Jump to content

Spam Defense being bypassed by spam bots


Morgin

Recommended Posts

IPS is looking into this for me (currently with level 3 tech) but I wanted to canvass the community to see if this happens to anyone else. 

Situation is this:

spam defense set such that a new account that gets flagged as a 3 is subject to admin approval. 

New account registers. Spam defense assigns a 3 rating. IP is Korea, username is gibberish, looks to be a spam bot  

What is presumably a bot account takes some action (in my case they changed their e-mail address to the same address they used at sign up) to generate an email asking them to approve the email change. 

They approve the change. 

Somehow, without an admin approving their account per the spam defense requirements, they are now able to post (and spam my community). 

If any of you have been dealing with spam bots, can you please check the member history for the accounts in admincp and see what rating gets assigned by spam defense. I’m trying to figure out how these bots are getting through when they are flagged for admin approval. 

If any of you have seen this, can you file a ticket so IPS can review and have more data to perhaps assist in tracking down what’s happening. 

Thanks!

tagging @Chris027 and @PasXal as I know you both had Asian spam bot problems. 

Link to comment
Share on other sites

21 minutes ago, Morgin said:

IPS is looking into this for me (currently with level 3 tech) but I wanted to canvass the community to see if this happens to anyone else. 

Situstion is this:

spam defense set such that a new account that gets flagged as a 3 is subject to admin approval. 

New account registers. Spam defense assigns a 3 rating. IP is Korea, username is gibberish, looks to be a spam bot  

What is presumably a bot account takes some action (in my case they changed their e-mail address to the same address they used at sign up) to generate an email asking them to approve the email change. 

They approve the change. 

Somehow, without an admin approving their account per the spam defense requirements, they are now able to post (and spam my community). 

If any of you have been dealing with spam bots, can you please check the member history for the accounts in admincp and see what rating gets assigned by spam defense. I’m trying to figure out how these bots are getting through when they are flagged for admin approval. 

If any of you have seen this, can you file a ticket so IPS can review and have more data to perhaps assist in tracking down what’s happening. 

Thanks!

tagging @Chris027 and @PasXal as I know you both had Asian spam bot problems. 

So far I see a bunch of Spam Score 1 when I look back through the members banned for spamming. 

I've noticed a number of them who changed their email addresses in the past. Would the email change be listed on the side of the user account in admincp (see screenshot)?

 

686914606_ScreenShot2018-11-14at2_01_48PM.thumb.png.9ecfcb8bc46e054d6de80da9dec59ea8.png

Link to comment
Share on other sites

1 hour ago, Chris027 said:

So far I see a bunch of Spam Score 1 when I look back through the members banned for spamming. 

I've noticed a number of them who changed their email addresses in the past. Would the email change be listed on the side of the user account in admincp (see screenshot)?

 

686914606_ScreenShot2018-11-14at2_01_48PM.thumb.png.9ecfcb8bc46e054d6de80da9dec59ea8.png

It should be, yes. 

Link to comment
Share on other sites

4 hours ago, bfarber said:

score 1 basically means they weren't identified as a spammer

So notwithstanding what I described above being a bug which will be fixed in next release, is there any chance you guys will revisit how the spam defense assigns scores?

I have a ridiculous number of Korea based spam bots hitting my community who score a 1. I report them, but with everything being so easy to spoof these days, I assume it’s not as simple to determine who is likely a spammer as it used to be. 

Is there anything being looked at to combat the spam bots? The software used to be pretty immune to them but they seem to have gotten smarter. Obviously the ones scoring 3/4 and still being able to post shouldn’t happen (and it’ll be fixed so no issues there) but there’s probably 80% who score a 1. 

Recaptcha v3? Some tweaks to what you use to score signups? I’m not the expert but at least from my perspective the spam defense function is pretty much not practically working anymore against this new generation of bots. 

Link to comment
Share on other sites

Well, just a few notes...

  • We are constantly looking at ways to improve detection of spammers and will naturally include more/improved tools over time, and
  • Our spam service is constantly "learning" and growing

Unfortunately, a few times a year it seems that a new "wave" of spammers begin to start sending out spam and it takes time for our (and all) spam detection systems to figure these out. Blocking spammers, much like blocking ads, will always be a cat and mouse game.

If your site specifically will never legitimately have Korean posts, I do know there's a plugin in the marketplace that outright identifies Korean posts as spam and blocks them. This may be an option for you. It is not an option at our level, as we have clients from all over the world.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...