Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[roseway]

In recent days the forum has been subject to something of a storm of spammers joining and attempting to post messages. We deal with these nuisances immediately we see them, and delete any spam messages which get through the net. If you do come across one of these messages, please don't give them encouragement by clicking on any links which they include, and we would appreciate it if you advise the moderators in case it's something we haven't spotted.

Many thanks.

[Floydoid]

Will do Eic.

[UncleUB]

Happy to help Eric. 

[scottiesmum]

 I've noticed a few, but they are dealt with so quickly  :clap2:     I haven't had chance to "report" them   ....  I'll continue to keep an eye out   

[kitz]

An update on this, if anyones interested on whats going on. 


The forums stance on SPAM has not changed.

• It will not be tolerated and it will be immediately removed upon Identification.
• Accounts will be banned/deleted. 
• All details of spammers are reported to the Stop Forum Spam database.
  
  

The Problem

Over the past 24 hours we've seen a huge increase in spam attempts. Mods and Admin have deleted/removed/stopped no less than 20 new accounts that have got through the normal filters.  Much of yesterday was spent adding new filters and measures.. and of course the alertness of the mods for the ones that slipped through.

Forum logs indicate that the preventative measures that we have in place has halted an additional 162 attempts in their tracks since yesterday.

Is it just this forum?

Today it has emerged that we are not the only ones, and many other technical forums are also experiencing what has been described elsewhere as a 'tidal wave' of forum spam attacks.

Much of the attacks have come from russia/latvia/ukraine and as a first stage banning IP ranges + blocks from these regions appeared to be having some success.  However, the bots are now getting cleverer and using open proxies on IP ranges 'closer to home' which is meaning more manual intervention from the Admin/Mods.
Apparently several other forums spent yesterday also IP Block banning, and the consensus is that they were playing cat and mouse trying to keep up with it.

Why its Happening

It would appear a new version of XRumer has recently been released.  This program has the ability to automatically:

• Defeat hotmail / gmails CAPTCHAs and create email addresses to be used to sign up for forums
• Defeat Forum CAPTCHAs and sign up a forum account
• Automatically post forum spam
• Ability to make use of Open proxy servers to avoid detection by any anti-spam IP blocks that may be on place in the forums.

What happens next?

SMF (The makers of the software on which this forum runs) is alert to the problem. 
Current suggestions are to mostly do what we have already been doing, and I will be looking around later today on installing some additional mods/hacks to see if these help.

SMF developers are also looking into this to see if they can assist and make an upgrade..  but at the moment this will take investigation into the spammers methods and time to implement code for a new release.

SMF is open source, and suggestions have been made to see if any developers can make mods that would say check the stop forum spam database, but again this would need to be implemented by someone with the time and ability to do so.

[Floydoid]

Ooh er, time to batten down the hatches methinks.

[UncleUB]

    

[Floydoid]

Kitz, is there an option for new memberships to be approved manually by the admins... would create a bit extra work, but might be worth it.

[broadstairs]

Kitz, is there an option for new memberships to be approved manually by the admins... would create a bit extra work, but might be worth it.

Another forum (using SMF) I belong to has just had to do this to prevent spammers getting through easily, so I guess the answer is yes its possible.

[mr_chris]

Kitz, is there an option for new memberships to be approved manually by the admins... would create a bit extra work, but might be worth it.

Yes there is an option, but we want to use that as a last resort, if at all. It would stop genuine posters from being able to sign up and post immediately, which would be terrible.

So whilst it's an option, it's not really practical.

[Floydoid]

I did consider that point Chris, but if push comes to shove...

[oldfogy]

Good luck people, will also keep an open for any.

I think sometimes because we don't see it, we just don't know what really goes on behind the scenes with running and maintaining forums, so people like myself can get or give advice to others.


Thanks to all of you.

[Floydoid]

OF, I have been an admin on forums in the past, and believe me there's a lot more goes on in the background than you'd ever imagine.  It's a nightmare.

[kitz]

I'm not saying too much for obvious reason, but I did implement something different at about 4pm. Still early days yet... but refusals are racking up.

Re Admin approval - it was something discussed last night.  Its also something that SMF have suggested for smaller forums.  We've decided its probably best as a last resort due to it relies on Admin approval who may not always be around.  (Chris has a new job which means that he now cant access from work) - so that leaves me mostly.. and since theres some family stuff going on right now, it means that some days I may not be around as much. 

At least with the current situation theres normally a mod around before too long to sweep up any that get through, and/or ban before they even post.
Bearing in mind the amount we received* I think they do a damn good job, because AFAIK only 1 actually managed to get through and actually post before it was soon deleted.

So well done guys.  Eric + Dave have been very much on the ball 


* Now more than 200 refused attempts and/or bans placed or deleted

[Yorkie]

I realise you don't want to give too much away in an open discussion, but just as a matter of interest if I tried to sign up now would I be refused. I ask because I have a gmail email account, and I know some forums refuse these, in fact I have only be unable to register once with my email address, also I know my ISP allocates the dynamic address from a range that got inadvertently assigned to the Czech Republic before being reallocated to the UK, the VNU site always shows me as being in Czechoslovakia, I can assure you I am in chilly north Yorkshire.