News:

Join the Facebook Fan Page.

Main Menu

Stop Spammer

Started by M-DVD, December 31, 2008, 07:31:43 AM

Previous topic - Next topic

snoopy_virtual

Quote from: lc62003 on February 20, 2010, 12:08:41 AM
You can already turn off/on 'check username'.   ;)

I don't think That's what Robert is saying.

Note this:

Quote from: Robert A. Rosenberg on February 19, 2010, 11:15:58 PM
...
My fix is to add a field to the flags that highlight the name, email address, and IPN entries that says for THAT Field of an entry to ignore the match.
...
Note that this is NOT referencing the global switch to not check a filed for ALL users but just a setting in the user's entry to say to ignore the field.
...

It could be done (complicated but possible) but I don't think it will be practical.

You are saying:

Quote from: Robert A. Rosenberg on February 19, 2010, 11:15:58 PM
...
not flag him again until there is an actual match on the email and/or IPN.
...

OK, but how can I tell the program to check again that user every now and then to see if the email or the IP are changing from good to bad?

Just now the program only check users automatically when they try to register. They are not checked again unless you do it manually. To change that I will need to change almost all the way the program works.

The more practical solution I can see, taking into consideration every suggestion and my experience using the program in a lot of different forums for almost 2 years now is this:

I have set-up in all the forums a special group of members called "Suspicious".

Every user I put manually in that group have very few options available.

For star, doesn't matter the settings for the rest of the Member-groups, the people of the group "Suspicious" cannot see the profile of any other member (as I have done also with the "Visitors" and with the people who haven't publish any post yet).

That way they will never be able to see the email address of anybody else in the forum while they are either "Visitors", "Newbies" or "Suspicious". (To avoid "Harvester" robots).

On top of that, the people on the group "Suspicious" have the limit of posts they can publish and PM they can send set to a maximum of 1 or 2 (depending on the forum).

Apart from publishing one post and send one PM they can do almost nothing else.

In my group of "Newbies" (people who have not publish yet but I don't think they are suspicious) I don't put any limit on that. (Just they cannot see other profiles).

That way, everytime I see people stopped by the mod who I'm not sure if they are legal or not I approve them but put them in the group "Suspicious" manually and send them a PM saying "Welcome here, etc ...".

Once they have published their first post or they have answered my PM, I can tell in a second if they are normal people or spammers and put them where they should be.

Then my idea is to add a few things into the settings page of the mod to do this as automatic as possible.

I will add a question in the settings asking you if you have a group of "Suspicious" members and (if so) which one is. (And if not, suggesting you to do it).

Then the mod, when checking somebody can say (as SiL was suggesting in reply #324):


  • If the 3 things (username, email and IP) are OK => let the guy pass normally
  • If 2 or 3 of them are bad => stop the guy and put him under approval until you decide
  • If only 1 thing is bad =>

    • If it's the email => stop the guy and put him under approval until you decide
    • If it's the username only or the IP only => let the guy pass but put him in the group "Suspicious"

I will need to add too (apart from the list you already have of people "Waiting for approval", etc) another list of "Suspicious guys", so you can have them all together and can check them more often until you decide where they belong.

Still I need to consider some other few things, but just now that's the way I'm planning to do next version.

What do you think about it?

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

butchs

Why not just make a "white list"  (I have seen that mentioned for "bad-behavior").  A simple way may to enter the info in another tab and have the mod exclude the white listed members or IP addresses?
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

snoopy_virtual

Yes, the white list is another idea, but the suspicious members cannot go into the white list.

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

snoopy_virtual


El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

Robert A. Rosenberg

Quote from: snoopy_virtual on February 20, 2010, 09:41:26 AM
Quote from: lc62003 on February 20, 2010, 12:08:41 AM
You can already turn off/on 'check username'.   ;)

I don't think That's what Robert is saying.

Note this:

Quote from: Robert A. Rosenberg on February 19, 2010, 11:15:58 PM
...
My fix is to add a field to the flags that highlight the name, email address, and IPN entries that says for THAT Field of an entry to ignore the match.
...
Note that this is NOT referencing the global switch to not check a filed for ALL users but just a setting in the user's entry to say to ignore the field.
...

