• Welcome to Simple Machines Community Forum. Please login or sign up.
December 09, 2021, 08:45:13 AM

News:

Want to get involved in developing SMF, then why not lend a hand on our github!


Buildinng a spammer army?

Started by khigh, April 08, 2015, 01:47:54 PM

Previous topic - Next topic

khigh

I didn't see a spam or security section so I just punted.

this may not even be unique to SMF, but just to forum administration in general.

I've seen a weird behavior developing lately

I get a new member and they post two posts right away that seem a little out of place but aren't spam. Usually followup posts along the lines of "That is good information. This board so helpful with good posting".

Then a day or two later - same behavior - new member, two weird posts.

Anyone know what the end game on that is?

Thanks for looking.

br360

Some sites have a system in place where the first set amount of posts from new members are moderated; as an attempt to avoid spam. In the ever growing game of smarter spammers, it looks like they are posting a few semi-normal and innocent enough looking posts; and then one day when you think they are "just another interested member", you wake up to hundreds of their intended spam posts overnight.

Have you tried running their IP addresses or emails through stopforumspam or an IP lookup to see if they are listed as spammers?

khigh

I haven't tried that, but I will, thanks.

To date, they always just come in and spam right off the bat or I get several new users from the same ip.

It doesn't seem like proper behavior. I can't say they're breaking any rules per se, but I may just delete the accounts and see what happens.

HDB

I have seen a few of these types of members registering. What I have done is from their member profile I set the "issue a warning" level to the point that any further Posting goes into moderation and must be approved. You do not need to send the warning PM with this action just set the percent of warning to put any further posts they make into moderation and type a reason in the reason filed. From that point they might come back in the middle of the night to post spam links but they will not go public.

khigh

Hey that's a really good idea!

I like that - think that's what I'll do.

I assume when they activate, they ALL activate.

busterone

Another sleeper spammer tactic is to post innocent looking posts, and wait a few days or even weeks, then come back and attempt to edit the original posts with spam links. They hope that the staff will not notice it after time has passed.  An easy way to prevent that is to set a short time limit to allow a user to edit his/her own posts.  I have a 60 minute time limit on mine.

Night09

Dont waste time with them just ban and forget. Also if they are registering are you using registration questions containing a pool of at least 20 questions?

If you dont have registration locked down your going to be peeing in the wind as far as spammers go.

Theres some interesting anti spam posts around the forum with question ideas bots wont guess.

Kindred

don't ban...   seriously... don't ban spammers.

prevent spammers from getting in using the methods described in the FAQ.

Adding tons of bans will slow down your system...
Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.<br /><br />"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Night09

Quote from: Kindred on April 09, 2015, 07:59:14 PM
don't ban...   seriously... don't ban spammers.

prevent spammers from getting in using the methods described in the FAQ.

Adding tons of bans will slow down your system...

True delete them I should have said.

khigh

I don't have a lot of spammers - I mostly delete them and their posts.

I have enough security that it often foils intended registrants. Particularly the one where you have to blank out a field with characters already in it. That's my favorite.

I like the moderation idea because they specifically haven't done anything wrong.


Advertisement: