gee_fin Posted March 2, 2007 Posted March 2, 2007 Constant battle against this type of thing. Review the logs, see if they're coming in as a type of agent. If they are, you can block that agent in the .htacess /access rules. If they've got a bot to auto register then I'm impressed. Shows what you're up against! The IP blocking route is of course available, but half the time they're spoofed IPs which need a bit of tracing (ie. go back to the original reg emails and track down their locations/ranges with dnstuff.com). I get a rogue about once a quarter on my classifieds site, I try to be pretty on it from a security side but it's a constant battle as a host. Essentially - - block range of IPs from countries known to spam/spoof (e.g. most of middle Africa, Taiwan, Phillipines, Russia), while this might not be a practical option for the WSCC it is one to bear in mind. - block all known nasty agents (e.g. email scrapers/reapers, pornbots, auto scripts, etc.). - run mod_security rules (updated) to stop any hacks/injections. - keep a manual eye on things - this one as, has just been shown, being the final and ultimate defence. Anyhows, think that's the first one to come through the WSCC firewall as such so well done for getting this far without any more and *thumbsup* for stamping it out quickly! Just have a look at Yahoo Groups to see how prevalent it is and how determined they are.... Quote
Buzz Billsberry Posted March 2, 2007 Posted March 2, 2007 All the same the quality of the pictures were good tho! Buzz Quote
Liam Posted March 2, 2007 Posted March 2, 2007 All the same the quality of the pictures were good tho! Buzz Ah. Always succinct Buzz Quote
V8grunt Posted March 2, 2007 Posted March 2, 2007 I tend to be on here everyday...and yet missed all the posts... A bit like when I was at school and Jordan was giving everyone a lesson in human anatomy... and I was in detention. Quote
perksy Posted March 3, 2007 Posted March 3, 2007 They're back in the Newbies section Lads (2 posts) Quote
perksy Posted March 3, 2007 Posted March 3, 2007 Sorted That was Almost as Quick as a VX Well Done Lads Quote
perksy Posted March 3, 2007 Posted March 3, 2007 Haven't We got any contacts who can pay these Dickheads a 'Visit' Quote
Barry Ashcroft Posted March 3, 2007 Posted March 3, 2007 Another has just registered gonna be along night Quote
ChrisG Posted March 3, 2007 Posted March 3, 2007 I registered so long ago now that I can't remember, but when signing up to the WSCC does it send out an auto email that needs opening by the applicant then asking them to click on a link for verification of the e-mail address, like a lot of other forums do? If not, is this how they are able to automate the joining process then post this crap? Maybe putting in email verification would stop it if its possible with this forum software? Quote
adhawkins Posted March 3, 2007 Posted March 3, 2007 I registered so long ago now that I can't remember, but when signing up to the WSCC does it send out an auto email that needs opening by the applicant then asking them to click on a link for verification of the e-mail address, like a lot of other forums do? It does. It would be relatively trivial to have a program listening for this e-mail and automatically clicking on the link however. Andy Quote
Al Yupright Posted March 3, 2007 Posted March 3, 2007 Its why a lot of forums etc have a picture of some jumbled up letters with patterned background etc and then ask you to type in what is displayed. The aim is to stop bots from registering. Quote
ChrisG Posted March 3, 2007 Posted March 3, 2007 Yup, that would be the next step to take if email verification isn't working Quote
Boomy Posted March 3, 2007 Posted March 3, 2007 Like i said, me no expert..but here are a few things others posted on another forum i use about such things. It may be of some use... ---------------------- "As Ive discovered from helping admin vjforums, theres some dodgy software called xrumer that can automatically target vbulletin based boards with spam, I dont know how new this is or how many programs like it there are, but we've seen a big increase in bot spam on vjforums this year and more each month it seems. Banning certain email addresses helps, it seems to be able to get past the email-verification stuff somehow, if we come up with a complete solution to preventing it at vjforums then I'll let u have it so you can put it on here, if spam starts to become a real problm" --------------------------------- "I updated my ban filters last week with this lot, and haven't had any bots since, so it's a place to start *@inmail24.com *@mail.ru *@kors4all.com *@topmeds20.org *@cashette.com *@ukr.net *@web.de *@itpromote.info *@gala.net" -------------------------------- "the forum is set up now to autodelete any account that is not verified by clicking the old email link within 7 days. Bit vicious I know but it does go some way to keeping the crap out" -------------------------------- "From what i can find this new generation only seems to post once, maybe twice and then seems to view its own posts repeatedly, however the other thing i have noticed them doing is actively viewing user profiles and attempting to pm or email/icq/msn users from their profiles due to the clickable links." -------------------------------- So more than likely trying to farm e-mails from forums for scammers? Thats pretty much what i reckon, most of them tend to originate from Yahoo Slurp or digging a bit deeper have IP's pertaining to the Russian Business Network. We certainly havent had anything malicious from it, but some of the users did report and increase in spam email to the accounts they had listed on the forum, it wasnt a coincidence either that the sort of spam was pretty much the same sort of spam that was posted on the forum (mainly pharmaceutical links). Those that were bothered just removed their clickable links from their profile One thing that was strange and probably a built in counter to stop the spam bot receiving spam mail, was that whenever it listed an email to reply to (normally Gmail) it always used a comma instead of the dot at the end of the address ( gmail,com) That just gave some of them a bit of fun when we edited the link back to a dot and then let the users sign the spam bots up for some spam of their own ----------------------------- Quote
ACW Posted March 3, 2007 Posted March 3, 2007 Its why a lot of forums etc have a picture of some jumbled up letters with patterned background etc and then ask you to type in what is displayed. The aim is to stop bots from registering. Wot like a HRI(Human Readable Image). I added this to our registration this morning. AS said we do require a valid email address as the account has to be activated. Thats why were having to block email domains where free email addresses can be obtained without validation of the users identity. Unfortuanately this also blocks some valid users who are using these email domains. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.