It could be done (complicated but possible) but I don't think it will be practical.

You are saying:

Quote from: Robert A. Rosenberg on February 19, 2010, 11:15:58 PM
...
not flag him again until there is an actual match on the email and/or IPN.
...

OK, but how can I tell the program to check again that user every now and then to see if the email or the IP are changing from good to bad?

Just now the program only check users automatically when they try to register. They are not checked again unless you do it manually. To change that I will need to change almost all the way the program works.

As you mentioned, I specifically excluded the use of the Global "Check User" switch since it would affect ALL users not only the one I was talking about. The idea is that when the user registers and gets the false positive, you can set a switch that so that if the user is checked again (see below) the user field was not be checked (or will be assumed to be a non-match). You state "It could be done (complicated but possible) but I don't think it will be practical". I do not see the complexity. You get the results back and at the point where you want to alter the icon, check a flag for that field in the user's record to see if it is set (which would trigger not showing the red icon). I have not looked at the code to see how practical this method would be so I am just raising the issue.

As to your comment about the effort to keep rechecking, I was only thinking of the manual check scenario and was not asking for an automated after the registration recheck (I am aware of how complex and time consuming this type of recheck would be). This would allow manual proactive rechecks of users who were not known spammers at registration and have not yet spammed to your forum but are now known to be rogue (ie: Would be flagged if they were attempting to register now).

Once they spam and thus out themself, you could do a manual check of them and if not on the list, report them. My flag would allow a manual scan of all the users (in batches) to see if anyone is now flagged and proactively remove them if you want before they spam you while ignoring the known invalid match during the rescan. This would allow the administrator on request to revalidate the members just like is suggested when you first activate the mod to find those spammers who registered on your board before activation of the mod.

Robert A. Rosenberg

Quote from: snoopy_virtual on February 20, 2010, 12:52:58 PM
Anyway, I never liked "white" or "black" lists too much.

Better explained here:

http://www.snoopyvirtualstudio.com/trankos/portal/index.php?option=com_smf&Itemid=36&topic=297.msg1230#msg1230

One other reason that you did not mention (but only alluded to) for not permanently banning an IPN is that it might belong to a public computer (or a proxy) which services multiple users. If a spammer went to their local library or Internet Cafe (either wired or open WiFi) and spammed from there, the IPN associated with that connection would be banned. Black Lists can be too granular to handle this type of situation (they are predicated on every IPN being statically assigned or mass banning all IPNs  that are assigned via DHCP).

snoopy_virtual

@Robert A. Rosenberg

OK, I think I understand now exactly what you mean.

Yes, it's a good idea and I will take it into consideration in the next version.

Anyway when I said it's complicated I was thinking in doing it all automatically.

The way you are actually saying is still complicated but not so much.

===============

One thing I will never understand is why somebody would want to register in a forum and not say a word.

These people always look suspicious to me.

I can understand somebody coming to my forum with a problem, talk about it, get it sorted and then maybe he never says a word for 3 years. Only lawyers and politicians talk when they have nothing to say. But registering in a forum and never say a word at all. What for?

===============

Quote from: Robert A. Rosenberg on February 20, 2010, 01:26:22 PM
...
One other reason that you did not mention (but only alluded to) for not permanently banning an IPN is that it might belong to a public computer (or a proxy)
...

Agree.

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

Wizzlefits

Having a brain freeze today trying explain this, so please see the attached image for a couple suggestions.
Thanks!

Robert A. Rosenberg

Quote from: snoopy_virtual on February 20, 2010, 01:37:18 PM
@Robert A. Rosenberg

OK, I think I understand now exactly what you mean.

Yes, it's a good idea and I will take it into consideration in the next version.

Anyway when I said it's complicated I was thinking in doing it all automatically.

The way you are actually saying is still complicated but not so much.

===============

One thing I will never understand is why somebody would want to register in a forum and not say a word.

These people always look suspicious to me.

