Forum Spammers
Post new topic Reply to topic Page 1 of 21, 2
Author


Grandstanding Collector
Acaeum Donor

Posts: 6463
Joined: Dec 13, 2004
Last Visit: Dec 25, 2019

Post Posted: Thu Oct 26, 2006 10:20 pm 
 

It seems the forum is starting to become more and more of a target for spammers. :evil:   The last four sign ups all came within the last 24 hours and all four are spam bot accounts. :roll:


"He who fights with monsters might take care lest he thereby become a monster. And if you gaze for long into an abyss, the abyss gazes also into you." -Neitzche

  

User avatar

Long-Winded Collector
Acaeum Donor

Posts: 3590
Joined: Dec 20, 2003
Last Visit: Jan 17, 2021
Location: Canada

Post Posted: Thu Oct 26, 2006 11:59 pm 
 

Hey I get 30-40 spam mail per day.  Something you have to live with in the electronic age.


Games can get you through times of no money but money can not get you through times of no games!!

 WWW  


Prolific Collector

Posts: 414
Joined: Mar 26, 2006
Last Visit: Nov 30, 2007
Location: Chicago

Post Posted: Fri Oct 27, 2006 12:55 am 
 

Bloody Vikings....

  

User avatar

Sage Collector
Valuation Board

Posts: 2465
Joined: Nov 23, 2005
Last Visit: Jan 20, 2021
Location: Italy

Post Posted: Fri Oct 27, 2006 4:03 am 
 

...may the holy Maps be with you...

:D


I am the servant of the Secret Maps, Wielder of the flame of Clone!
You cannot quote! The dark spam will not avail you, flame of Udun.
Go back to the Shadow! You... cannot... post!!!

 WWW  

User avatar

Verbose Collector
Acaeum Donor

Posts: 1097
Joined: Aug 14, 2004
Last Visit: Jan 08, 2021
Location: Melbourne, Australia

Post Posted: Fri Oct 27, 2006 4:06 am 
 

bclarkie wrote:It seems the forum is starting to become more and more of a target for spammers. :evil:   The last four sign ups all came within the last 24 hours and all four are spam bot accounts. :roll:


How does the bot actually create an account when a code from an image is required?

 WWW  


Grandstanding Collector
Acaeum Donor

Posts: 6463
Joined: Dec 13, 2004
Last Visit: Dec 25, 2019

Post Posted: Fri Oct 27, 2006 10:21 am 
 

improvstone wrote:
How does the bot actually create an account when a code from an image is required?


Good question,  but not one that I have the answer to. I do know for a fact that they can and do.  Truthfully, I think that there maybe some sort of backdoor in the forum code that the spmmers expolit.  A prime example of this is this guy:

profile.php?mode=viewprofile&u=1095

He wasn't listed in the member list when I posted this thread yesterday, but he is here know and listed in the middle last four spam bot IDs that I was refering to in my post(between the nataliyat3344 & the Mariax1988 ones). Now with that one there are actually five in a row. :roll:

That is one of the primary reasons why Foul was trying to upgrade forum security again this last time, but things were so tight that it was even blocking real posters from logging in.  :?

For reference though just doing a google search on these, you will clearly see that it is not humanly possible for someone to do this manually, because even if there was 10 people doing it, there still wouldn't be enough time in the day.

http://www.google.com/search?hl=en&q=megab0rt

http://www.google.com/search?hl=en&lr=& ... tnG=Search

http://www.google.com/search?hl=en&lr=& ... tnG=Search

http://www.google.com/search?hl=en&lr=& ... tnG=Search

http://www.google.com/search?hl=en&lr=& ... tnG=Search

Between the five of them there are 150,000 indivudual references doing just a plain google search. There is just no way that is being done by even a team of people.


"He who fights with monsters might take care lest he thereby become a monster. And if you gaze for long into an abyss, the abyss gazes also into you." -Neitzche

  


Long-Winded Collector
Acaeum Donor

Posts: 3066
Joined: Jul 09, 2004
Last Visit: Apr 30, 2015

Post Posted: Fri Oct 27, 2006 11:15 am 
 

I believe there is an option in the forum software that will force new members to be accepted "manually".  It might be worthwhile to turn that setting on temporarily, until the bot IPs have been logged and blocked.

 YIM  

User avatar

Grandstanding Collector

Posts: 6067
Joined: May 03, 2003
Last Visit: Jan 14, 2021
Location: Waterloo, Ontario, Canada

Post Posted: Fri Oct 27, 2006 12:33 pm 
 

improvstone wrote:
How does the bot actually create an account when a code from an image is required?


I don't think this is a very difficult thing to do.  It's easy check the page source to find the image usually with a text input beside it and then run some kind of edge detection specifically trying to find letters or numbers.  This kind of optical recognition stuff has been developed very thoroughly over the years and a decent routine is easily available.

You might notice on places like Ebay they try and distort the image as much as possible so you can barely read what it says - this is just an attempt to fool the routines and it doesn't seem to work very well either.

 WWW  


Prolific Collector

Posts: 636
Joined: Sep 14, 2005
Last Visit: Jan 16, 2009
Location: Montreal, Canada

Post Posted: Fri Oct 27, 2006 1:10 pm 
 

deimos3428 wrote:I believe there is an option in the forum software that will force new members to be accepted "manually".  It might be worthwhile to turn that setting on temporarily, until the bot IPs have been logged and blocked.


IP blocking is pretty much useless these days.  There are far to many virus infected machines that can be used as proxies or zombies.  You might get some results if huge swaths of the earth were blocked (ie all of Asia, Africa, South America) but you'd potentially block legitimate users and you'd still be vulnerable to attacks routed through Europe or North America.


As for the verification image (captcha), there are several methods to defeat it:

1.  Automated OCR.  The image used by to register here has a lot of noise and the letters do move around veritically and horizontally, but the letters are always black, in the same font, and they don't get angled or distorted.  It would be reasonably easy to have a bot crack the images used here (and probably almost every other board running this software).

2.  Depending on how the forum generates the verification code it may be possible to manually decipher one captcha and then use the same text / hash to register everywhere.  When the verification page is generated the forum selects a text string and prints it on the image, it then (probably) hashes the text with a secret key and sets the hash as a hidden form field or a cookie.  When the user submits the form, the text they enter is then hashed with the same secret key and compared to the hidden field or cookie.  If the server doesn't use the current time/date as a component of the verifcation process or it doesn't keep a record of which codes its generated recently and reject any that it didn't generate recently (even if they match) the board might be vulnerable.

3.  The spammers could also be using a "hive mind" system.  For example, if the spammer has a website of his own he could pass the image verification on to a visitor to his site in exchange for free acess to porn (or something similar).  In this example, a visitor would try to gain acess to a protected directory on the spammer's site.  When his browser makes the request, the spammer's server gets a site from a database of message boards and downloads its registration page.  The spammer's server then disects the registration page from the forum and builds an access control page for the protected directory.  When the visitor trying to gain access to the spammer's site enters the text from the image, the spammer's server posts it back to the forum (along with the spammer's registration details) and the account is created.

 WWW  

User avatar

Verbose Collector
Acaeum Donor

Posts: 1709
Joined: Feb 04, 2004
Last Visit: Aug 23, 2016
Location: Chandler, AZ

Post Posted: Fri Oct 27, 2006 1:57 pm 
 

Is there an option to restrict users from posting a new thread until they log a certain number of posts?  At least 1, but maybe more like 10 posts before permission is granted to Post a new thread?


"Gleemonex makes it feel like it's seventy-two degrees in your head... all... the... time! "

  


Long-Winded Collector
Acaeum Donor

Posts: 3066
Joined: Jul 09, 2004
Last Visit: Apr 30, 2015

Post Posted: Fri Oct 27, 2006 3:29 pm 
 

NetRodent wrote:IP blocking is pretty much useless these days.

I don't agree, but in any event, manual user activation eliminates these sorts of spamming posts almost entirely, it's just inconvenient.

Suspicious user registrations can then be noted in the logfiles and their specific IPs identified/blocked/reported/pingflooded/whatever at the admin's whim.  When the rate of bogus requests drops, you can return to automatic activation.

Captchas are becoming less effective.  With the availability of cheap labor in the developing world, people are being paid to decipher them.  It's far cheaper and more accurate to hire a human to do the job.

 YIM  

User avatar

Grandstanding Collector
Acaeum Donor

Posts: 6168
Joined: Jan 03, 2005
Last Visit: Jan 20, 2021
Location: UK

Post Posted: Fri Oct 27, 2006 3:58 pm 
 

Why not just get new users to require approval of their membership from the board. Give access to approve any of the board moderators, or designated members.


This week I've been mostly eating . . . chicken and wild rice soup.

 WWW  


Long-Winded Collector
Acaeum Donor

Posts: 3066
Joined: Jul 09, 2004
Last Visit: Apr 30, 2015

Post Posted: Fri Oct 27, 2006 4:34 pm 
 

mbassoc2003 wrote:Why not just get new users to require approval of their membership from the board. Give access to approve any of the board moderators, or designated members.

I'm not sure if that's possible or not, but I think that's beyond the scope of the VB.  We really just handle the data collection and occasionally fight it out over some of the numbers.

 YIM  

User avatar

Grandstanding Collector

Posts: 8219
Joined: Jan 21, 2005
Last Visit: Jun 12, 2017
Location: Wallasey, Merseyside, UK

Post Posted: Fri Oct 27, 2006 4:35 pm 
 

i already offered to help.

foul wanted to keep it as it was though - which is cool.

Al



  


Prolific Collector

Posts: 103
Joined: Jan 11, 2003
Last Visit: Jan 08, 2017
Location: Altoona, PA

Post Posted: Fri Oct 27, 2006 5:05 pm 
 

I've got the same problem over at the Illustration Exchange (since I'm using the same software - Foul helped me get it going, in fact). I'm using registration approval, though - it's somewhat of a hassle, but it at least prevents any kind of SPAM posts. When a new user registers, it's very easy to see from the profile whether or not they are legit, and I just immediately delete them if they're bogus.


Pat


"Life is short, art is forever, and the credit card bills to buy the art last just slightly longer."

 WWW  

User avatar

Verbose Collector
Acaeum Donor

Posts: 1097
Joined: Aug 14, 2004
Last Visit: Jan 08, 2021
Location: Melbourne, Australia

Post Posted: Sun Oct 29, 2006 5:09 am 
 

Mars wrote:
I don't think this is a very difficult thing to do.  It's easy check the page source to find the image usually with a text input beside it and then run some kind of edge detection specifically trying to find letters or numbers.  This kind of optical recognition stuff has been developed very thoroughly over the years and a decent routine is easily available.

You might notice on places like Ebay they try and distort the image as much as possible so you can barely read what it says - this is just an attempt to fool the routines and it doesn't seem to work very well either.


OK .. then time to add some questions that a bot couldn't possibly answer.  

eg. Gary's Last Name?  

or Eye of the what?

Maybe even put the question in the image.

If a spammer does join then you know it isn't a bot ...

 WWW  


Grandstanding Collector

Posts: 5611
Joined: Nov 16, 2002
Last Visit: Jan 19, 2021
Location: Wichita, KS, USA

Post Posted: Sun Oct 29, 2006 8:31 am 
 

deimos3428 wrote:I believe there is an option in the forum software that will force new members to be accepted "manually".  It might be worthwhile to turn that setting on temporarily, until the bot IPs have been logged and blocked.


That would be great, but Scott travels a lot, and isn't often around to be able to monitor new memberships in a quick manner---not knocking Scott at all, just the realities of his schedule.


Allan Grohe ([email protected])
Greyhawk, grodog Style

Editor and Project Manager, Black Blade Publishing
https://www.facebook.com/BlackBladePublishing/

 WWW  


Grandstanding Collector

Posts: 5611
Joined: Nov 16, 2002
Last Visit: Jan 19, 2021
Location: Wichita, KS, USA

Post Posted: Sun Oct 29, 2006 8:37 am 
 

improvstone wrote:OK .. then time to add some questions that a bot couldn't possibly answer.  

eg. Gary's Last Name?  
or Eye of the what?
Maybe even put the question in the image.

If a spammer does join then you know it isn't a bot ...


Now that's a good idea, improv (and hi, good to see you again, btw! :D ).  You could even take it one step further, and force them to pull the PHB down to a specific word (p. 73, paragraph 6, line 3, word 7) or something like that:  something that's easy for a collector to do, but would be pretty unlikely for a spammer to have at hand.  The advantage to this system is that the solution isn't something that could be so quickly googled, and that the key isn't something that's embedded in the image that can then be scanned/OCR'd, etc.---it's in a completely separate text.


Allan Grohe ([email protected])
Greyhawk, grodog Style

Editor and Project Manager, Black Blade Publishing
https://www.facebook.com/BlackBladePublishing/

 WWW  

User avatar

Grandstanding Collector

Posts: 6067
Joined: May 03, 2003
Last Visit: Jan 14, 2021
Location: Waterloo, Ontario, Canada

Post Posted: Sun Oct 29, 2006 8:50 am 
 

I think a simpler idea might just be to enter the letters in the image in reverse order or something simple like that.

 WWW  


Long-Winded Collector
Acaeum Donor

Posts: 3066
Joined: Jul 09, 2004
Last Visit: Apr 30, 2015

Post Posted: Sun Oct 29, 2006 7:28 pm 
 

grodog wrote:You could even take it one step further, and force them to pull the PHB down to a specific word (p. 73, paragraph 6, line 3, word 7) or something like that

That would keep out the pesky 3rd-edition riff-raff, as well.  :lol:

 YIM  
Next
Post new topic Reply to topic Page 1 of 21, 2