Advertisement: