Help with spam bot

[Lewis P]

But they can enter numbers, how do you think they enter the CAPTCHA Code?

[Tomm]

I get spambots attempting to register everyday but I have done some things that have it under control:

- Turn on the Email validation option

- Set email validation to delete accounts that are unvalidated after 2 days (or whatever time you set, i do 2 days)

- Re-word your registration message to tell registering users that there account will automaticly be deleted after 2 days if there registration email is not replyed too etc.. make sure to ad an email address were legit users can email somebody if there is an issue, just in case.

- Turn off guest posting (this is really a must these days)

- lookup the common email domains of spammers (like @gawab) and at them the ban filter for email addresses, this takes care of most of the heavy ones right away.

This seems to work fine, sure you get a human spammer once in a blue moon but my mods get them fast. Also in the other thread here there is a mod that forbids new users from adding url to there post etc..

[krang]

Since I updated to 2.2 there hasn't been any spambots registering on my board. Good work the new registration code stuff!

I disabled the spamaddresses (some *.ru, gawab and these) and nothing is happening any more. :)

I turned on the normal code to enter on guest-postings. I never had problems with that but I like to have guest postings enabled.

[SactoEric]

I've been discussing this topic, specifically this company, with people on another admin forum... One of their FAQ pages has been changed w/in the last day. It used to have a list of around ten URLs as examples to show how their software can defeat image verification. One of those URLs listed was the Peer1 (their own host) support forum. Peer 1 Network was contacted and the site was taken down w/in 24hrs. They weren't too happy about it...
Unfortunately, their site is back up already and the only IP address I find resolves to APS Telecom. This host has been contacted as well. No response from them yet.

On another note, I've added a few lines to my index.php that looks for the username entered in one of the custom fields, which is common just like "google" being entered into another field. Those registrations aren't allowed & the bot is sent to a blank white page. So far so good...

[SactoEric]

I just got a repsonse to my email to APS Telecom's abuse address... first, here is some info about them so you can contact them as well
URL: http://www.3fn.net
Abuse: abuse@3fn.net
Response from: dmt@0ad.net

Botmaster.net sells a software, it doesnt not do any harm. you can kill a person with a knife but its completely legal to sell them. We dont find

any reason to stop serving this customer dedicated server.

That's a gutsy repsponse from a host considering the possible liability - It can be said that a knife does not have the sole purpose of doing harm. That cannot be said about this software. You would hope that a company would also want to protect their ethics. They don't even seem to care that BM (how appropriate) had their other host (Peer 1) listed as an example of how their software can defeat security measures. So, this host acknowledges and helps facilitate the distribution of this software. Perhaps we should let their other customers know who they're in bed with...

[ASFx]

It's not legal to sell knives to people who have shown intent to stab someone with it, so it shouldn't be illegal to sell spam software to people who show intent to spam.

[dwboston]

I was considering the idea of a spambot blacklist, either publicly or among IPB customers. It would be awfully easy to spoof, though, and could end up wreaking havoc. (Does anything other than havoc ever get wreaked?) Anyway, I googed up this Slashsot discussion from 2002. Bad idea. :(

[SactoEric]

here's some more info someone provided on another forum:

Registrant:

Triple Fiber Network

50 West San Fernando

San Jose, CA 95112

US

+1.8882106539

Fax:+1.8887303812

Domain Name: 3FN.NET

Administrative Contact:

Medvedeva, Ioulia ***********@0ad.net

50 West San Fernando

San Jose, CA 95112

US

+1.8882106539

Fax:+1.8887303812

Google 'Ioulia Medvedeva", and the results are interesting. It's a female Russian name.

Now, let's google 3FN.NET. There was a link to the contact page, which read:

Quote:

Corporate Headquarters of 3FN.NET is located in London, UK where we manage the three affiliated offices: USA, Baltic countries and Russia. We use the offshore personnel for accomplishment of the remote administration's tasks and providing online support and consultations.

More email addresses to contact:

Quote:

noc@3fn.net

sales@3fn.net

support@3fn.net

abuse@3fn.net

Google 3fn.net russia and 3fn.net spam - more interesting results. Spamhuntress also has 3fn.net in her sights; this article is the most interesting.

I assume you all are on a bunch of different admin forums & since one of us can't cover them all, can we put in a collective effort to notify the forums each of us is on & get this information out there. It is, afterall, in every forum owner's best interest....

[ASFx]

It's not legal to sell knives to people who have shown intent to stab someone with it, so

it shouldn't

be illegal to sell spam software to people who show intent to spam.

Opps i made a typo there. I should have said it should

[SactoEric]

Quick update:

3fn.net is tied to Above.Net - uses their datacenter or network (?)
Above.Net has in their policies the following:

(2) AboveNet customers are responsible for ensuring that they, their customers, and their respective agents and contractors abide by this policy. AboveNet’s customers will be held responsible for all traffic either sent via their connection to AboveNet or sent elsewhere using support services provided via their connection to AboveNet. "Support services" includes hosting websites, electronic mailboxes, telephony gateways, IRC servers,

sale of spamming software

or other similar services. Customers are also responsible for ensuring that they do not advertise or promote themselves through UBE/UCE.

I believe Above.Net is contacting 3fn.net as BM is a direct violation of that policy, even if it is a customer of a customer.

Peer 1 already dropped BM, but are somehow linked to 3fn.net & are still looking into the matter... chances are whatever service Peer 1 provides to 3fn.net will be cut off as well...

[SactoEric]

Everyone, please note:

This Hosting Account Has Been Suspended

The hosting account of this domain has been suspended. The possible reasons for suspension of a hosting accounts are

1. The domain owner not paying the hosting fee.

2. The domain is running some unlicensed script.

3. The domain is involved in a spam complaint.

4. The domain is involved with network abuse actvities.

Please contact the support department if you are the owner of this domain.

If you are just a member of this site, please contact the domain owner directly. You can find the owner's contact information at whois.net .

Get Paid Solutions is NOT the owner of this domain and will not answer any questions concerning this site.

:)

[princetontiger]

Anyone have a viable solution? This spam is very bad and custom profile fields do not work. I am now attempting to use numbers instead.

[Justin]

[princetontiger]

I can assure you "no"

I just did something and haven't had the daily botspam.

[Darkside_RG]

Everyone, please note:

:)

:blink: sadly botmaster seems to be back up

[stef]

Ressurrecting an old thread, because it's still pertinent. Don't get bogged down into hassling sites that sell bot software - you're wasting your time (although it might make you feel better).

The way I've been dealing with spam has been "mostly" working.

(I banned most of Asia-pacific which cut about 75% of all the spam I was getting ... but ignore that for the moment.)

I have, and desire, a guest forum. Some people have had difficulty registering, and a forum where guests can post is useful. I don't want to require email verification for everything, because that's very, very easy to fake. It's even easier than captchas. So, I have my guest forum require moderation, so all new posts are invisible until someone approves it or deletes it as spam.

What I want is captcha requirements on all guest posts (or of selected groups). Anyone know if there's a mod, or setting for that? I'm currently running 2.1.7, but could easily run 2.2.1.

[bfarber]

It's built into 2.2.x

[stef]

It's built into 2.2.x

Nice, I just tested it and it looks great.

Now to deal with other skinning issues from that upgrade....

[Garret]

Nice CAPTCHA will resolve all bot problems.

[Guest]

not really, the more advanced bot software can resolve the captcha's, sure it boots some of them but not all...

what really would be interesting is a system like they have on gmail:
- people report a post as spam and at a certain number of reports the post is sent to your spam folder.

of course to implement this into forum software it would require you to have communication with a central server which would need to have communication with your server for each thread posted so not sure how much of a bandwidth requirement we're looking for, the data which needs to be captured is minimal (emailaddress, subject of thread) but multiplied by the number of threads all forums have this would end up being a lot of megabytes per second.

an alternative would be to maintain a bad email-list on a central server which gets updated at regular intervals to your own server, at the moment of registration the person trying to register with an email address gets refused if it's in the list.
At the moment the bad email-list gets updated all posts created with that email-address get deleted.
might be not as good as first solution, but it's more bandwidth friendly.

[Garret]

not really, the more advanced bot software can resolve the captcha's, sure it boots some of them but not all...

Really :) Nice captcha for example http://www.captcha.ru/captcha/ Also we can use some math expression in captcha( http://www.ibresource.ru/screenshots/%5B755%5D1.jpg ), not only numbers/letters, I saw animated captcha for phpBB(and also used this stuff in my mod AdvancedBotDefence), etc.

[wwwdude711]

I had this prob too, but I came up with a good solution. 100% of all SpamBots had the same e-mail (*@ultimatemeasure.info), just by banning it I got ride of all SpamBots forever! (w00t) Hope this'll help you :ph34r:

[Watty]

Spam bots will always be a fact of life. The better the system gets to blocking them, the better the script kiddies will get to bypassing them. All you can hope for is the ability to minimize them. :thumbsup:

[bfarber]

I'm afraid any centralized server options are probably not going to happen - we just don't have the resources to maintain something like that.

[.Ryan]

I'm afraid any centralized server options are probably not going to happen - we just don't have the resources to maintain something like that.

I could imagine, but still I don't want my "server" communication with the "master" server and giving it information. Because then that opens up the whole privacy issue of whats its taking out of the database... and blah blah. <_<

But right now I maintain this file, http://www.ipsbeyond.com/forums/index.php?...mp;showfile=755

Which has a massive list of everything you should ban, I take Spam Bot info off a dummy forum, and it works great. Just enable guest posting and setup a bunch of random forums, and watch the spam trickle in, no security, and then harvest the IPs and I add them to the ban list. ;)