Anyone else seen this spammer called "leefriend1"?

[Bogdan]

I will try that mode. My question is: about the no follow, are you going to change this script http://www.simplemachines.org/community/index.php?topic=200396.0 ?

[DavidCT]

It will not make any post. Googlebot will access the profile and will index the links from his signature. It's  a silent spamer )

Disable viewing of profiles by non-members...

[humbleworld]

Indeed, it could be some sort of forum poster bot being used.

You could try my Are You Human Mod
http://custom.simplemachines.org/mods/index.php?mod=999

I am using Are You Human Mod of Karl. It works perfect.

[DavidCT]

RE: Are you human?

Hmm, you know something?  I bet adding a routine like this on all web pages, setting a server type cookie so it only asks once, would save a ton of bandwidth by eliminating bots   I might have to try that. (making exceptions for google and other friendly bots)

[humbleworld]

There are several mail.ru registrations in a website I know. What is this? The poster did not post anything but it or he registers with an email of [email protected].

[tehtron]

Yes I've had the same guy

He's very stupid. He has the same hostname as you guys have

[Elrond]

This mod may also help then
http://custom.simplemachines.org/mods/index.php?mod=921

This mod may also help then
http://custom.simplemachines.org/mods/index.php?mod=921

Very good mod by the way.

I had the same ****off join a several of the sites I've hosted for people, a few of them being friends' sites. It's really ticked me off. Another thing that seems to be coming up a lot are IP's from Bell Canada host names who are trying to access pages in the following format: (h-t-t-p:/-/host/index.php?page=h-t-t-p:/-/some-spam-or-hacks-or-pron-site--or-page-that-does-not-exist).

I have deleted several different IP ranges in desperation of the problem, but obviously that will inevitably backfire. None of the attempted hacks have been successful at doing anything to the sites, but it is still enough to tick me off. I mean, if those pages are somehow getting listed on search engines, then those search engines will be redirected to the main pages of those sites (this will count as duplicate content won't it?). So far I've not seen any of them appear on Google following any of the domains/sub-domains + index.php?page=*offending string*. None of them were attempted sql injections though there was a php file quoted that apparently attempts to turn off certain features on the target server (like I said the attack doesn't succeed, it just ticks me off).

A mod I have on the site allows admins to track the full address that a guest or member is accessing; so eventhough the action is "unknown" or something like that, it appears next to the "unknown action" as a link, so that it can be analyzed. Server logs show the addresses being shown, but this is a short cut for it, so that we can combat the problem. But the thing is, the only way of combating such problems is ip range bans, which is something that I'm not willing to do. They're all guests (the offending ip's) so they are not particularly harmful.

Example of the links being accessed (that will redirect to the main page because they don't exist):
- h-t-t-p:/-/-host-.com/index.php?page=h-t-t-p:/-/migirlsadaoiwqiseatmeisum.mail333.su/body?;

I put dashes in there so that people can't just click on the last string and get something that might be dangerous. But it is an example of what they do. Script blockers will prevent -most- of those kinds of links from doing any harm though.

[青山 素子]

I had the same ****off join a several of the sites I've hosted for people, a few of them being friends' sites. It's really ticked me off. Another thing that seems to be coming up a lot are IP's from Bell Canada host names who are trying to access pages in the following format: (h-t-t-p:/-/host/index.php?page=h-t-t-p:/-/some-spam-or-hacks-or-pron-site--or-page-that-does-not-exist).

I've seen that on one of the systems at work. Random IPs will hit it and just put those URLs in. It's happened before, but there seems to be some kind of surge going on. At the peak, I was seeing 4 megabits of traffic from this (and loads over 150 before I took evasive action).

What that is is an attempt to spam webstats pages. As many sites do have public access, the spammers can get their URLs into search engines that way. It sucks, but that's the general purpose of those things.

I put dashes in there so that people can't just click on the last string and get something that might be dangerous. But it is an example of what they do. Script blockers will prevent -most- of those kinds of links from doing any harm though.

I generally do hxxp://urlhere/. It keeps the things from auto-linking and is nicer to read. (I actually picked that style up from 4chan.)