• Welcome to Simple Machines Community Forum. Please login or sign up.

Stop Spammer

Started by M-DVD, December 31, 2008, 07:31:43 AM

Previous topic - Next topic

snoopy_virtual

Quote from: allainsim45 on November 19, 2010, 07:01:17 PM
This code do not make useless all the options of package, it just allows to dissuade the majority of the real spammers to register, if a not spammer is blocked by this code with a dynamic  ip, he can always try with another ip.

I'm sorry but that code won't dissuade any spammers at all. Most spammers nowadays are robots, and they are not dissuade one way or another. If they cannot register one way they just keep trying. They do not get tired of trying.

If a none spammer with a dynamic IP is blocked by your code, 99% of the cases they won't know how to try again with another IP.

Quote from: allainsim45 on November 19, 2010, 07:01:17 PM
This code is just proposed here because it uses the line " require_once(sourcedir. ' / Subs-Package.php '); ", it can interest some administrators having a little work less.

The line " require_once(sourcedir. ' / Subs-Package.php '); " is already inside the mod, but in its proper place.

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

mrtoner

So, I installed this mod to stop the occasional spam (1 a day for the last 75 days since upgrading from YaBB). I was amazed to find out that my forum was being hit so hard by spammers/bots: I had about 2700 members Awaiting Activation and, after checking the remaining members through stopforumspam.com, I had about another 4500 members that were moved to Awaiting Approval.

Of those 7200+ "members," only about 60 were not added in the last 75 days. Whoah!

I've already got 70+ in Awaiting Approval again. I think I can reduce the number there by changing my CAPTCHA setting from Medium to High (I've already tried that and it appears to work), but the resulting image is so difficult to read that I'm afraid that will discourage legitimate registrations. (I know *I* have trouble reading it.) Is there any additional way to reduce the number of spam registrations?

snoopy_virtual

@mrtoner

Be careful with the usernames.

It's better if you enter Admin => Members => Registration => Settings go down to the Mod Stop Spammer settings and un-check the checkbox "Check their username:"

If somebody have the IP or the email address in the spammers database you can be more or less sure they are spammers, but if it's only the username most likely they are not spammers at all.

For more info about this, search this thread for the "false positive" issue. We have talked a lot about it here.

Quote from: mrtoner on November 24, 2010, 10:38:00 AM
I think I can reduce the number there by changing my CAPTCHA setting from Medium to High (I've already tried that and it appears to work), but the resulting image is so difficult to read that I'm afraid that will discourage legitimate registrations. (I know *I* have trouble reading it.) Is there any additional way to reduce the number of spam registrations?

My personal experience is that captchas don't stop spammers at all. Modern robots can pass even the more sophisticated captchas.

In all my forums I have these security programs installed:


You can see more info reading this:

http://www.simplemachines.org/community/index.php?topic=283309.msg2824757#msg2824757

And the answers following that one.

And also reading this:

http://www.snoopyvirtualstudio.com/tutoriales/index.php?estudio=httpBL_2

Just now I have 7 forums and the last time a spammer could get inside one of them was 2 months ago. And the last time a hacker managed to enter one of my servers was 2 years ago.

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

mrtoner

Yes, some of the spammers the mod found were false positives: my own admin@ account was flagged! I'll take your suggestions and report back if I have any other questions. Thanks!

Eudemon

has anyone experienced the mod blocking normal members?
i have it on for one week and it says it blocked 1.4k spammers
altho some spammers still gone through the check and i have to manually report them
since i put it on, my site's online members immediately down like 65%
i have checked some blocked members, great, they are spammers
but just a little worry

busterone

I have not had that issue myself. I have never let the mod check usernames either though. I only let it check email and ip.  I also ran it against my entire member base only once, immediately after I installed it. I found about a dozen "sleeper" spammers and eliminated them, but since then, it is only used at registration.  I see no reason to continually check existing members myself. If you are checking your already existing members and have the username check activated, it is possible that it is flagging some false positives.

Eudemon

November 29, 2010, 11:24:17 PM #906 Last Edit: November 29, 2010, 11:28:04 PM by Eudemon369
i didn't say any of my normal member got blocked, just kinda worry if it does
for examples, what if someone's ip got hacked, or got false reported for some reason, u never know
i do have the username check disabled
and i only ran an entire member base check once, when i first had this mod installed

there isn't any big issue i had with the mod, just wondering
thx for ur reply

busterone

OK, I misunderstood.   :)
There is always a small chance of false positives, but very small chance. That is why the mod will not totally block a registration if only one property is found, but places into admin approval. You can then look for yourself and make a decision if it is a real spammer or not. In the event that both email and ip are flagged, it is almost certainly a spammer.
I am sure there may be a few that have been falsely reported, but I suspect that number is extremely low.

snoopy_virtual

If it's only the IP in the spammers database (but not the email nor the username) there is always a possibility (as Eudemon369 said) that it's been hijacked and it belongs to a "zombie" computer.

