Jump to content

First spammer


Darkniciad
 Share

Recommended Posts

It's hard to believe how desperate spammers are. I get minimal traffic, mostly concentrated around the release of new stories and chapters. Still, some Russian spammer thought it was worth the time to pass the email validation and captcha to make one single spam post -- in Russian.

 

Even if somebody was dumb enough to not recognize it as spam, why would they click something they couldn't even read? *laugh* The only hits I get from Russia are spammers and scammers. They're trying to sell ice to eskimos.

 

The blog gets umpteen spams a day, but they're all caught by the spam filter. 600+ at last count. Crazy, huh? That's despite me locking comments on anything older than... Can't remember exactly, but it's 6 months or less. Even if one would escape the spam filter, I have to approve the first comment from any email addy, so it still wouldn't show up.

 

Getting some major writing itch. That's a good thing with a weeks vacation ahead of me. Keep your eyes peeled on the blog :)

Link to comment
Share on other sites

Damn... banned the same idiot three times now *laugh* Added the IP ban this time, since it's been the same one. Need to look and see if I can ban by wildcard email addresses. Every one of these spammers has been .ru

 

EDIT: Done. If you happen to be a real person - not a can of spam - and only have a @mail.ru address to work with, use the contact form on the website to contact me and I'll take care of it.

Link to comment
Share on other sites

  • 4 weeks later...

Determined Russian S.O.B... What the hell can he possibly be getting out of this? *laugh* I've banned whole IP ranges, the entire mail.ru domain, and regularly ban recognized instances seconds after he registers. I've got three more suspicious ones right now, and I'll be banning another IP range the moment one of them posts more spam.

 

Hope I don't have any actual fans in Russia, because they'll probably have a hell of a time getting on the site thanks to this spam scum.

 

Slowly working back up to building the website and getting back to writing. I'm doing a lot of musing, but just haven't had that flash of inspiration to put me back into hyperproductive mode yet.

Link to comment
Share on other sites

  • 1 month later...

I tell ya, the Russian spammers have zero wits. Most of the time, they sign up days in advance of making any posts - on a low traffic forum - when they're in every anti-spam database on the planet.

 

Added two new IP ranges to my ban list lately, banned and deleted three of these spam cans before they could even post.

 

Every time I get a registration email, I check the user IP, and if it pops up in a database ( especially if it's Russian ), I just ban them right off the top. Two IPs in the same first six digits, I ban the whole range. Once I get an IP range or an oddball email domain to wildcard ban, I can finally delete the spam accounts.

 

Again, I hope I don't have an fans in Russia. If I do, they're probably going to be S.O.L with getting on the website by the time these spammers get done forcing wildcard bans.

Link to comment
Share on other sites

  • 2 months later...

I previously hadn't turned on the spam service present in the forum software, but when I upgraded, it turned on by default. I was worried that it might accidently catch legitimate users, so that's why I didn't turn it on at first.

 

So far, so good. It's banning all the spam sign-ups instantly *laugh* Every one I check is coming up with umpteen entries on the sites that track forum spammers. No more manual banning a lot of them :)

 

If you do happen to get caught by a spam service ( or manual ) ban in error, you can always contact me through Literotica or Storiesonline.

 

If it continues to perform this well, I may very well go through and delete all the banned IDs. I had been keeping them for reference to create wildcard bans when enough domains or ip ranges showed up, but if the service gets them without the work, I can finally get rid of all the dead wood.

Link to comment
Share on other sites

  • 2 weeks later...
  • 3 weeks later...

Russian spammers going hog wild again :P

 

They're using new addresses and IPs, and only getting flagged as "likely spam", so I'm checking them manually, reporting them, and adding new wildcard bans again.

 

I usually have dozens of blocked attempts to access the site from Russian IPs every day, and I've never seen a one of them that wasn't a spammer.

 

So, apologies to any Russian fans that might be out there ( because you'll probably never get into the site thanks to the onslaught of spammers )

Link to comment
Share on other sites

Banning at least two new spammers per day now. How desperate are these goons? *laugh*

 

I could understand if my website got a lot of traffic, but it doesn't, and the forum gets even less.

