Forum spam

Prince of Persia related subjects that do not have their own boards.

Moderator: English Moderator Team

Post Reply
User avatar
Norbert
The Prince of Persia
The Prince of Persia
Posts: 3139
Joined: April 9th, 2009, 10:58 pm
Contact:

Forum spam

Post by Norbert » October 6th, 2017, 8:24 pm

pamipexray1979 wrote:
October 6th, 2017, 8:12 pm
I believe that to answer it well, your question will require more time
and effort than the average amount of time and effort associated with
this price. Here is a link to guidelines about pricing your question,
in the pricing guide
This is, of course, spam again.
Unless you ban these by IP address, they'll keep coming.
Maybe make signing up more difficult?

David
The Prince of Persia
The Prince of Persia
Posts: 1496
Joined: December 11th, 2008, 9:48 pm
Location: Hungary

Re: Forum spam

Post by David » October 7th, 2017, 12:50 pm

(I moved the spam post to the Trash and Norbert's post to this new topic.)
Norbert wrote:
October 6th, 2017, 8:24 pm
Unless you ban these by IP address, they'll keep coming.
The problem with banning by IP address is that each account uses a different IP address.
Even the first octets are different. (45 vs. 144 vs. 117)
The only common thing among the last few spammer accounts (pamipexray1979, kshuasha1979, sampriti2013) is their naming scheme,
and that the whois results of their IP addresses mention West Bengal.
Norbert wrote:
October 6th, 2017, 8:24 pm
Maybe make signing up more difficult?
Maybe.
With the current rate of one spam post per month, it's not really urgent.

Looks like the current "Who originally created Prince of Persia?" question is too easy for some bots.
Then again, maybe humans are registering the accounts? Or humans help the bots with such questions?

User avatar
Norbert
The Prince of Persia
The Prince of Persia
Posts: 3139
Joined: April 9th, 2009, 10:58 pm
Contact:

Re: Forum spam

Post by Norbert » October 7th, 2017, 6:14 pm

Most likely humans help such bots (related). Assuming the spammers have a finite number of IP addresses, maybe this forum becomes a less interesting target if they see IP addresses are being banned. The increase of spam might be temporary; it's not the first time spam's an issue (related; "legion of spambots").

David
The Prince of Persia
The Prince of Persia
Posts: 1496
Joined: December 11th, 2008, 9:48 pm
Location: Hungary

Re: Forum spam

Post by David » October 14th, 2017, 9:11 am

Norbert wrote:
October 7th, 2017, 6:14 pm
Assuming the spammers have a finite number of IP addresses, maybe this forum becomes a less interesting target if they see IP addresses are being banned.
The question is, do they see that their IP address is banned? They register a new account from a new IP address for every post.
They might also be using dynamic IP addresses, which means that other people might end up using an IP address that we banned earlier.

David
The Prince of Persia
The Prince of Persia
Posts: 1496
Joined: December 11th, 2008, 9:48 pm
Location: Hungary

Re: Forum spam

Post by David » October 14th, 2017, 11:03 am

It looks like it's also possible to ban by hostname.
http://forum.princed.org/mcp.php?i=mcp_ban&mode=ip wrote:To specify several different IPs or hostnames enter each on a new line. To specify a range of IP addresses separate the start and end with a hyphen (-), to specify a wildcard use “*”.
I tried to ban node-*-*-*-*.alliancebroadband.in because the IP addresses of the recent spammers resolved to such hostnames.
(The asterisked part contains the IP address.)
But the forum says "No IP addresses or hostnames defined". What does this mean?

I also tried to ban *.alliancebroadband.in, but I get the same error message.

Maybe asterisks can be used only in IP addresses?

Anyway, it seems phpBB recommends against banning by IP address or domains: https://www.phpbb.com/community/viewtop ... &t=1861645
They list some more anti-spam techniques here: https://www.phpbb.com/community/viewtop ... &t=2122696
Their first recommendation is using obscure questions, but as you wrote, it's not perfect...

User avatar
Norbert
The Prince of Persia
The Prince of Persia
Posts: 3139
Joined: April 9th, 2009, 10:58 pm
Contact:

Re: Forum spam

Post by Norbert » October 16th, 2017, 9:09 pm

These auto-created user accounts have spam in their signatures. If these users are merely banned and their posts removed, the profile page ("memberlist.php?mode=viewprofile") still shows the spam (ex, ex, ex). Perhaps the bots that auto-create user accounts do not verify if member pages are publicly accessible. (They are not on this forum.) This could mean that, as long as the user accounts exist, these bots think their actions were successful. Therefore I think spammers should not only be blocked by IP, email address and hostname. Their accounts, including all posts attached to them, should also be removed. My personal experience has been that when these bots arrived, and as long as I consistently removed all auto-created user accounts, it didn't take long for them to leave the forum alone. Just some thoughts. Maybe they would've also left without my intervention.

David
The Prince of Persia
The Prince of Persia
Posts: 1496
Joined: December 11th, 2008, 9:48 pm
Location: Hungary

Re: Forum spam

Post by David » October 21st, 2017, 11:17 am

Norbert wrote:
October 16th, 2017, 9:09 pm
Therefore I think spammers should not only be blocked by IP, email address and hostname. Their accounts, including all posts attached to them, should also be removed.
How do I do that? Can moderators even do that, or only admins?

EDIT: By the way, it seems that the user profile page does not show whether the user is banned.
The PoPUW forum had a separate "rank" for this, called "I have been permanently banned". :)

David
The Prince of Persia
The Prince of Persia
Posts: 1496
Joined: December 11th, 2008, 9:48 pm
Location: Hungary

Re: Forum spam

Post by David » October 29th, 2017, 4:42 pm

Norbert wrote:
October 16th, 2017, 9:09 pm
These auto-created user accounts have spam in their signatures.
I guess this user is also a spammer: memberlist.php?mode=viewprofile&u=2593

Falcury
Wise Scribe
Wise Scribe
Posts: 326
Joined: June 25th, 2009, 10:01 pm

Re: Forum spam

Post by Falcury » October 31st, 2017, 1:02 am

Here's another one, again with the same naming scheme and similar content:
viewtopic.php?f=114&p=22161#p22161

Hm, do the bans still remain in place, if the associated accounts are entirely removed?
I would guess so, because the admin control player has separate lists with all of the banned usernames, email addresses and IP addresses.

I replaced the Q&A at user signup (Q: Who originally created Prince of Persia?) with reCaptcha, maybe that will hold them off for a while.

User avatar
Norbert
The Prince of Persia
The Prince of Persia
Posts: 3139
Joined: April 9th, 2009, 10:58 pm
Contact:

Re: Forum spam

Post by Norbert » October 31st, 2017, 8:43 pm

Falcury wrote:
October 31st, 2017, 1:02 am
I replaced the Q&A at user signup [...] with reCaptcha, maybe that will hold them off for a while.
Nice. Let's hope so.

User avatar
Norbert
The Prince of Persia
The Prince of Persia
Posts: 3139
Joined: April 9th, 2009, 10:58 pm
Contact:

Re: Forum spam

Post by Norbert » November 8th, 2017, 12:03 pm

David wrote:
October 29th, 2017, 4:42 pm
Norbert wrote:
October 16th, 2017, 9:09 pm
These auto-created user accounts have spam in their signatures.
I guess this user is also a spammer: memberlist.php?mode=viewprofile&u=2593
Yes.
And I think this recent user is too.
They appear to look for a thread they feel they can easily comment on and then later their signature is changed (probably by a bot).
It also means reCAPTCHA isn't working, because actual humans do some of the spam work (the challenge–response and making a single post).
One solution I've used is to make the verification question a text that says they need to email and explain why they want to join.
And then if the explanation is sufficient, give them the impossible-to-guess response they can use to register.
That way the registration processes might be too much of a hassle for most of the spammers.

Falcury
Wise Scribe
Wise Scribe
Posts: 326
Joined: June 25th, 2009, 10:01 pm

Re: Forum spam

Post by Falcury » November 13th, 2017, 11:58 pm

Norbert wrote:
November 8th, 2017, 12:03 pm
And I think this recent user is too.
They appear to look for a thread they feel they can easily comment on and then later their signature is changed (probably by a bot).
It also means reCAPTCHA isn't working, because actual humans do some of the spam work (the challenge–response and making a single post).
One solution I've used is to make the verification question a text that says they need to email and explain why they want to join.
And then if the explanation is sufficient, give them the impossible-to-guess response they can use to register.
That way the registration processes might be too much of a hassle for most of the spammers.
The domain of that user's e-mail address also appears 27 times in the database of a website that tracks forum spammers...

Yes, we could certainly have new users send an e-mail if they want to sign up. Maybe there is no way around it, if the recent surge in spamming activity does not stop. Of course, that has the disadvantage that non-spammers might also find it too much of a hassle to join. And of course I as the current admin would have to approve new users without too much delay, which I would prefer not to have to do if (it isn't necessary).

Maybe there are still other things that we could try.
This extension looks promising:
https://www.phpbb.com/customise/db/exte ... orum_spam/

From the description of the extension:
Extension will query the stop forum spam database on registration and posting (for guests only) and deny the post and or registration to go through if found.
  • Will log an entry in the ACP if so set.
  • Extension sends usernames, emails and IP addresses to a third party server. Via HTTP when adding and via HTTPS when querying (email is hashed upon querying).
  • Works with the Contact Admin Extension to disallow those trying to use the Contact Admin extension to submit.
  • Ability to report a users post to Stop Forum Spam database with API key from within viewing a topic (admins and mods only). Can't report mods or admins.
Might be worth a try.

I'll also start deleting the spammers' accounts like Norbert suggested, if that's okay with everyone.

Post Reply