Society of Robots - Robot Forum

General Misc => Misc => Topic started by: Admin on May 03, 2010, 12:00:15 AM

Title: Admin just won a victory against forum spam!
Post by: Admin on May 03, 2010, 12:00:15 AM
You guys have probably thought spam is a non-issue on the SoR forum. Actually, I spend an hour a day fighting spammers. It sucks, because its an hour I could otherwise help you guys build robots.

I use image verification, email verification, anti-bot puzzles, reCAPTCHA, the Stop Spammer database of known spammers, and with all this they still manage to sign up ~10-20 spam accounts per day.

That said, I just installed a proxy blocker on the registration page - victory! The few that can get past it, Stop Spammer catches them.

I give them 4 months until they find a way around it :'(
Title: Re: Admin just won a victory against forum spam!
Post by: SmAsH on May 03, 2010, 12:22:02 AM
Epic win for Admin.
Title: Re: Admin just won a victory against forum spam!
Post by: Admin on May 03, 2010, 12:28:39 AM
Hmmm it just occurred to me that some legit users might be under a proxy and won't know it.

So . . . I guess these users will have to find a non-proxy internet connection to register an account, or ask a friend to do it for them . . . nothing I can do about that :-\
Title: Re: Admin just won a victory against forum spam!
Post by: z.s.tar.gz on May 03, 2010, 11:27:35 AM
Now if there was only a way to stop human spammers...
Title: Re: Admin just won a victory against forum spam!
Post by: TK on May 03, 2010, 02:24:11 PM
Very good work Admin  :D
Title: Re: Admin just won a victory against forum spam!
Post by: blackbeard on May 03, 2010, 06:41:52 PM
hey admin you should install this http://hackaday.com/2010/04/21/are-you-human-resistor-edition/ (http://hackaday.com/2010/04/21/are-you-human-resistor-edition/)
Title: Re: Admin just won a victory against forum spam!
Post by: Admin on May 03, 2010, 07:18:06 PM
Now if there was only a way to stop human spammers...
Actually, it *was* human spammers I finally managed to stop. They were using automated tools that did mostly everything, and they just had to solve the reCAPTCHA and image verification. They were apparently using proxies to prevent me from blocking their IP.

I really like the Resisty CAPTCHA, but any human can easily solve it. I'd probably install it anyway, but it'll require a lot of modification to get it to work with this forum.
Title: Re: Admin just won a victory against forum spam!
Post by: corrado33 on May 03, 2010, 09:00:41 PM
That's great for Admin.  I actually clicked on the "newest member" thing at the bottom once, and it was definitely a spammer, then again admin does a very good job keeping them away.

On another note.  I HATE those Captcha things.  Half of the time I (a human) can't solve them.  I mean, if it takes me three tries to get it right, then it's way too freaking hard for a computer to do. 

On yet another note... don't serious spammers pay people over in other countries to just sit there and solve the captcha things? 
Title: Re: Admin just won a victory against forum spam!
Post by: Admin on May 03, 2010, 10:45:09 PM
That's great for Admin.  I actually clicked on the "newest member" thing at the bottom once, and it was definitely a spammer, then again admin does a very good job keeping them away.

On another note.  I HATE those Captcha things.  Half of the time I (a human) can't solve them.  I mean, if it takes me three tries to get it right, then it's way too freaking hard for a computer to do. 

On yet another note... don't serious spammers pay people over in other countries to just sit there and solve the captcha things? 
You'll get used to the CATPCHAs after awhile. There is one forum I post to often that requires you to solve a CAPTCHA for every post.

And yea, you can hire an unskilled laborer in China for like 50 cents/hour. Assuming he can solve one every 10 seconds, thats quite a lot solved for just 50 cents.
Title: Re: Admin just won a victory against forum spam!
Post by: Asellith on May 04, 2010, 06:52:29 AM
The better way to solve the captchas is to make a fake porn site and promise nasty pics and have the captcha you want solved redirected. Then its automatic. that was the funniest way I heard to get around them.

also Admin you could just add a way for people who can't register because of proxies to email you directly to create an account. But that might just shift the spam to your inbox instead of the forum :)
Title: Re: Admin just won a victory against forum spam!
Post by: Admin on May 04, 2010, 07:36:51 AM
The better way to solve the captchas is to make a fake porn site and promise nasty pics and have the captcha you want solved redirected. Then its automatic. that was the funniest way I heard to get around them.

also Admin you could just add a way for people who can't register because of proxies to email you directly to create an account. But that might just shift the spam to your inbox instead of the forum :)
Yea, I heard about the porn thing, too. lol

Good idea on the email idea . . . I'm too lazy to mod the forum code (its a pain to manually edit code after every software update), but I put in a request for the person who wrote the Proxy Blocker mod to add the feature in.
Title: Re: Admin just won a victory against forum spam!
Post by: dunk on May 04, 2010, 08:32:52 AM
many companies, schools and collages use a proxy server to manage their internet connectivity.
it would be a shame to loose all those valid users.

