I think it's a bot.
it searches for a sub category named "general discussion" and posts the spam there.
the solution is, maybe, to rename this section.
what do you think?
the spam-ads in this forum
Moderators: Víctor Paredes, Belgarath, slowtiger
Re: the spam-ads in this forum
I agree, Moho General discussion will certianly mess the engine.Samb wrote:I think it's a bot.
it searches for a sub category named "general discussion" and posts the spam there.
the solution is, maybe, to rename this section.
what do you think?
The spam usually works like this. A (usually) Russian spam team will troll the net looking for BBphp forums. They legally register then copy the best directorys to their engine.
The spam team then launch spambots to infect open servers, (usually IRC servers). Once they spambot engines are in place, they sell the Spambot URL to advertisers. The advertiser sends a form to the IRC engine and it relays it to us, Auto registering and posting to the forum.
Using visual verification on sign up stops most bots.
But renaming the General name might just work, providing its not using the SQL direct address (in which case, the name can be anything and it will still work).
Definately work a shot.
The key directories are General Discussion and Jobs.
General Moho Discussion and Animation Jobs work still be applicable subject names.
Rhoel
Just killed off a spam, less than one minute after it arrived. I did enjoy that.
-
Lost Marble
- Site Admin
- Posts: 2355
- Joined: Tue Aug 03, 2004 6:02 pm
- Location: Scotts Valley, California, USA
- Contact:
Hmmm, they are still getting through 
... time for Plan "B"
Plan B:
{Taken from the BBphp site}
---------------------------------------------------------------
The RegBots work by going directly to the submission of the form information, bypassing the various agreement screens by simply setting "agreed=true". Fortunately, web form variables are CasE-sEnsiTivE, so simply changing the all-lower-case name "agreed" to mixed-case will still allow manual registrations to work, but will simply present a bot's request with the COPPA form, and not make any entries into your users table.
The affected files are:
admin/admin_users.php
includes/usercp_avatar.php
includes/usercp_register.php
With a text editor, search for "agreed", and replace it with your own choice of mixed case, or even something like "IAmInAgreement". As long as all references to this variable are identical, registration and profile changes work as before... except for those trying to bypass the system.
---------------------------------------------------
Rhoel
... time for Plan "B"Plan B:
{Taken from the BBphp site}
---------------------------------------------------------------
The RegBots work by going directly to the submission of the form information, bypassing the various agreement screens by simply setting "agreed=true". Fortunately, web form variables are CasE-sEnsiTivE, so simply changing the all-lower-case name "agreed" to mixed-case will still allow manual registrations to work, but will simply present a bot's request with the COPPA form, and not make any entries into your users table.
The affected files are:
admin/admin_users.php
includes/usercp_avatar.php
includes/usercp_register.php
With a text editor, search for "agreed", and replace it with your own choice of mixed case, or even something like "IAmInAgreement". As long as all references to this variable are identical, registration and profile changes work as before... except for those trying to bypass the system.
---------------------------------------------------
Rhoel
This forum has an address:
http://www.lostmarble.com/forum/viewforum.php?f=5
and there is no name in it at all. By the way, I don't know how to access a forum directly with its name. I also don't know how the php engine works but I think it would be better to use something "must be human" interaction during the entering of a new topic (in posting.php?). For example, manipulating and hiding the Submit function somehow (submitting something random "password" together with the message to avoid shortcuts?).
Renaming the agreed variable is not a protection if the "agreed" variable name appears somewhere in any transmitted html (javascript) stream so an advanced spambot can search for it.
Renaming a forum protects against newcoming spambots only, I think.
http://www.lostmarble.com/forum/viewforum.php?f=5
and there is no name in it at all. By the way, I don't know how to access a forum directly with its name. I also don't know how the php engine works but I think it would be better to use something "must be human" interaction during the entering of a new topic (in posting.php?). For example, manipulating and hiding the Submit function somehow (submitting something random "password" together with the message to avoid shortcuts?).
Renaming the agreed variable is not a protection if the "agreed" variable name appears somewhere in any transmitted html (javascript) stream so an advanced spambot can search for it.
Renaming a forum protects against newcoming spambots only, I think.
- - - Fazek
Only one admin.
Until another option is found maybe someone with php skills could create a simple page for a form email like those used to send grassroots letters to congressmen. Then we can enter get the name of the site being advertised and submit it to Google, Yahoo, MSN or anyone elses spam watch list as well as to the product site. "We have recieved spam postings of your product by user name __________ on our site at __________. His IP is, the link he posted tou your site is ___________________. We have reported this conduct to major search engines and ___________. We are sure that enough complaints from our members will result in blacklisting on major search engines or additional actions by regulatory bodies. Please adjust your policies or ban those abusing your service ... " etc etc
There was one guy, one night here who was 'live' I guess I everytime I deleted something he added it back. This went on for about an hour and I went nuclear and searched for him on the net - he used the same name and was posting for tons of affiliate programs. I worte down those affiliate id's from the links that had them and sent emails to about a dozen of them, plus send the adverisers name to Google and Yahoo (no response but what the heck) and lastly to him. It seemed to work as he disappeared about a day later but it was too much work for all the posts we get so some easy way to do this might warn off the worst offenders.
Approving the first posts/membership of a user also works very well but this would fall on LM unless he added more admins.
Until another option is found maybe someone with php skills could create a simple page for a form email like those used to send grassroots letters to congressmen. Then we can enter get the name of the site being advertised and submit it to Google, Yahoo, MSN or anyone elses spam watch list as well as to the product site. "We have recieved spam postings of your product by user name __________ on our site at __________. His IP is, the link he posted tou your site is ___________________. We have reported this conduct to major search engines and ___________. We are sure that enough complaints from our members will result in blacklisting on major search engines or additional actions by regulatory bodies. Please adjust your policies or ban those abusing your service ... " etc etc
There was one guy, one night here who was 'live' I guess I everytime I deleted something he added it back. This went on for about an hour and I went nuclear and searched for him on the net - he used the same name and was posting for tons of affiliate programs. I worte down those affiliate id's from the links that had them and sent emails to about a dozen of them, plus send the adverisers name to Google and Yahoo (no response but what the heck) and lastly to him. It seemed to work as he disappeared about a day later but it was too much work for all the posts we get so some easy way to do this might warn off the worst offenders.
Approving the first posts/membership of a user also works very well but this would fall on LM unless he added more admins.
[url=http://burtabreu.animationblogspot.com:2gityfdw]My AnimationBlogSpot[/url:2gityfdw]
I think many sites are using this BB software, that's why it is possible to make spambots and put energy by the spammers to find them. For e-mails, there are good spam filters (I don't know really how our provider does it, maybe they are using a shared international database). Is it possible to use a same thing for the messages? I think if the filter puts a [SPAM] mark at the beginning of the subject it is enough (nobody will read it) and helps the admins to find and remove these messages faster.
- - - Fazek
There are several mods listed at phpBB that might help. This one seems promising as a secondary measure and users say it is very stable and effective http://www.phpbb.com/phpBB/viewtopic.php?p=2166867
[url=http://burtabreu.animationblogspot.com:2gityfdw]My AnimationBlogSpot[/url:2gityfdw]