Spammers

It's pretty obvious that we have a massive problem with spammers. which is pretty annoying
Can anybody think of a method to stop them effectively?

Dunno really, maybe switch from prehistoric captcha requested upon registration to newer version?

Edited by Alt Bass 2016-08-31 2:01 AM

Agreed... Spammer tools have long conquered that captcha system used here...

I'm afraid that as excited as you want to get over this, the simple truth is that it isn't bot traffic causing the posts.

Bots cannot get around the registration system. They're scummy little maggots with no life using browser tab opener services to batch load the registration and post pages pages (http://www.urlopener.com/homepage.html).

The current one started at
2016-08-31 10:56:55
and ended at
2016-08-31 11:45:26

You can see them in the log clicking through the site after starting with the URL opener services. Bots take seconds to post, not minutes and hours.

Edit: I've set some code in place that will 403 the traffic. Should upset them for a few hours.

So, the uniqueness of forum software prevents them?

You could probably limit the per user thread creation rate if there is such.

I customised the registration system completely a few years ago after the site was first attacked. I've never seen any conclusive proof that SPAM has come from bot attacks.

There is no such option. I would have to re-write the site to do it. I basically just do not have the time these days and the site generates no income to pay for its own operating expenses, let alone time

Wow, are you serious?

Rangid Gupta? Is that his actual name???

Ironic spam post cleaned

No of course not. Some low IQ idiot trying to do a bad job of being paid to copy paste someone else's XSS onto the site. The big one is a really lame attempt to obfuscate JavaScript by reversing the string and copping the code into 2-4 character chunks.

Looking at the code he was attempting to use JavaScript to execute lookup that would have forced everyone's web browser to download a ransomware virus https://www.reddit.com/r/Malware/comments/4qsjqy/locky_ransomware_ca...

Yay for retardation and cheap labour that doesn't know what it's doing.

Yeah, that JScript he wanted people to run looks exactly like the ones from my spam inbox. Good job, Rangid!

I just cleaned out 30 SPAM posts that came in over a three-minute span. Clearly done manually given the time span, which was slower at the beginning - all in the same forum (News & Editorials, which is on the top of the index page) except one - and that one must've had a script error somewhere, cuz it displayed as text rather than hyperlinks. I had just happened to log onto the site three minutes after the last post, immediately banning the spammer before deleting the posts. Third time over the past several months that I caught SPAM posts just a few minutes after they were made. What would Ye Administrator do without me?

Just wanted to take a moment to thank C:Amie, the other administrators and moderators! Thank you for all you do for this site!!!

Fortunately is shouldn't be possible for these scum to post code onto the board; which if any of them bothered to check they would realise that they are wasting their time completely trying to XSS us.

I am not sure whether blocking the multi-link referral sites has made any difference I'm seeing less in the morning when I check by first thing?

I agree! Many of the other tech forums I visit are much more inundated with spam; some of them are pretty much worthless. Thanks for all your efforts here!

I stopped a lot using the IP range method of banning. See this thread (a little old) over at the Adminforums: https://theadminzone.com/threads/banning-by-ip-range.88782/

Granted, you could be blocking out honest to goodness visitors which is a downside. I had a little info page that popped up if blocked that said, "Oops, looks like you're blocked! If you're not a spammer, Sorry! Sometimes we just don't know the difference! Fill out the form below if you wish to use our website and we'll usher you right in!". It had a simple contact block with a simple question. If the question wasn't answered when it was sent it, it didn't go through. Many spammers don't feel like taking an EXTRA step when registering and realize the game is up and move on. I would then add them manually to the user database.