Good idea on the email idea . . . I'm too lazy to mod the forum code (its a pain to manually edit code after every software update), but I put in a request for the person who wrote the Proxy Blocker mod to add the feature in.
you could just display an email address on the sign-up page and ask people to email you if they have problems creating the account.
ask them to include the text they plan to use as their first post as a test to see if they actually have anything to say (that doesn't have Pr0N in it).
obviously you might want to set up a separate email account for this...

this way if someone wants to post some new forum spam they have to
1. find/create an email address that is not already marked spam by your email client.
2. think up something to say that is not about Viagra.
3. wait the day or two until you get round to making an account for them.
4. make their first post.
with luck most spammers will give up as soon as they see your forum is non standard.

if after a few weeks you see that very few valid users are registering using this method you can safely drop it.
but i think it's a risk implementing the proxy blocker without knowing the stats.


dunk.
Title: Re: Admin just won a victory against forum spam!
Post by: Admin on May 04, 2010, 09:13:24 AM
Quote
many companies, schools and collages use a proxy server to manage their internet connectivity.
it would be a shame to loose all those valid users.
I only ban *registration* using a proxy. Otherwise, a proxy can still be used to access any part of the forum.

The more clever of people would find a computer that isn't behind a proxy to register (ie wait until they get home), or ask a friend with a non-proxy connection to do it. However, some people aren't that clever, or won't want to be bothered with it . . .

Manually editing the forum, even just including email instructions, is a huge pain when I need to upgrade it . . . I have too many manual hacks already, and have to keep track of everything.

I'll be doing a complete forum rewrite once v2 of SMF comes out (probably 2 months from now). I'll deal with it again, then . . . I guess then I'll try to learn how to automate my manual edits to make upgrading more pleasant . . .

(To give you an idea, picture downloading WebbotLib, but then making 20 tweaks throughout the library . . . then WebbotLib comes out with a new version, so then you need to manually transfer all those tweaks over to the new files . . . but then some get broken as it the WebbotLib code had a major change, so you have to entirely rewrite those tweaks and retest . . . its a pain really . . .)
Title: Re: Admin just won a victory against forum spam!
Post by: dunk on May 04, 2010, 09:32:19 AM
The more clever of people would find a computer that isn't behind a proxy to register (ie wait until they get home), or ask a friend with a non-proxy connection to do it. However, some people aren't that clever, or won't want to be bothered with it . . .
internet users are notoriously fickle.
most just won't bother registering. (yes, i know i have no data to support this. it's my opinion based on a chat i had with some guys who collect web usage statistics at my old job.)

Manually editing the forum, even just including email instructions, is a huge pain when I need to upgrade it . . . I have too many manual hacks already, and have to keep track of everything.
it didn't occur to me SMF didn't let you put a custom message on the sign-in page.
o well.
yea, i agree avoiding custom hacks is a good thing if you ever want to be able to upgrade easily in the future.


dunk.
Title: Re: Admin just won a victory against forum spam!
Post by: Admin on May 04, 2010, 09:48:02 AM
Quote
it didn't occur to me SMF didn't let you put a custom message on the sign-in page.
Actually, the mod won't let you even view the sign-in page if you're using a proxy:

http://custom.simplemachines.org/mods/index.php?action=download;mod=2329;id=128716;image (http://custom.simplemachines.org/mods/index.php?action=download;mod=2329;id=128716;image)

So, its really the mod that doesn't give me the option. I can probably mod the code in 30 minutes worth of effort, but I'd have to do it every time the forum is upgraded. It might not sound like much, but I already have a bunch of other manual edits to deal with . . .
Title: Re: Admin just won a victory against forum spam!
Post by: Asellith on May 04, 2010, 10:02:47 AM
I'm at work and I work at a college that uses a proxy and filtering software. I can register just fine. I actually wanted to see what it looked it :) We might be different our proxy does not talk to the outside as far as I know. All outgoing traffic is on a specific static ip and the filter and proxy are behind that firewall. So if other schools and businesses do similar things that might not affect as many people. It might just be a black list of public proxy sites. Unless there is a way to detect a proxy from the connection.
Title: Re: Admin just won a victory against forum spam!
Post by: Admin on May 04, 2010, 10:55:37 AM
I didn't open up the source code . . . but it could quite possibly just be blocking 'evil' proxies that are designed to mask IP . . .

