SPAM ALERT!

Started by MC Marshy, February 05, 2006, 10:44:22 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Anatol

As a side note, the guestbook on my Lemmings page has been getting spammed a ton with messages almost identical to these. Every time I look back at my guestbook, it seems there's about 40 more spams, so it must be a bot of some type. I don't know how to stop it either, besides requiring registration. :-/

tseug

Would changing the address help? The old one could point to a sentence explaining the new address. The bots from this particular website seem vicious though. Of course if someone launched a DDoS attack on the server it would help, but the problem is that that could get you in trouble. ;)

EDIT: A whois lookup shows email is:
domainnameregistration@cassava.net
server IPs are:
64.49.213.233
64.49.213.241

EDIT2: All of the bot's posts contain mangled html (well, just different from this board's format). So maybe it would be possible to block posts that contain that stuff?

ccexplore

Quote from: tseug link=1139136262/15#16 date=1139181396EDIT2: All of the bot's posts contain mangled html (well, just different from this board's format). So maybe it would be possible to block posts that contain that stuff?
That has been on my thoughts all along, to disable posts containing common HTML tags (eg. <a href...></a>, <img> etc.).  That way it would at least force the bot to be more YaBBC-tags aware, which I think should cut down on the likelihood of getting these posts.

MC Marshy

Spambots should be destroyed!

Lomay

Quote from: MC Marshy link=1139136262/15#18 date=1139222103Spambots should be destroyed!
yeah!

Andi

Quote from: tseug link=1139136262/0#13 date=1139165486Andi it would help if you posted more IPs.
Another one: 202.71.106.121
Anyway, what to do now? Shall I disable guestposting or do you want to collect more IPs to erm... do something with them? ^^

@Anatol: I'm sorry for you. What GB do you use? Propably it has an anti-flood feature.

MC Marshy

I think guestposting should be disabled on this forum. That could stop spambots.

Anatol

My guestbook is a project called Openbook. I found it on Sourceforge, but the project page seems to have died long ago. So there are guestbooks out there that help prevent this sort of thing? Where can I find them?

MC Marshy

Anatol, all that spam on your website on the guestbook is awful. Couldn't you make it log the I.P address of the person who posts on your guestbook?

It's been done 100 times in a row or so  :o

JM

I just looked at the guestbook. Somebody must do something about this. I guess it was spambots that spammed all over Garjen's forum.

MC Marshy

I'm sure spambots are doing that elsewhere. All forums need to have people register before they can post.

tseug

The IPs seem utterly random. So I guess you should make something filter out that kind of html. The bot itself has no way of knowing what happens to what it sends because it is sending from a different IP. It might ping the server before sending, I don't know if you have any way to find out.

EDIT: Or you could just look for anything sent from either of the sever IPs.

ccexplore

Quote from: MC Marshy link=1139136262/15#25 date=1139259271I'm sure spambots are doing that elsewhere. All forums need to have people register before they can post.
This makes it difficult for people who simply wants to ask for Game Help or Technical Questions, it would be a hassle to expect random people to have to register just to do that.

Though certain other parts of the forum may conceivably be registered-only. &#A0;I would rather not though. &#A0;Especially keep in mind also that if the bot is truly YaBB2 aware, registration is unlikely to stop a bot from creating new accounts to SPAM. &#A0;After all, currently there isn't even an e-mail verification for registering new accounts here, much less the CAPCHA-type verification found on, say, Yahoo account registeration. &#A0;Thus I think the HTML filtering approach combine with IP-address blocking would be best. &#A0;The miniscule amount of SPAM here is hardly that big a deal when you consider the dozens (possibly even hundreds) of SPAM that goes into your e-mail inbox (though nowadays e-mail filters do a good job) daily.

MC Marshy

Quote from: ccexplore (not logged in)(Guest) link=1139136262/15#27 date=1139277329This makes it difficult for people who simply wants to ask for Game Help or Technical Questions, it would be a hassle to expect random people to have to register just to do that.

Though certain other parts of the forum may conceivably be registered-only.  I would rather not though.  Especially keep in mind also that if the bot is truly YaBB2 aware, registration is unlikely to stop a bot from creating new accounts to SPAM.  After all, currently there isn't even an e-mail verification for registering new accounts here, much less the CAPCHA-type verification found on, say, Yahoo account registeration.  Thus I think the HTML filtering approach combine with IP-address blocking would be best.  The miniscule amount of SPAM here is hardly that big a deal when you consider the dozens (possibly even hundreds) of SPAM that goes into your e-mail inbox (though nowadays e-mail filters do a good job) daily.[/color]

I don't get much spam in my e-mail inbox. If the bot registered for a username so it could spam we could easily ban it from the forum for 10 years. Some people who just want help who are guests may want to come back for more help or to have a look around the forum and find interesting things. If I find the e-mail address of the spambot then I'll give it lots of spam.

ccexplore

Quote from: MC Marshy link=1139136262/15#28 date=1139310200If the bot registered for a username so it could spam we could easily ban it from the forum for 10 years.
You don't get it at all.  The point is right now registration is so easy on this board, a YaBB-aware bot can automate it and register a new username for every piece of spam it wants to post.

QuoteSome people who just want help who are guests may want to come back for more help or to have a look around the forum and find interesting things.
Statistically speaking I'm not sure that's the case when it comes to the Game Help and especially the Technical Help forums.

QuoteIf I find the e-mail address of the spambot then I'll give it lots of spam.
That's what tseug proposed essentially (except what tseug said would actually work) when he talked about the DDoS attack.

Incidentally, even if you do somehow get hold of a real e-mail address of a spammer and spam him, I'd think spammers are the people with the least negative reaction to spam.  After all, they make their living off it. ::)