I can understand somebody coming to my forum with a problem, talk about it, get it sorted and then maybe he never says a word for 3 years. Only lawyers and politicians talk when they have nothing to say. But registering in a forum and never say a word at all. What for?

===============

Quote from: Robert A. Rosenberg on February 20, 2010, 01:26:22 PM
...
One other reason that you did not mention (but only alluded to) for not permanently banning an IPN is that it might belong to a public computer (or a proxy)
...

Agree.

The register and not talk case would include a forum that requires registration to view (Guest Access restricted). Also, in some cases the user wants to lurk to get the information but has no extra input to add. Not posting is, in my opinion, in-and-of-itself an indication of something suspicious.

I'd be surprised if the majority of users to this forum post to it. In many cases, they are here to see the information and not necessarily to ask questions. I know of a number of boards I am on that are primarily information distribution/reference sites with most of the users viewing/lurking since they do not need/want to offer any input.

snoopy_virtual

Quote from: Wizzlefits on February 20, 2010, 01:58:41 PM
Having a brain freeze today trying explain this, so please see the attached image for a couple suggestions.
Thanks!

Is that a mod you already have installed or did you do it playing with the picture?

That's more or less what I had in mind, but if it's already done would save me lots of hours.

And if you did it playing with the picture congrats and thanks. It helps me to clarify my ideas and I can use it as a point to start from.

Quote from: Robert A. Rosenberg on February 20, 2010, 03:21:58 PM
...
The register and not talk case would include a forum that requires registration to view (Guest Access restricted). Also, in some cases the user wants to lurk to get the information but has no extra input to add. Not posting is, in my opinion, in-and-of-itself an indication of something suspicious.

I'd be surprised if the majority of users to this forum post to it. In many cases, they are here to see the information and not necessarily to ask questions. I know of a number of boards I am on that are primarily information distribution/reference sites with most of the users viewing/lurking since they do not need/want to offer any input.
...

Of course that is an exception, and it's the only case I can understand somebody registering and not talking.

I was talking about forums like mine, where everybody can see al the info and you need to register only if you have a computer problem and want to ask for help.


Quote from: snoopy_virtual on February 20, 2010, 01:37:18 PM
Quote from: Robert A. Rosenberg on February 20, 2010, 01:26:22 PM
...
One other reason that you did not mention (but only alluded to) for not permanently banning an IPN is that it might belong to a public computer (or a proxy)
...

Agree.

Thinking again about this, I don't agree.

All the spammers we get now-a-days in our forums are robots, not humans, and robots don't use cybers.

Unless of course, one of the computers in the cyber is infected with a trojan and part of a botnet.

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

Wizzlefits

Quote
Is that a mod you already have installed or did you do it playing with the picture?

That's more or less what I had in mind, but if it's already done would save me lots of hours.

And if you did it playing with the picture congrats and thanks. It helps me to clarify my ideas and I can use it as a point to start from.

Just played with the html. I WISH I could code like that!

It just seems a bit more logical to be able to move members from one group to another in batches rather than having to do it one by one.
And making the Admin exempt from any kind of action, checking-reporting etc., will prevent the accidental listing of the owners IP as a spammer. Like I did!  :-[

snoopy_virtual

The admin is exempt from long time ago.

You accidentally reported your IP using this mod?

When was that? What version were you using?

Apart from that, Have you seen what I did with CrawlTrack? Check new posts in my forum.

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

Wizzlefits

It wasn't the "admin" account but a test account with the same ip as the admin which got the ip listed as bad & the test account deactivated. Not to mention the chewing I got from my wife, who was using it at the time and was promptly booted off the site. (That was funny)

kizer

Looks like http://www.stopforumspam.com is down today. Caught my first spammer today. Of course the site didn't connect so I couldn't do it automatically, but I did a search for the users name and sure enough I found the user talking gibborish on a few other sites and in his signature hes pimping his site.
Own a Jeep? Links4Jeeps.com

kizer

I have a question and I apologize if its already been asked.

I had a member join today and it said "waiting approval". I clicked on his name and the site it was checking against appeared to be down. I looked at his email address and its a known email site and from my experience I've not had any spam from it.

My choices where delete, Activiate and email, Activate.

Does this system bypass the activation via email so they have to click on the URL to perform the email validation? If so I personally do not like that because it removes one step that I belive should be performed. I'm hoping my approval is only the step before the email and verification.
Own a Jeep? Links4Jeeps.com

snoopy_virtual

Quote from: kizer on February 23, 2010, 01:06:22 PM
Looks like http://www.stopforumspam.com is down today. Caught my first spammer today. Of course the site didn't connect so I couldn't do it automatically, but I did a search for the users name and sure enough I found the user talking gibborish on a few other sites and in his signature hes pimping his site.

That's strange, I have seen their site OK all day.

I caught 3 spammers automatically today and even needed to enter their site a few times and I had no problem.

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

snoopy_virtual

Quote from: kizer on February 23, 2010, 01:14:47 PM
I have a question and I apologize if its already been asked.

I had a member join today and it said "waiting approval". I clicked on his name and the site it was checking against appeared to be down. I looked at his email address and its a known email site and from my experience I've not had any spam from it.

My choices where delete, Activiate and email, Activate.

Does this system bypass the activation via email so they have to click on the URL to perform the email validation? If so I personally do not like that because it removes one step that I belive should be performed. I'm hoping my approval is only the step before the email and verification.

I have in most of my forums the email validation option. Only in a couple of them I let them enter without validating their email.

If you have this email validation option as well, when normal users (not in the spammers database) try to register, they need to validate their email, so the forum sends them a validation email, but if the mod finds the email address in the spammers database there is no need to do that.

Why would you want to send an email to a known spammer?

They are robots. They don't read emails. The only thing they are going to get from the email is the email address it's coming from (sometimes if you are not careful that's the admin email address) to add it to their own DB and send spam later to that address.

So, it doesn't matter if you ask the rest of your users to validate your email. The mod take this known spammer and put it in the approval list until you delete it without sending it any email at all.

With the email, if the mod find it in the spammers DB, there is no problem and everybody here agree with that (as far as I know).

The problem is if the mod finds either the IP or the username in the DB. That's what we have been talking about in this post a lot of times and still we are not very sure what to do. (See previous answers)

Just now, the mod takes the safest option. Put them in the approval list as well and let you decide what to do with them.

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

kizer

Quote from: snoopy_virtual on February 23, 2010, 01:15:34 PM
Quote from: kizer on February 23, 2010, 01:06:22 PM
Looks like http://www.stopforumspam.com is down today. Caught my first spammer today. Of course the site didn't connect so I couldn't do it automatically, but I did a search for the users name and sure enough I found the user talking gibborish on a few other sites and in his signature hes pimping his site.

I caught 3 spammers automatically today and even needed to enter their site a few times and I had no problem.

This is what I'm getting when I try to access their site.

Forbidden
You don't have permission to access / on this server.

Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.


--------------------------------------------------------------------------------

Apache/2 Server at www.stopforumspam.com Port 80

Wow, this is odd. My work email account is giving me a Forbidden 500 error message, but I just tried it on my phone and it seems to work. I wonder if somehow it doesn't like my work connection.

My biggest fear was when I asked you about the email problem was I thought their server was done and it wasn't checking. I had two members that it was asking me to approve.
1) was highlighted in red on all three checks and I figured it would of automatically did away with him.
2) was all white and I approved, but I'm guessing it was because the member hadn't verified their own account yet via email. Now I feel really silly.  :o

Its a really cool mod and I guess I just need to get used to it
Own a Jeep? Links4Jeeps.com

snoopy_virtual

BTW, I just checked the options I have when somebody is "Waiting for approval" and mine are different than yours.

I got these options:

- Approve
- Approve and send email
- Approve and Require Activation
- Reject
- Reject and send email

So when the mod stops somebody and I'm sure is a spammer I choose "Reject" but if I think is a legal user I choose "Approve and Require Activation".

I don't understand why you only get 3 options.

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

smartdeviceresource

Host must have it blocked cause it opens fine for me
after some thought, i've learned to be humble and leave the answering to the experts, until i too am an expert.  sorry to anyone who I've confused, with my answers

Advertisement: