mas spamadoras *sigh*

Anything R'n'D unrelated.

Moderators: Flumminator, Zomis

User avatar
Davacardo
Posts: 89
Joined: Sun Jul 22, 2007 10:36 am
Location: Australia

Post by Davacardo »

Holger wrote:We'll always have to try to be quicker and more clever than the spammers... :-/
Times like this I wish I could delete posts or something so I could help.
Maybe a filter could be implemented that blocks explicit language?
User avatar
Holger
Site Admin
Posts: 4073
Joined: Fri Jun 18, 2004 4:13 pm
Location: Germany
Contact:

Post by Holger »

> Times like this I wish I could delete posts or something so I could help.

I have written a little shell/SQL script that automatically wipes out all posts of a given user, so it's very easy now to mass-delete posts by smap users. (No idea why this isn't already in phpBB, like a checkbox "[x] delete all posts by this user" when deleting a user account.)

> Maybe a filter could be implemented that blocks explicit language?

There is such a thing in phpBB, but it only changes pre-defined explicit words into more harmless words. I thought this is useless, therefore I (mis)used it for the well-known level sketch feature in this forum. ;-)

But it wouldn't help against explicit images and links to the advertised sites.

As I'm quite convinced that we have to do with manual spammers here, I finally activated the "account activation" feature in phpBB, which requires each new registered user account to be activated by the forum administrator before the new user can post into the forum. I do not like this, as new users cannot instantly post with this configuration setting, but it should finally help here.

If the spammers have lost interest of this forum, I might configure it back to the previous, less restrictive (but more spam-friendly) setting...

If we still get spam now, then there must be a security problem with the latest version of phpBB2. In this case, I might be forced to consider upgrading to phpBB3 (which I don't want to do, because I then would have to port at least the level sketch stuff to phpBB3, too, and maybe also the KittenAuth stuff).

Let's see what happens the next few days. (At least the spammers brought some life (well, sort of) into this currently very quiet forum... ;-) ;-) )
User avatar
Holger
Site Admin
Posts: 4073
Joined: Fri Jun 18, 2004 4:13 pm
Location: Germany
Contact:

Post by Holger »

> If we still get spam now, then there must be a security problem with the
> latest version of phpBB2.

Just got a "New user account" activation request mail for a user called "Gladys_Mensercdbc" (a name that fits perfectly into the scheme of past spam users here), together with a Google mail account that looks similarily "throw-away mailbox" style than those of the previous spam user accounts.

Very good. This means that there's no security hole where the spammers got through, but they used the usual registration page. As I'm 99,9% sure that there is no spam bot specifically tailored for the R'n'D KittenAuth system, these were all manual spammers (at least for creating the accounts, while probably not for posting the spam posts).

Just deleted that user. If the spammers have enough time to waste to read this, they will probably continue with a new naming scheme. If they do, I will be forced to contact them by mail before activating their account (to try to see if it's a spammer or not), which means that they would have to answer mails in their throw-away mail accounts. I doubt that they would do that.

Hope that these ugly folks will give up on this forum now... ;-D
Daniel H.
Posts: 535
Joined: Sun Apr 02, 2006 7:13 pm
Location: USA

Post by Daniel H. »

Holger wrote:I have written a little shell/SQL script that automatically wipes out all posts of a given user, so it's very easy now to mass-delete posts by smap users. (No idea why this isn't already in phpBB, like a checkbox "[x] delete all posts by this user" when deleting a user account.)
FYI-- when deleting a user in phpBB3, you get an option of "Retain posts" or "Delete posts." (But that would require an upgrade...)
The H. World levelset can be downloaded from http://www.bd-fans.com/RnD.html -- search The H. World on that page.
User avatar
Holger
Site Admin
Posts: 4073
Joined: Fri Jun 18, 2004 4:13 pm
Location: Germany
Contact:

Post by Holger »

> FYI-- when deleting a user in phpBB3, you get an option of "Retain posts"
> or "Delete posts." (But that would require an upgrade...)

Very useful! Just wondered why this wasn't already in phpBB2...

Yes, an upgrade to phpBB3 would make it even easier then (but would also require porting the level sketch and KittenAuth features to phpBB3, so I want to stay with phpBB2 for now). For now, the spam users cannot register and start posting immediately anyway...

Just deleted another two newly registered spam users -- if they keep on registering, it might indeed be possible that they register automatically, despite of KittenAuth, which I still can't imagine. Again, I'm curious what might happen...
User avatar
Davacardo
Posts: 89
Joined: Sun Jul 22, 2007 10:36 am
Location: Australia

Post by Davacardo »

Holger wrote:Just deleted another two newly registered spam users -- if they keep on registering, it might indeed be possible that they register automatically, despite of KittenAuth, which I still can't imagine. Again, I'm curious what might happen...
Score one for the anti-spammers! Let them know that we will not have their spam in this forum.
User avatar
Sascha
Posts: 348
Joined: Fri May 12, 2006 6:17 pm
Location: Germany
Contact:

Post by Sascha »

*sigh* If there were just no spammers life would be a lot easier...
Image
User avatar
RTADash
Posts: 180
Joined: Sun May 27, 2007 11:33 am
Location: USA (Ohio)

Post by RTADash »

Sascha wrote:*sigh* If there were just no spammers life would be a lot easier...
Cheers to that :)
Those who can't learn will teach; those who can't teach will learn.
User avatar
RTADash
Posts: 180
Joined: Sun May 27, 2007 11:33 am
Location: USA (Ohio)

Post by RTADash »

Ahh, it warms my heart to see that the spammers can't post even after they register manually - Holger definitely made a good move there! :D
Those who can't learn will teach; those who can't teach will learn.
User avatar
Grunt002
Posts: 148
Joined: Fri Jun 18, 2004 8:35 pm
Location: Canada, eh?

Post by Grunt002 »

I was just wondering the other day (actually a minute ago), are there ever new users registering regularly?
If not, would a manual account activation by an admin work out here?
User avatar
Holger
Site Admin
Posts: 4073
Joined: Fri Jun 18, 2004 4:13 pm
Location: Germany
Contact:

Post by Holger »

> I was just wondering the other day (actually a minute ago), are there ever
> new users registering regularly?

Yes!

> If not, would a manual account activation by an admin work out here?

That's what we're doing here -- spammers are deleted (and can't post anymore even if they registered), and normal, new users are activated.

It may be possible that the forum will be opened again for registering without admin activation in the future -- I have tracked down the patterns that the spammers use. I better don't tell it publicly here what I did exactly, but as you may have noticed, there are practically no new spam registrations in the forum anymore, because I am able now to detect the spam registrations by typical patterns they use and not let them register at all (but instead send out a mail to me to inform me of that failed spam registration attempt).

Those manual spammers try to register around once per hour, regardless if it fails or not! And there are indeed indications that they are human beings and not a spam bot -- apparently there are "human spam farms" with people solving captchas to register spam users in forums and other web services. No joke! :-o

Unless they change their "pattern" I use to detect them (they probably *will* some day), there won't be many new spam users here for now. Let's see how long it lasts... ;-) :-/
Post Reply