I think some proxies only 'do its thing' for popular content, letting other stuff pass through . . . but I think Dunk would know *much* more than me on that . . .
Title: Re: Admin just won a victory against forum spam!
Post by: dunk on May 05, 2010, 04:02:37 AM
I think some proxies only 'do its thing' for popular content, letting other stuff pass through . . . but I think Dunk would know *much* more than me on that . . .
that's (almost) the behaviour of a Caching Proxy Server.
not really my field of expertise but in general a Caching Proxy Server is used to reduce bandwidth when multiple computers are connected to the same network.
the "stuff pass[es] through" will still appear to be requested by the Proxy Server.
outgoing internet requests are passed to the Caching Proxy Server. the Caching Proxy Server then checks to see if it already has a copy of the requested web page. if it does, it returns that. if it does not the Proxy Server sends the request the page over the internet, saves a copy and forwards a copy on to the original requesting computer.

a correctly configured Caching Proxy Server saves everyone's bandwidth, both at the client end and also the content providers end as multiple requests for the same content are not needed.
for example on the SOR webpage, the Society Of Robots logo at the top is the same on every page. it never changes. a correctly configured Caching Proxy Server will only request a new copy of this logo once every few hours rather than with every page request. all users behind the same Proxy Server would share the same copy of that image. if Admin was to change the image it would take a few hours for users behind a Caching Proxy Server to see the change.


the Evil Spammers are using a similar system to hide their identity.
there are publicly available Proxy Servers out there that anyone can connect to. anyone using one of these is redirecting their traffic through that Proxy Server.
why would any one want to do this? in the Evil Spammers case, they are trying to hide their IP address. now Admin can only see the IP address of the Proxy Server, not the IP address of the Evil Spammer.

Paranoid Nut Jobs use Proxy Servers for the same reason. they haven't worked out that the people running the Proxy Server have access to all the information they pass through the Proxy, including any "secure" content.

another common use is to get round an overly restrictive firewall. many work internet connections have firewall policies to stop employees connecting to certain time wasting websites. (Youtube, email servers, IM accounts, etc.) an employee may send his traffic to a Proxy Server before sending it on to Youtube in a effort to fool the Content Filter that they are not in fact watching dogs ride skateboards or Brittany Spears videos.
this is a risky strategy as the people running the PS can see all data that passes through their system including any passwords. these guys are not running a Proxy Server for no reason. make sure you know who is running any server you decide to use.

an example of using a Proxy Server to get round a firewall is anyone who needs access to unfiltered internet in China. in the early days of the Chinese government's internet censorship it was possible to use a Proxy Server to see unfiltered world news and Brittany Spears videos.
these days more subtle techniques are needed to evade the Great FireWall.


hmmm. i'm off topic again aren't i?


dunk.
Title: Re: Admin just won a victory against forum spam!
Post by: Admin on May 08, 2010, 06:05:30 AM
Hmmmm took 6 days for a spammer to get through . . . crap . . . lol

On the bright side, its normally 3 spammers that get through per day . . .
Title: Re: Admin just won a victory against forum spam!
Post by: Soeren on May 08, 2010, 09:04:24 AM
Hi,

Paranoid Nut Jobs use Proxy Servers for the same reason. they haven't worked out that the people running the Proxy Server have access to all the information they pass through the Proxy, including any "secure" content.
Oh, you don't have to be paranoid to occasionally have a need for proxying, but you should jump through some proxies, located in different countries (Taiwan is good to include), as that would keep anyone from tracking you, and even the smartest intelligence agencies would have a hard time tracking through within a couple of years, which they wouldn't even try, unless you were a serious threat or something like that.

And by encrypting the stuff, you don't have the first proxy able to grab but your IP and such, but you may have a reason to cross proxy without needing to protect your content.
Title: Re: Admin just accepted defeat against forum spam!
Post by: Admin on May 09, 2010, 10:42:35 AM
I've renamed this thread to be more appropriate.

The same spammer keeps hitting SoR. :'( :'( :'( :'(

I really don't know how they are doing it . . . I want to install the Honey Pot Project mod, even though I doubt it'll help, but their database crashed (their solid state harddrive broke). They've been down for weeks.
Title: Re: Admin just won a victory against forum spam!
Post by: corrado33 on May 09, 2010, 11:56:04 AM
Oh no...  How do you know it's the same spammer?  What are they doing? 

How the heck does a SSD break?  I thought those things were indestructible?  Is there anything we can do?
Title: Re: Admin just won a victory against forum spam!
Post by: Admin on May 09, 2010, 08:01:43 PM
Spammers follow patterns. They create user names based on a pattern, same for the email.

For example
[email protected] <- It has a name, a period, and a number
[email protected] <- It has an incredibly long Indian sounding name with a strange email domain

Spammers typically choose user icons and gender, and this particular one uses the same one all the time.

Different spammers also have a favorite place to put the spam, such as in the user profile website link, or the signature area, etc. The way they link it also follows a pattern.

And no, SSDs aren't better than normal HDs, despite the myth around them (at least not yet). Flash memory has a much higher failure rate, despite the lack of moving parts. SSDs are only great if you have a bad habit of dropping your harddrive/laptop. :P
Title: Re: Admin just won a victory against forum spam!
Post by: Soeren on May 11, 2010, 02:40:04 AM
Hi,

SSDs are only great if you have a bad habit of dropping your harddrive/laptop. :P
Or if you have a strange mobile contraption vibrating and negotiating rough territory (No, not THAT, shame on you  ;D).
Title: Re: Admin just won a victory against forum spam!
Post by: SmAsH on May 11, 2010, 06:04:24 AM
Gah, why did you word it like that Soeren!
Also, don't SSD's have a faster r/w speed?
Title: Re: Admin just won a victory against forum spam!
Post by: Admin on May 11, 2010, 06:10:02 AM
Also, don't SSD's have a faster r/w speed?
At first, yes. But after you let it get cluttered up with files, it slows down to normal HD speeds.
Title: Re: Admin just won a victory against forum spam!
Post by: z.s.tar.gz on May 11, 2010, 11:13:25 AM
It has to do with the fact that when the multiple flash pages are empty the write speed is very fast because all that has to happen is: Data > Storage

However once a flash page has data in it, it must be wiped out before anything at all can be written. So if you wanted to write 1111 to a slot with 0111 in it, you first have to set the whole thing to 0000 before you can even mess with it.

Once they find a way around this flaw (most likely by inventing something better than flash memory) SSDs will be much better than hard drives and replace them eventually.

Edit: Read speeds remain relatively high throughout the life of the drive so they aren't a complete waste of money right now so buy some so that more money will be invested in making them better.   ;D
Title: Re: Admin just won a victory against forum spam!
Post by: corrado33 on May 11, 2010, 07:43:25 PM
However once a flash page has data in it, it must be wiped out before anything at all can be written. So if you wanted to write 1111 to a slot with 0111 in it, you first have to set the whole thing to 0000 before you can even mess with it.

Why can't the file be "securely" erased aka 0s written to all of the spots when something is "deleted" therefore the extra time would be taken when a file is deleted rather than when it's written?  (Maybe cause it'd take just as much time to delete a file as it would to copy it, and that would suck) Or maybe a program could run in the background when the drive isn't in use to write all of the "empty" spots to zeros?
Title: Re: Admin just won a victory against forum spam!
Post by: z.s.tar.gz on May 11, 2010, 07:52:46 PM
Because say you were working on a word document. Every time you made significant progress you would want to save it. If there was just a daemon running in the background then your file would have to get in line behind every other file in the entire system that wanted to be written. This would create such a backup not only for the user but for the background services that it just isn't practical.

And that's just now how deleting things works. When you delete a file, 0's don't get written over where it was because that would just take longer. Instead the filesystem just marks the addresses that the file was in as 'vacant' and new files can be written in that area.

Theoritcally you could write 0's upon a file deletion but that doesn't account for overwriting a file such as in the example above.
Title: Re: Admin just accepted defeat against forum spam!
Post by: dannyboy1121 on May 23, 2010, 02:27:26 AM
I've renamed this thread to be more appropriate.

The same spammer keeps hitting SoR. :'( :'( :'( :'(

I really don't know how they are doing it . . . I want to install the Honey Pot Project mod, even though I doubt it'll help, but their database crashed (their solid state harddrive broke). They've been down for weeks.

What country are they connecting in from? I remember a couple of years back I had a real problem with people trying to relay off my mail server. Almost all the attempts were from China .. so I blocked the whole country  - http://supermonkeyhaha.blogspot.com/2008/09/goodbye-china.html (http://supermonkeyhaha.blogspot.com/2008/09/goodbye-china.html)

Things got quiet in the spam department after that.

I've changed systems now .. so instead of using a perimeter firewall to block attempts - I use iptables on the mail server itself. I can pass the offending ip address to a script I've written which then does a whois to find the entire ip block - and generates a source based routing rule diverting all traffic from the offending subnets in to a tarpit (to bind them up for as long as possible). I figure that wasting their time is the best way to hit back. Labrea is my tarpit tool of choice.  ;)
Title: Re: Admin just won a victory against forum spam!
Post by: Admin on May 23, 2010, 08:51:22 PM
That won't work.

Back in the day, 90% of the spam accounts came from eastern Europe, specifically the RIPE network. It was actually a joke that if we just removed the RIPE network from the internet, the spam problem would have been solved :P

But last year a lot of the spam shifted and came from China. The RIPE network was no longer a big problem.

And starting this year, it appears to be mostly coming from India. Also, I'm not getting it from quite a lot of random around the world countries, implying its from bot networks or VPNs.

Point being the problem seems to be shifting over time to different countries . . .
Title: Re: Admin just won a victory against forum spam!
Post by: dannyboy1121 on May 24, 2010, 06:01:34 AM
I appreciate the point about botnets - and being honest, I'm seeing a similar spread recently against my mail server.

Do they connect direct to the forum enrollment page or do they navigate in via the web site. If it's the former then can you deny access based on page referral?
Title: Re: Admin just won a victory against forum spam!
Post by: Admin on May 25, 2010, 03:06:32 AM
Do they connect direct to the forum enrollment page or do they navigate in via the web site. If it's the former then can you deny access based on page referral?
hmmmm sounds like a good idea!

Anyone know php enough to write a script to do this? The forum is written in PHP, so the script would be added at the beginning of the registration page.

That said, its easy for a spammer to work around this - if they are aware of the mod.
Title: Re: Admin just won a victory against forum spam!
Post by: Asellith on May 25, 2010, 06:25:57 AM
yes but spammers are lazy they will just harass another forum with a lazy admin instead of one who keeps fighting them :)
Title: Re: Admin just won a victory against forum spam!
Post by: dannyboy1121 on May 25, 2010, 06:44:40 AM
I guess this is a start?

http://www.vonfelten.com/blog/2007/06/05/referral-url-from-session-using-php/ (http://www.vonfelten.com/blog/2007/06/05/referral-url-from-session-using-php/)

If someone then attempted URL spoofing or approaching form the correct navigation path, there are probably other things that can be done as well.
Title: Re: Admin just won a victory against forum spam!
Post by: Admin on July 20, 2010, 02:40:25 PM
Just an update to this . . .

On average one spam account per day gets past the SoR defenses (that I can detect).

That said, the anti-spam system I've installed has auto-blocked over 450 fake accounts in the last 2 months, plus an untold number more through blanket IP range blocks . . . sheesh!
Title: Re: Admin just won a victory against forum spam!
Post by: Asellith on July 20, 2010, 02:51:27 PM
The price of success :) just think what facebook and twitter deal with on a daily basis. Of course they have teams paid to handle that and all we have is one smart but over worked Admin :)
Title: Re: Admin just won a victory against forum spam!
Post by: Admin on July 20, 2010, 02:57:09 PM
The price of success :) just think what facebook and twitter deal with on a daily basis. Of course they have teams paid to handle that and all we have is one smart but over worked Admin :)
But . . . FaceBook gets rich off of spammers!
http://yro.slashdot.org/article.pl?sid=09/10/30/1713258 (http://yro.slashdot.org/article.pl?sid=09/10/30/1713258)
http://it.slashdot.org/article.pl?sid=08/11/24/2120250 (http://it.slashdot.org/article.pl?sid=08/11/24/2120250)
also interesting:
http://threatpost.com/en_us/blogs/attackers-moving-social-networks-command-and-control-071910 (http://threatpost.com/en_us/blogs/attackers-moving-social-networks-command-and-control-071910)

gmail/yahoo/hotmail are the #1 email domains for spam accounts registered on SoR, I blame them for not preventing it. >:(
Title: Re: Admin just won a victory against forum spam!
Post by: SmAsH on July 20, 2010, 04:07:48 PM
So your saying you should sue the spammers? :D