I haven't seen this issue a lot, but I have seen it.

What I did was to create a group of members in my forums called "suspicious". The permissions for this group are very restrictive. They can publish only once. They can send only one PM. They cannot see other members details, etc.

So if I see somebody caught by the mod and I am not sure if it's a spammer or not, I approve them (but inside that group) and send them a welcome PM.

As soon as they answer my PM or publish their first (and only) post, I can see if I need to move them to a normal group or to the rubbish bin.  ;)

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

Eudemon

thx for sharing ur solution/idea

what i did is i made a no-limit board, that visitors don't need account to make thread
the board name is "can't register?"

snoopy_virtual

Nice idea too.

I have added it to my TODO list, to put it in the tutorial "Tips and tricks" section, whenever I have time to finish it.  ;)

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

Jade Elizabeth

When are you planning to upgrade it for RC4?
Once proud Documentation Writer and Help Squad Leader | Check out my new adult coloring career: Color With Jade/Patreon.

snoopy_virtual

Quote from: Jade Elizabeth on December 01, 2010, 10:01:52 PM
When are you planning to upgrade it for RC4?

I don't know when I will have time to finish the next version I am doing, but the mod is already compatible with RC4 doing just the small manual edit busterone explained on the 3rd of November.

Quote from: busterone on November 19, 2010, 07:51:12 AM
See this post that is on the previous page
http://www.simplemachines.org/community/index.php?topic=283309.msg2837547#msg2837547

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

Jade Elizabeth

Danke :D

I didnt see that before :).
Once proud Documentation Writer and Help Squad Leader | Check out my new adult coloring career: Color With Jade/Patreon.

butchs

Hey Snoopy can you put a snippet of your music in the about menu?
:)
I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

snoopy_virtual


El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

żεχเ๏ภ

December 04, 2010, 05:12:21 PM #916 Last Edit: December 04, 2010, 05:28:30 PM by Adjacent
Hello there chums, after receiving the following (attached) error message in Administration > Registration > Settings (when trying to configure this mod), "Your host couldn't make connection with the DB. Try again later. If this error continues see Support Topic and search Known Issues".. I clicked "Known Issues" and was redirected here.

Can anyone please help me out here?  :)

Thanks,
Jason


Edit: Just saw the "Known Issues" bit on the first page. I'm not sure if the fsockopen() function is enabled or not (can't find it in phpinfo). But cURL is enabled, I just installed the cURL mod (here: http://custom.simplemachines.org/mods/index.php?mod=1569 ). I'm still getting that warning. Any thoughts?

butchs

I have been truly inspired by the SUGGESTIONS as I sit on my throne and contemplate the wisdom imposed upon me.

teh_Krall

Silly question, since most spammers are robots wouldn't that mean they have to use a cut & paste function to put text into the registration fields? If that's the case it would 'seem' like catching them could be done through cut and paste detection. Or am I that naive? :)

After years of running this mod all of the sudden we've been getting handfuls of new registrations each day. Stop Spammer is saying they are legit, but when you check out their email logs they are usually numerous with their IPs and user names being clean. I've add the httpBL mod to hopefully combat this problem.

snoopy_virtual

Quote from: teh_Krall on December 04, 2010, 06:05:26 PM
Silly question, since most spammers are robots wouldn't that mean they have to use a cut & paste function to put text into the registration fields? If that's the case it would 'seem' like catching them could be done through cut and paste detection. Or am I that naive? :)

I use a a cut & paste function myself to log into any forum to avoid keyloggers. Got all my usernames and passwords stored in an encrypted program called Keepass, so I don't need to remember them and I can use different (and complicated) passwords for all of them, so if I use that method it would detect me as a robot.

Quote from: teh_Krall on December 04, 2010, 06:05:26 PM
After years of running this mod all of the sudden we've been getting handfuls of new registrations each day. Stop Spammer is saying they are legit, but when you check out their email logs they are usually numerous with their IPs and user names being clean. I've add the httpBL mod to hopefully combat this problem.

Are you using your own API key or the default one?

The default one was disabled a few weeks ago because some people were using it to report legit users as spammers, so everybody using the default API key will see how the mod has stopped working and they will need to ask now for their own API key if they want to continue using it.

I haven't seen any difference at all lately on the amount of spammers in my forums. I use in all of them mod Stop Spammer, mod httpBL and Anti-Spam Verification Questions.

I have seen that just adding a small silly question to the registration form stop normally 99% of the robots from registering.

El verdadero sabio es aquel que lo ve todo, lo estudia todo, lo analiza todo y molesta poco.
A true wise man is he who sees everything, studies everything, analyses everything and hardly ever annoys.

Advertisement: