New Breed of Spammers

Discussion in 'Security and Legal' started by AWS, Mar 8, 2014.

  1. AWS

    AWS Administrator

    Joined:
    Feb 1, 2010
    Messages:
    1,616
    Likes Received:
    692
    Location:
    Joliet, IL U.S.A.
    First Name:
    Bob
    I've noticed that spammers are adapting to the measures we take to stop them. One thing they do is use a clean IP, one that isn't in any spam database, and use it to register. Once they get past the registration they change IP to confirm registration and more times thnn not that IP will be listed hundreds of time in SFS or other spam databases.

    While this makes it easier for them and harder for us not many of these spammers actually post so if we don't check each registration we would never see the tactic they now use. Sure some do post right away, but, most don't. The new spammers that do post are adding a zip download to the threads they create.

    I think these spammers are building an army of users that seem legitimate to be used at a later date for a large scale spam attack and by adding a zip when they do post I think they are trying to build a bigger list of clean IP's to be used. These zips are malware that opens a public VPN connection that is well hidden on the infected computer, but, easy to find for the spammers use.

    There are ways to combat this. There are some similarities to these sign ups. For one they all set their gender to female. I think whatever automated bot they use to register makes random changes to some profile fields to make it look like a real person is registering. Changing gender seems to be the popular one to use. These users also seem to like to use an age in range of 25 to 42.They also use some random user name with a mixture of numbers. By them registering this way it makes it easy to pick out the new sign ups that could be a problem.

    In conclusion be on the lookout for users that sign up with one IP and then confirm with another and if the user name is random numbers and letters and are of the female gender in the age group 25-42. While there might be a legitimate user in the group my experience over the last week has shown that these are spammers.
     
    Dan Hutter likes this.
  2. CM30

    CM30 Regular Member

    Joined:
    Jul 1, 2012
    Messages:
    901
    Likes Received:
    500
    Don't a lot of blacklists also check the IP against databases upon posting/commenting? Because if not, then this is a good reason why they should.
     
    pixelek likes this.
  3. AWS

    AWS Administrator

    Joined:
    Feb 1, 2010
    Messages:
    1,616
    Likes Received:
    692
    Location:
    Joliet, IL U.S.A.
    First Name:
    Bob
    Not as far as I know unless there is an addon for it. Once you register then Akismet takes over. I could be wrong.
     
  4. pixelek

    pixelek Regular Member

    Joined:
    Oct 9, 2013
    Messages:
    229
    Likes Received:
    85
    Location:
    Torun, Poland
    There should be registration which requires activation by admin as the only one option available on forums. Of course admins should be >18 up and not acting nastily.
     
  5. s.molinari

    s.molinari Regular Member

    Joined:
    Nov 6, 2009
    Messages:
    774
    Likes Received:
    603
    Location:
    Käshofen
    Interesting post. Thanks for the heads up.

    Scott
     
    pixelek likes this.
  6. pixelek

    pixelek Regular Member

    Joined:
    Oct 9, 2013
    Messages:
    229
    Likes Received:
    85
    Location:
    Torun, Poland
    Its been a pleasure Scott :-)
     
  7. Joeychgo

    Joeychgo Regular Member

    Joined:
    Nov 6, 2010
    Messages:
    409
    Likes Received:
    222
    I basically take 4 steps to minimize spam, and for me, its effectively zero..
    • IPs of spamming countries are blocked to begin with. (Russia, China, etc)
    • Stopforumspam for blacklists
    • Question and Answer as part of Registration. This one I make the question related to the topic of the forum and try to make a question that is easy to know IF you know about the topic.
    • Moderation of posts containing spammy words. The plugin scans the first 5 posts of a new member and if it contains words like iphone, purse, ringtone or porn then the post is moderated and has to be approved.
    These steps have made my forums virtually spam free.
     
  8. Code Monkey

    Code Monkey Regular Member

    Joined:
    Apr 15, 2013
    Messages:
    230
    Likes Received:
    170
    I haven't really had a problem since I have been on XenForo.

    1. I block all Baidu IP's, including the stealth ones, to keep my site off Chinese search engines as much as possible.
    2. I use Sonnb's Awesome spam tool. http://xenforo.com/community/resources/sonnb-stop-spam-here.1086/
    3. Akismet
    4. Bot's still haven't figured this out. http://xenforo.com/community/resources/xf-qaptcha.1241/
    5. That leaves actual human spammers that actually take the time to manually register and make a bunch of sweet looking posts before spamming. Which are very few.
    6. Plus I have the Post Rating mod and my long time members know that a certain post rating will hide any post when given a specific number of times on a post.
    So far after a year on XF and those tools it's been good.

    EDIT: I should add that I delete my stop spam here log every month. Just did it two days ago and it was 27 pages of attempts.
     
  9. cpvr

    cpvr Regular Member

    Joined:
    Aug 14, 2009
    Messages:
    3,219
    Likes Received:
    823
    I also use a security answer instead of a regular captcha and it has stopped a lot of bots from joining my community because the answer is hard if you don't know the top game in my niche.
     
  10. Jordan

    Jordan Regular Member

    Joined:
    Apr 27, 2013
    Messages:
    18
    Likes Received:
    3
    Location:
    Canada
    There is an option in most forum softwares
     
  11. Lee G

    Lee G Regular Member

    Joined:
    May 2, 2014
    Messages:
    165
    Likes Received:
    33
    Location:
    Costa Blanca Spain
    First Name:
    Lee
    Make sure you use questions like "what is this forum about"
    There is a questions and answers data base they use
    If you use questions like "what does six plus one equal" Those questions can easily be answered by the system they use
     
  12. Sylvain

    Sylvain Regular Member

    Joined:
    Mar 15, 2013
    Messages:
    140
    Likes Received:
    17
    s.molinari likes this.
  13. s.molinari

    s.molinari Regular Member

    Joined:
    Nov 6, 2009
    Messages:
    774
    Likes Received:
    603
    Location:
    Käshofen
    That looks like an interesting add-on. Thanks for the tip.

    Scott
     
  14. AWS

    AWS Administrator

    Joined:
    Feb 1, 2010
    Messages:
    1,616
    Likes Received:
    692
    Location:
    Joliet, IL U.S.A.
    First Name:
    Bob
    I've been using it since it was released. I have shut off the default xenforo stuff and also captcha. It works very well. Just make sure you adjust the settings.
     

Share This Page