 

I can't even imagine what a nightmare it must be for someone who has a large, active community. They wouldn't have the time to research each and every registration ( and sometimes, suspicious looking IPs in the "who's online" page ) the way I do, and are probably getting bombarded with messages advertising chinese knock-offs of Air Jordan shoes :P

Link to comment
Share on other sites

Yeesh...

 

It's gotten so bad over the last few days that I've had to go completely draconian with IP range bans.

 

I created a custom language pack and edited it to display a message for people who get caught up in an IP ban by accident. Rather than just reading:

 

"You are not allowed to visit this community"

 

it now says:

 

"You are not allowed to visit this website. If you believe you have reached this in error, please contact me through Literotica or Storiesonline."

 

That should allow any actual people who are caught up in a deep IP ban to get in contact with me ( as anyone coming here is likely coming from one of those two sites ) at which point, I can cut back to only banning specific IPs as they appear from that range.

 

I have an average of a dozen attempts by IP banned spammers to access the site daily. Often, they change to a slightly different IP and try again a minute or so after finding out that the IP they used to sign up has been banned. That's what's prompting the wide range bans. I'm doing my best to convince these scum that my site isn't worth the effort *laugh*

 

EDIT: It must be sinking in. I had to ban a new spammer seconds after posting this message. The spam service caught and banned the spammer as soon as he signed up. I checked the IP and came up with nothing. When I checked the email address, it came up with a huge list of spam reports, from a widely varied list of IPs from several countries.

 

So, it's getting through their heads that they're going to have to actually work to spam my site. Maybe they'll eventually figure out that the work isn't worth the return. I'm on duty all hours of the day and night, and check every new sign-up immediately.

Link to comment
Share on other sites

Just added another layer of checks to the spam registration blocking. Nearly everything that was getting through the checks of one database was showing up with certain criteria in another, so I've added that database to my checks.

 

I'll probably go through and begin removing the IP wildcard bans if this layer is effective. It has the added benefit of stopping registrations before they can process. If they're in the spammer database, they're never even going to be able to register. That's what I'm aiming for with all the wildcard bans. So if this service does the trick, I can dispense with those broad bans.

 

It also adds IP and email bans, and automatically cleans them up on a schedule. Very nice.

 

So far, I've kept nearly every spam post, PM, and email from coming through to my website. It's just a lot of work to do so. The database this layer of security relies upon has been the one I've used to manually check all along, so I'm reasonably confident that it's going to make the process work without intervention, and less chance of error than wildcard bans.

Link to comment
Share on other sites

Bwahaha!

 

The new layer of spam protection just claimed its first victim, preventing a repeat spammer from even signing up, and immediately banning the email and IP.

 

I'm going to give it a few days, and if it continues to work this well, I'll remove most of the wildcard bans ( there are a few email domains that are nothing but spam that will remain )

 

That should help ensure that nobody who isn't a spambot will still be able to access the site, even if they're from a region that's infested with spammers.

 

EDIT: BAM! Got another returning spammer, not once, but twice!

 

I may remove the wildcard bans as early as tonight, if the spambots keep giving me perfect examples of how I've terminated any chance of them registering.

Link to comment
Share on other sites

The new layer of spam protection is working like a charm. It's stopped every spammer ( lots ) who have tried to register over the last several hours dead in their tracks.

 

I've killed off all the IP wildcard bans, but retained all the email ones, because those domains are nothing but spam. I also killed off all the IP bans older than a certain date, because the new service is taking care of logging new bans, and even cleaning them up after a certain period of time.

 

There's no information a spammer can gather without signing up ( I don't allow guests to do much ) and the service doesn't allow them to sign up, so I'm not all that worried about them being able to access the website, where they can sit frustrated because they can't steal emails, send spam through the forum, or post the crap on the boards. It will protect legitimate users from getting banned simply because they share a neighborhood with a spammer, too.

 

Much less work for me, and still getting the job done. Woot!

Link to comment
Share on other sites

I am so enjoying watching the spammers run into a brick wall *laugh* Had to go leave a glowing comment on the Hook that's making this possible. One of the best little bits of code I've ever come across. Incredibly effective. I have pages and pages of "error" logs from spammers failing to register and failing to access the site in any way - each and every day.

 

There's one that's used at least seven different IPs and seven different variations of the same throwaway email address in just the last couple of days.

