Xrunner's Spam Xperiment

Started by xrunner, April 08, 2013, 05:42:17 PM

Previous topic - Next topic

xrunner

I have not had spammers in a very long time, neither posting or registering, and I want to investigate if I am actually stopping them or if I am not even being attacked. I am going to use my forum as a guinea pig.

I have none of the more complex anti-spam mods installed. All I have now is this puzzle -

notCaptcha

I have one verification question -

You can't post ANYTHING or use your account until an Admin approves your account based on spam databases and heuristic screening criteria - you will not be registered until this approval is complete - if you still wish to apply enter "notspammer" without the quotes in the box


I also have the standard visual verification but I'll leave it up since I think it's agreed it doesn't stop spammers.

I have attached two screen shots, the first one is with my anti-spam measures, and the second without. My forum is now set up in the second state. I will leave it in the second state until I go to bed at which time I'll go back to my anti-spam measures. During the day when I can observe I will turn them off again.

We will see what we will see. It will hopefully be interesting to observe.

darkknight89

Good luck with your experiment.  I have every anti-spam measure I can think of and it seemed like it was completely ridding the issue until yesterday when a spammer got through.
Free Computer Help For All
Also visit our shiny, new blog.

xrunner

Interesting - I believe I just caught a fish after only a few minutes -


    Jetelussy

That's a spammer name if I ever saw one.

And this is the website title -

Buy fake french passport online,false canadian passports for sale,fake belgian passport for sell,swistzerland fake id.

Ha! One or more of my measures are working. After months of no spam I got one after a few minutes of no defenses.

Arantor

Which just proves that one or more of your measures are working, but that was probably known to you anyway.

The real test is to do each one individually and see what is nailed by it.

xrunner

Quote from: Arantor on April 08, 2013, 06:09:15 PM
Which just proves that one or more of your measures are working, but that was probably known to you anyway.

The real test is to do each one individually and see what is nailed by it.

Yep. Here's the latest in the last few minutes -

pkusernameg4

That's quite freaky that these bastards are constantly looking at my forum for months just waiting for some means to get in!

I don't think this need to go on much longer. As you said, the next step is to add one more of the measures I had and see what the data says.

Anyone want to suggest which one I add back first.  :)

Arantor

QuoteThat's quite freaky that these bastards are constantly looking at my forum for months just waiting for some means to get in!

It's not really freaky. It's a sign that your forum is popular enough to be noticed by one or more of the automated spam lists.

I'd be inclined to add back notCaptcha first. I already have suspicions as to what it will tell you but I don't want to influence it unnecessarily ;)

xrunner

Quote from: Arantor on April 08, 2013, 06:15:36 PM
QuoteThat's quite freaky that these bastards are constantly looking at my forum for months just waiting for some means to get in!

It's not really freaky. It's a sign that your forum is popular enough to be noticed by one or more of the automated spam lists.

Yay! Uh, I mean, not-yay.

Quote
I'd be inclined to add back notCaptcha first. I already have suspicions as to what it will tell you but I don't want to influence it unnecessarily ;)

Let me see how many more join in the next hour for a good data point, then I will add back the notCaptcha first.

darkknight89

xrunner, do you mind if I steal your security "question" for my own registration page?  I want to do a little test of my own with it.
Free Computer Help For All
Also visit our shiny, new blog.

xrunner

Quote from: darkknight89 on April 08, 2013, 07:36:28 PM
xrunner, do you mind if I steal your security "question" for my own registration page?  I want to do a little test of my own with it.

Be my guest!  :)

xrunner

List of spammers since defenses down - they do not post, they add email, MSN messenger, ICQ, Website, and an ad in the signature all as I rembered they did.

Jetelussy
pkusernameg4
kxcjxcrcys
cypeacini
BiommaJoida    
traders
JOCELYN ALFILER  <-- never had an all-caps spammer before


Some spam website tiltes from above -

which is better avapro or diovan  Savannah

Buy fake french passport online,false canadian passports for sale,fake belgian passport for sell,swistzerland fake id.

OK, I'm satisfied. After many months of no spammers, I get 7 in a few hours after I removed the verification question and notCaptcha. One or both were stopping all my spam very effectively.

Now we'll narrow it down. As Arantor suggested I'm re-installing notCaptcha but NOT using the verification question. Now we'll see what happens.

darkknight89

I use one of the anti-spam mods that will catch spammers if their details are in a database and then staff is notified about the ones it catches and I had a spammer trying to register ever couple minutes but since putting your security question on my registration about 40 minutes or so ago I haven't had any.  Amazing.  I think I'm going to keep that on there and see what happens since I had a few spammers slip through the cracks the last couple days.
Free Computer Help For All
Also visit our shiny, new blog.

xrunner

Quote from: darkknight89 on April 08, 2013, 08:17:31 PM
I use one of the anti-spam mods that will catch spammers if their details are in a database and then staff is notified about the ones it catches and I had a spammer trying to register ever couple minutes but since putting your security question on my registration about 40 minutes or so ago I haven't had any.  Amazing.  I think I'm going to keep that on there and see what happens since I had a few spammers slip through the cracks the last couple days.

Interesting. What I like to do is collect data. Let's try to see what is actually happening, not what we believe is happening. That's the point of my Xperiment. I'd be very interested in your data also. Thanks for adding to the database.

darkknight89

Sure.  I'll let you know as time goes on if I have any attempted registrations from spammers.  Other than that question, that one mod and the regular captcha (which does absolutely nothing to stop spammers) I don't have any other anti-spam measures.
Free Computer Help For All
Also visit our shiny, new blog.

xrunner

List of spammers since notCaptcha operating without the verification question -

francespkh
#asicsvb6g
Aliiz
AleweralEmowl

In a very short time I see that notCaptcha did not stop the spammers. It's very obvious.

I will next go to the verification question without notCaptcha tomorrow. For now, I will go back to both of them overnight.

Arantor

* Arantor was expecting this to be your result.

xrunner

Quote from: Arantor on April 08, 2013, 09:52:23 PM
* Arantor was expecting this to be your result.

I believe I know why but can you explain for the audience so they will understand. Tomorrow I will only use the verification question.

Arantor

It's really simple: CAPTCHAs suck. Most of them have long since been broken. As soon as they get widespread, it's increasingly worth the bot authors' time to write a solver for it.

After a fashion, the CAPTCHA just stops being a meaningful deterrent against bots and just holds up legitimate users.

darkknight89

I haven't gotten any spammers yet since implementing your security question, xrunner.
Free Computer Help For All
Also visit our shiny, new blog.

xrunner

Quote from: darkknight89 on April 08, 2013, 10:06:08 PM
I haven't gotten any spammers yet since implementing your security question, xrunner.

Fascinating.  :)


Kindred

I will once again point out that it is not the words in that question which stop them... It is the phrasing which makes it difficult for the automatic parsers to figure out what to respond.
The spammers do not read the question and don't care what it says except for the fact that they can not auto answer it.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Advertisement: