What happened to the forum? > SPAM

[wesley123]

Is it possible to disable posting for the first 24h or something after registration (assuming all these acounts are new)?

That would be really really simple but I guess that will work.

Anyway I am quite for an Captcha, but then in a modified way, I am quite sure there are sources available for such systems, might just take such one and modify it for your needs, like gridwalker said, using a system that generates it on the fly would be much harder to work around or inject anything in it.

[ESPImperium]

Still happening.

I say suspend new registrations for a day or so till a solution can be thought of.

[Steven]

I'm non-stop online in the next 4 hours. We'll see what happens.
AFAIK all posts have now been removed.

I looked up the IP's, and most of them were seen on many other sites as spambots. It is however the first time I have seen it to such an extent.

The countermeasure in place for registration is a question. There are 3 that rotate, I'll replace them with some new ones.
The CAPTCHA is indeed possible, but was replaced by a question more than a year ago after it was pretty clear the spambots were equipped with ever improving algorithms to decypher the CAPTCHA codes.

Thank you for the support guys!

[Tyler]

For a split second I thought to myself :''wow I know the seasons over but noone's talking about F1 anymore!!!''
Second blonde moment I've had this week - the first one being that I somehow managed to confuse simulators and wind tunnels =D>

[Saribro]

20 bots and 1 guy to fill in some questions/captchas can do a lot of damage.

[blokkie]

I regged specially to comment here.

There are a couple of automated ways to prevent stuff like this to happen besides the captcha and other stuff people suggested here. And as this forum is in php there are some well documented ways to fix this from happening again.

I guess when securing the forum a bit more we want to have the least impact on the users (us ) so captcha and such can be a bit anoying when there are other simpler ways still available

There are 2 most common attacks that I've seen , spambots and x-site scripting.
Sometimes the bots use X-site scripts to spam , but as I don't know how the httpd access logs look to know how the spam happens I'll give ways to fix this as well ;

I'll list them up (first == easiest to implement , last == most difficult)

1) restrict access via .htaccess file in the document root
ref link with example : http://www.spanishseo.org/block-spam-bots-scrapers

2) geoip module , restrict entire country's or ip-ranges from countrys (if spammers come from a few country's this is an easy fix :
ref link http://www.maxmind.com/app/php

3) Depending how the forum is coded , it might be interesting to use DNSBL and writeup a module or extention .
ref link : http://www.dnsbl.info/dnsbl-database-check.php

4) cross-site scripting is the most difficult to fix because php tends to be very flexible. So if the spammers use this kind of exploit the only solution is to check the values of every POST/GET request in the form fields. .. .... indeed a lot of work
ref link: http://en.wikipedia.org/wiki/Cross-site_scripting

[bettonracing]

Sure that will prevent it. I dont see how Tomba has to even search for it when the whole 'active topics' section is flooded with it.

Quite an annoying situation, I would say an fix would be to allow users to search to the homepage with an search engine, but not the forum.

Somebody crap in Your cheerios yesterday?

As users respond to legitimate forum threads the "active topics" will get shuffled away meaning Tomba would likely have to open each forum/ sub forum to get to the spam threads. I was offering a potential shortcut in case Tomba didn't have another way to shortcut the process.

Tomba,
Are there any trends in the IP's used? Identical? Same country?
What about any trends in the registration fields? Time of registration? Names used?
Is there any way to monitor trends and block registrations based on some kind of trend filter?

Food for thought.

Regards,
Kurt

[Steven]

Kurt, your suggestion was much appreciated indeed. However, this time around there was indeed such a high amount of spam that for each spampost I found, I just deleted the useraccount and all its other posts.

It seems most useraccounts registered with email addresses including "bags", "jersey", "shoes", ...

Today I have deleted approx 5 users before they were able to post. One single account managed to post a few times, and that was reported by the time I noticed it.

I hope the worst is over

PS: Spambot questions asked at registration were changed 20 hours ago as well.

[Steven]

Another update.

I've spent numerous hours on these bots (unfortunately) but I added another solution to fight the spam.

Now, upon user activation, username and email are checked for 'spammy' words (stuff like 'shoes', 'bags', ...). If one is found, the user is immediately banned with the message "Banned by spam filter".
People who find this incorrect can of course send a mail, as suggested in the message they will get.

I hope this will help a little...

[wunderkind]

Thank you Tomba for your good work in cleaning up the forum.

[donskar]

The site and forums are well worth minor disturbances. Good work and thank you to all.

[bhall]

I've flagged items as I've seen them. I hope that itself doesn't turn into a sort of spam for moderators to deal with as well.

[Jeffsvilleusa]

Now they are posting in the current threads 4 at a time. This is creepy! Yet somehow I feel compelled to buy Nike shoes... must buy Nikes...

[Neco FEROX]

Peng123.....we don't want your ---

[Lurk]

The guy who create bots should be hanged and burned!


We had a similar spam problem on a forum recently, the admin set a minimum time to fill the registration form. It was pretty effective for us - but we don't use an antispam question, only a captcha. Don't know if it could help here...


Otherwise maybe you can ban users who post several urls in their firsts messages..?