 

If anybody has an invision board and a spam registration problem, send me a message and I'll point you straight to the hook. Installing it will be the best couple of minutes you ever spend.

Link to comment
Share on other sites

  • 2 weeks later...
  • 3 weeks later...

Up to 127 blocked spammers between the blog and the forum. Still less than a month since I installed the hook.

 

The problem scales, as well. On larger boards, the number of attempted spam registrations is even larger. There are people reporting as many as 40 attempts per day.

 

If you have a forum or blog, it's time to get hooked up with a spammer database. The traditional methods won't stop the human agents, though you still need all the automated controls like Captcha in there to stop the bots and force them to use humans.

 

Feel free to post or private message me if you want the link to the database I'm using. There are pre-made hooks/widgets/plug-ins for most of the major forum and blog platforms, and the coding to check it with nearly any registration process/contact form isn't too difficult.

 

I'm not going to post it openly on the off chance the spammers are smart enough to check their own spam IPs against the database to figure out which ones will get through :P

Link to comment
Share on other sites

And now all of my contact forms are protected by the anti-spam database as well. All of the LST3K interactive functions will roll out with the anti-spam protection from day one.

 

If any spam does happen to get through the contact forms, it will save all of the necessary information for me to report the spammer to the database. I'll do the same for the LST3K interactive pages.

 

I could set them up to automatically report, but I honestly don't expect the spammers to mess with any of those features much. The blog and the forum are the primary targets, and they're hammering away relentlessly at those, no matter how many times they're blocked or banned. I'm just protecting everything on the off chance that I piss off one of the spammers enough to make 'em go looking for another way to get through and spam :P

Link to comment
Share on other sites

Oh, they're not getting through :) I'm hooked up to the database and blocking everything for a while now. This thread has become my "ha ha" journal as they futily pound away at multiple layers of protection.

 

( Check the comments in the ips marketplace for the mod. I think you might see a name you recognize there ;) as well as several recommendations on the ips forum )

 

I actually throttled back on the blog, because the back-up plug-in there catches pretty much every spam comment anyway, so I only needed the database to block spammy registrations. I can use the back-up plug-in to catch the spam comments before they go up on the site, then report them with full data to the database.

 

I even coded my own plug-ins for my contact forms and upcoming user-interactive features.

 

Thinking about putting in a simple ( no guilds ) version of Battle that runs on IP.Content, but that's far in the future if it happens.

 

I'm really surprised nobody has adapted for 3.x, considering how hookable it is. I haven't dug down deep into everything, as I'm being lazy and using mostly things others have coded, but it seems like coding up a version that requires zero file edits should be a breeze.

Link to comment
Share on other sites

  • 5 months later...

Here we are, less than 8 months since I added checks against the new database to the forum, blog, and my contact forms. As of today, those have officially reported 1000 instances of spammers.

 

And that's really just a drop in the bucket. My contact forms don't report by default, they simply block. Only spam ( none so far ) that gets past the checks provides me with the information to manually report them.

 

Ditto on the blog. There are hundreds of instances of blocked spam. The only ones I've reported are the ones that made it through the first lines of defense -- only to get caught by Askimet. Even if Askimet hadn't caught them, I don't let comments auto-approve until at least one comment has been approved, so they still wouldn't get through to the public.

 

All this on a low-traffic website where little of the effort put forth by the multitude of spammers has borne the fruit of a single post that actually saw public display for a limited amount of time.

 

I don't even want to think about the spam hammering a site with a lot of activity gets, when mine draws such an onslaught.

  • Like 1
Link to comment
Share on other sites

  • 10 months later...

Upgraded the spam protection on the blog with yet another layer, because I was getting fed up with deleting spammer registrations with emails that were brand new, and thus not yet registering on the spam databases.  Forcing everyone to validate now to register ( though not to post ) and auto-deleting unverified accounts.  Not as if there's any reason to sign up for the blog anyway.  I've determined that almost every single registration there ( and on RR ) has been pure spam.

 

Also added the Mail.RU spider to the spider listings.  We'll see how much of my bandwidth those jackasses are wasting, and if it gets annoying, I'll ban the S.O.Bs  For now, they only seem to be hitting the site once or twice every couple of hours.  Probably should forbid them anyway, because they're most likely just indexing places for the Russian spammers to attack.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...