Why do bots register?

[Cache-man]

After the recent CAPTCHA implementation in 1.1RC3, I'm curious to know (as I'm sure are others) why exactly do bots register on our forums?

Also:
What can the bots gain from registering on our sites?
How can we spot a bot registration?
What are the dangers/risks of bots registering?
And what else  (other than the current, slightly difficult to read CAPTCHA implementation) can we do to prevent them?

I look forward to learning more on this topic.

[J. Williams]

They register so they can cluster up forums, some bots can even make a problem with an unknown IP

1. They don't gain anything but the ability to spam forums
2. Some register with silly names, or even a normal first + last name as a USERNAME.
3. Spam, It can take things further to such things as DDOS
4. Disable guest posting, and make it so the user or you has to activate the selected account

[tinatoth]

They register so they can cluster up forums, some bots can even make a problem with an unknown IP

1. They don't gain anything but the ability to spam forums
2. Some register with silly names, or even a normal first + last name as a USERNAME.
3. Spam, It can take things further to such things as DDOS
4. Disable guest posting, and make it so the user or you has to activate the selected account

I have CAPTCHA installed and email registration activation, and we still get spam. I'm guessing they might even register the account manually, and then use a bot to spam the forum, cos they sent some obscene PM to everyone in the forum the other day.

Right now I'm trying to disable complete newbies from making new threads and sending PMs but I'm having problems achieving that kind of permission setting... :/

[Lazybones]

The developer of the CAPTCHA mod for older versions has stated that the CAPTCHA is week and can be broken by some of the new bots, it is however possible that a human is starting off the accounts.. Not much you can do about that unless they are using the same domain or IP all the time, then you can just use a ban trigger.

The RC3 CAPTCHA system is probably TOO hard, as many humans are having trouble reading it.. Things like this can be hard to balance.

[StrangerWithin]

Slightly off topic I know but has anyone else been plagued by pharmaceutical spammers of late? They all seem to be registering with an @gaweb email addy

[Cache-man]

Not personally had any issues with any spam, although my board is still fairly small, and if anything like that did happen, some of my members would alert me, and i'd quickly arrange a warning/banning/IP blacklisting!

[Lazybones]

Slightly off topic I know but has anyone else been plagued by pharmaceutical spammers of late? They all seem to be registering with an @gaweb email addy

I had a stream of those.. Just go into the ban options and ad a trigger rule to block people from registering with email addresses from that domain..

I also blocked .ru and .de domains in the email filter as it is unlikely a human would register in my forum from such an address, and if they wanted to register they could use Gmail or something else.

[squirrelof09]

Slightly off topic I know but has anyone else been plagued by pharmaceutical spammers of late? They all seem to be registering with an @gaweb email addy

YES, several of our forums have been registered with that name e-mail altely.

IP banning does NOT work.

They also use other e-mails.

[Cache-man]

In fact, looking at my member list, I found a couple of gaweb members, and a cashette one, and another suspicious looking one. As follows:

NeroASERCH       NeroASERCH           [email protected]          066.246.218.004
A.G.                    A.G.                     [email protected]           64.121.74.57
Fegasderty         Fegasderty       [email protected]       66.246.218.4
casino7779         casino7779       [email protected]      83.149.236.106

I see the 2 gaweb ones use the same IP (I think).
The cashette one, is obviosly some dodgy casino, and I'm thinking the A.G. one may be a bot.
None of these have actually made any posts though.

What should I actually do with these bogus members. Should I just delet their accounts, and try banning the IP's and e-mail domains.
I still don't want to implement the CAPTCHA yet, until it is ledgible to actual humans.

[StrangerWithin]

Just got up and took a look at our board, had two incidents of porn spam and three members awaiting activation all with suspect user names. Needless to say they were all rejected

@ Cache-man.

You can bin NeroASERCH for deffinate. He got banned from ours the other day for spamming Phentermine

[Cache-man]

@ Cache-man.

You can bin NeroASERCH for deffinate. He got banned from ours the other day for spamming Phentermine

What should I actually do with these bogus members. Should I just delet their accounts, and try banning the IP's and e-mail domains.

[StrangerWithin]

Banning IP's imo should be the last resort unless the same IP comes up time and time again. You risk blocking legitimate members by banning IP's. Its a job to know what to do for the best sometimes. Gor a start i'd just ban the username and email addy but I'm sure others will have a different approach.

[Lazybones]

Delete the known bot accounts.

Ban the email address or domain for email registration if they are all coming from the same domain. At least humans can work around that option

If you are going to ban an IP use a rule that expires as IPs get reused all the time.

[opally]

If your board is of little interest to users outside a certain geographical area, you can feel pretty safe by doing IP tracking, find out the range of IP addresses assigned by that hosting company, and ban the IP range or sub-range offered by that company. Actually, that is pretty effective. Your IP address is the most accurate indicator of who you are. Of course it can be exploited, if the hacker is using zombie machines in other locations, which is not that rare, sadly.

I really like SMF's IP tracking and banning tools, they are most excellent. I experience great satisfaction by gazing upon my error logs, which show how many banned addresses have tried to access my forum. This procedure has definitely cut down on intrusions, but you must be vigilant.

Email address is the easiest thing to spoof, but @gawab and @cashette have both been banned on my forum. Both are from foreign ISPs, and, really, my board is of low interest to anyone outside the US. So I'm not nervous about doing mass bannings, especially all those naughty hackers in Russia, you know who you are!

You *can* restrict number of personal messages sent out by a user, but this code snippet, which works in 1.0.7 and 1.0.8 (there's an example of it in another forum) is pretty heavy handed.

You can also edit Themes/default/languages/InstantMessage.english.php so that the personal message does not contain the message content; it refers the user to the board. That way, you might be able to manually delete offensive messages from the database before most users get to read them.