Bit Blot Forum
Bit Blot => Off-Topic => Topic started by: Xiagan on December 13, 2010, 01:13:07 pm
-
You may have noticed the spam bots got out of control. I removed over 30 spam posts 4 hours ago and did another 40 in the last 4 hours.
Since I can't be here 24/7, it's only normal that you may find various amounts of spam while visiting.
I hope a software update or something similar will happen soon - until then thank you for your understanding.
-
There are 89 spam posts at the moment and I don't have the time to delete them - to be honest, I don't have the motivation either, because without a forum update it will look the same tomorrow and the day after and ... well, I'm not Sisyphus.
So please understand that I won't delete spam posts anymore without seeing some activity from our admins.
-
More than understandable Xiagan.
Not to hammer onto Alec, but I don't see why he can't do it. Though besides that, I'm not even close to fathoming why Derek hasn't already put in some kind of spam bot measurement.
-
Alec is deleting as much as I am, it was still not enough.
I talked with both and apparently the setting was set to 'immediate registration' which Derek changed, so it's supposed to be better now! :)
The spam bots who are still posting had already registered, so a ban should solve that problem too, so I'm looking quite forward to a new mostly spam free area!
-
I was deleting oodles of spam like twice a week.
But yeah, things should be less crazy now. I banned those 3 accounts you linked me to, Xia. :)
-
Man this is a very nice thing to hear, those spam bots were really depressing.
-
How about a question on the registration forum that Aquaria players should know the answer to? I first saw it on the BZFlag forums. It should be something extremely simple, though spambots wouldn't be able to answer without their users to find out the answer first.
-
From what I gather only Derek can do it, be it permissions, owner rights, knowledge (which I doubt) or some other weird things. I appreciate the banning's, but still wonder why you can't put up some simple spambot protection with the registration.
-
Unfortunately from the looks of things the setting change didnt help matters much.
-
Unfortunately from the looks of things the setting change didnt help matters much.
I checked them and we are mostly dealing with spam bots who registered before the changes and are posting again.
It may need a time to ban them all, but we are on a good way I think.
-
Hey, guys, sorry about the spam!
I upgraded our forums to the latest version, which should help quite a bit.
Also, admins - if you delete a spam account you have the option to delete all of their posts with it. FYI.
-
Sounds like progress is finally being made on this, really glad to hear it. Thanks for the effort guys.
-
Maybe it's an idea to bring around another admin, if even this post is being littered. xD
And thanks Derek!
-
Yaaaaay!
-
Xiagan's gonna have a stroke when he checks this place after taking a break for the holidays :V
-
"Spam... spam never changes..."
I guess installing the new version of SMF reset the visual captcha to "Medium" instead of "High". Fixed. I hope that's the reason why there was a huge deluge the past couple of days.
I'll make Xiagan an admin, too, so he can help delete spam accounts.
-
Thanks Derek! I hope your measures help and there isn't much need for deleting spam accounts, but if necessary, this will make my work more easy. :) There must be a new trick with smf the spammers found. The amount in other smf forums I attend has increased too...
-
Actually, I believe that SOME spammers nowadays are just humans who are being paid to do shit like that. Easy cash n stuff.
Oh and once again thanks Derek. <3
-
Actually, I believe that SOME spammers nowadays are just humans who are being paid to do shit like that. Easy cash n stuff.
Oh and once again thanks Derek. <3
If that was the case wouldn't they make less ridiculous, mechanical looking posts? Some of the shit that gets posted looks like it was never once actually written by a human with any sort of understanding of the english language and is just random words and links thrown together.
-
Some spamposts in this forum actually made me think a real person made it, seeing it connected perfectly on the topic, but their signatures still had links in them.
Oh and their reactions were general, like they don't know what the forum was about but they did read the post before that.
-
Some spamposts in this forum actually made me think a real person made it, seeing it connected perfectly on the topic, but their signatures still had links in them.
I think some of them just copy parts of the first (or just earlier) posts. This way it looks very on topic.
-
Yeah.. what's the deal with that... Make me a mod. i'll help remove them!
-
See what I was talking about Xia? =p
-
But his links don't make sense.. :P sigh...
-
what you guys need is one of thos anti spam bot things that detect
advertising and reports it to you,
then you can just mark the ones that are not spam and it will auto ban the rest.
i have no idea where to get one, but one of my old blogs had one (google it?). ^-^
-
what you guys need is one of thos anti spam bot things that detect
advertising and reports it to you,
then you can just mark the ones that are not spam and it will auto ban the rest.
i have no idea where to get one, but one of my old blogs had one (google it?). ^-^
I consider that too much work. There are more legitimate new posts these few days than spam (or it's just Xiagan doing a very good job).
-
Yeah, Xia has been fairly busy. I noticed a few spam posts every now and then from (I hope) old accounts, and I bet I don't even see everything.
-
I find it somewhat useful to look at the Users Online section for spammers. A simple check of their profile usually reveal who they are. And no, the anti-spam mechanisms are still not working. All of the spam members I checked from the Users Online page was registered today.
-
Admins! Don't give this forum up please! (And spare poor Xiagan the work)
Talked with Xiagan yesterday on IRC about the spams, and here is an SMF addon that may help (not older then 2 weeks, and installing it on my test forum was a breeze):
http://custom.simplemachines.org/mods/index.php?mod=2932
Fairly new way to make a captcha, but if it works.. and it does :)
I have set up a test forum (http://fg.kicks-ass.org/f/index.php?action=register) that is already using appropriate captcha images ^-^
PM'd Xiagan some more details, and now i hope he can get that addon in, or poke Derek to do something.
Btw, there is SMF 1.1.13 out with some bug fixes, but nothing major that spambots could exploit from what i have seen.
I estimate the majority of the spambots that register here try to improve their google ranks by providing links to websites they want to promote. We can be lucky only a small fraction of these bots actually starts posting, as them collectively waking up would be a disaster. There are bots that registered months ago and still check the forum, although they have not posted a single thing.
Do you guys think its possible to clean the user database from most of these bots automatically? Most of the names are made following a simple pattern, that is [a-zA-z]+[0-9]+[a-zA-Z]*, and many provide the same link twice in their signature... helps identifying them automatically.
Lastly, if that helps anyone i set up a little trap for those nasty email harvesters here (http://fg.kicks-ass.org/userlist), in case some are here. Hopefully these stupid bots pick up the URL and spread it, as it is also in my sig.
(Someone has to do something, right?)
Oh, and this: http://en.spambot.pl/ <-- i lold. Shame on them.
EDIT:
From their site:
Protection against the program
The protection of one’s own websites against the program is included. You simply need to upload to your website server a file entitled ‘spambot.txt’ with the content ‘spambot.pl’. If the program tries to spam this page, it will be announced that spamming can’t be done because there is the file ‘spambot.txt’ on the server. Before spamming, the program always checks if there is such a file on the server.
Worth a try imho :P
EDIT2 (half a day layer):
Geez, more spam posts... If you let me, i'd help deleting stupid bots and cleaning up the forum :(
EDIT3: Another mod that looks promising, just updated today, now works with SMF 1.1.x: http://custom.simplemachines.org/mods/index.php?mod=2502
EDIT4: The images i used for notCaptcha can be found here (http://fg.kicks-ass.org/f/mystuff/)
-
Sounds cool, I'd add it but I don't think I have the access to do that.
AFAIK Derek is the only one with the web login craziness?
Maybe I should see if I can get him to hook me up with the info required. I might be able to do that at GDC. (sometimes it's hard to reach him by email cause he's doing crazy Spelunky stuff)
-
My word, what an interesting technique this HJJ bot has. Ten threads in one forum, none in any of the others--each post apparently assembled from a strange syntactical mishmash of somewhere between two and ten different news articles, each studded with dozens of surreally-titled links and then followed by a bunch of straight-up URLs at the bottom of each post just for good measure.
How odd.
-
I don't even click posts that have 0 replies anymore.
-
Atoneanies! Debt Adcarnality! Cradapt! Greaanalysis! Unseconvalescent De! Administer artificial armamentariums! Acquaint burningly application the coffers and get abolishment! Aboriginal footfall.
... Brokacy!
(Spammer Tiggs has an amusing technique as well, it seems.)
-
What about we just spam Dereks email until he installs a spam filter or a useful captcha system? :P
... AND also gives Alec access to these things too.
Sounds cool, I'd add it but I don't think I have the access to do that.
AFAIK Derek is the only one with the web login craziness?
Maybe I should see if I can get him to hook me up with the info required. I might be able to do that at GDC. (sometimes it's hard to reach him by email cause he's doing crazy Spelunky stuff)
So far heard nothing new about this. Update plz? :-X
EDIT: Sent spam, got reply, yay! ^-^
-
Spam's a lot better for a few days, thanks Derek? :)
-
Oh oh.
| Monthly Summary - | New Topics - | New Posts - | New Members - | Most Online - |
| 2011-04-04 | 3 | 19 | 437 | 180 |
| 2011-04-05 | 0 | 19 | 519 | 73 |
| 2011-04-06 | 3 | 15 | 1327 | 93 |
Looks like another spammer found the forum... (and more bots have a different naming pattern now.)
Oh c'mon, time to stop the exponential growth? Derek? *poke* :o
-
Yes, please, Derek. BTW my belief is that a neat CLOSET is the sign of a sick mind....
-
My closet is very neat, and I'm perfectly sane!...I hope.
-
My closet is very neat, and I'm perfectly sane!...I hope.
Mine too!
--although admittedly that may be due in part to the fact that it is empty, because all of my clothing is draped over chairs and I haven't gotten around to ironing it yet.
-
Hey, everyone! Sorry about all the spam. I'm going to set aside some time soon to upgrade the forums and install some anti-spam stuff.
I will update this thread once I've done so.
-
Sweetness!
-
Awesome! :D
-
Alright, done. Let me know if the situation improves. :)
-
Thanks a lot!
*loves and praises Derek*
(Huh, new smileys :P)
-
There's new smilies?
Also awesome on the spam thing.
I see another one just registered and posted some spam, but let's hope it'll become way less.
-
Yeah, sorry, it seems like some of the froggy smilies got replaced in the upgrade. :(
I'm pretty sure some of these spammers are actually human. Or at least they use human beings to register.
-
There are still some registering, either they are humans, or they know how to use search engines, and parse the answers for the registration questions from the results.
(Afaik you could enter fulltext questions to google....)
Not sure if the 2 questions boxes are really that effective. Well i hope they are.
@Derek: What about more mods? :P
EDIT: Ah, same thought, cool. Damn humans.
EDIT2: Just another thought, if someone wanted to specifically target and flood this forum, it is still easily possible to hardcode the answers to these questions. Nevermind my paranoia though.
-
Oddly enough, at some other forums I visit, there are adbots increasing in numbers despite captchas and recaptchas.
And some of them even quote other replies in a thread, and make it seem that they've posted it themselves. I really do think these are humans that are spamming.
-
Thanks Derek! :)
And some of them even quote other replies in a thread, and make it seem that they've posted it themselves.
They are the most tricky ones. Luckily I am good at remembering posts/writing styles and so I (nearly?) always get them. :) Usually it is the first or second reply in the same topic, though...
-
Seems to have dropped off the map recently!
-
I'm just saying this now, after a long time of silence there's a new wave of spam incoming. I'm currently deleting ~10 spam topics per day and banning the bots behind them, hope it doesn't get more...
Would be nice if someone did something against it.
-
If non-admins had the ability to "flag as spam" it might be easier to sort through at the very least. I've also seen forums where, before creating a thread, you need to answer a simple question related to said forums. As an example, we could use: "What is the name of the protagonist?".
Other than that, I don't see how it can be limited.
-
I'm just saying this now, after a long time of silence there's a new wave of spam incoming. I'm currently deleting ~10 spam topics per day and banning the bots behind them, hope it doesn't get more...
Would be nice if someone did something against it.
yeah, me too... No idea what to do, though...
-
If non-admins had the ability to "flag as spam" it might be easier to sort through at the very least.
This would not be useful. I'm using the forum's RSS feed so my PC makes the sound of truck when someone posts and i'm like YAAY SPAMS TO BAN.
I've also seen forums where, before creating a thread, you need to answer a simple question related to said forums. As an example, we could use: "What is the name of the protagonist?".
This was exactly what used to be there all the time, since ~2011, when the first big spam wave started.
Other than that, I don't see how it can be limited.
Seems that they moved hosts, as some subdirs that were on the server are no longer there, the forum member list is back (it was an empty page before), and the forum's version number jumped from 1.1.17 to 1.1.19. So apparently whatever spam protection was there got lost during the move.
That said, the questions require to register were a bad choice imho.
I know of enough people who were initially unable to register because they were not able to spell "independent" right, apparently.
I had sent a nice SMF registration antispam plugin to derek back in the days but apparently it wasn't good enough or dunno.
I'm also worried about the wordpress version used for the blog. It's kinda old, and the exploit list available is quite long.
yeah, me too... No idea what to do, though...
Mmm.. Try to use an exploit to get in, and apply some extra security this way? >:D
If i had the chance i'd certainly patch the thing for good.
But no, better not this way.
-
So, we're now at
108 123 spam posts within a short time. Any chance for some antispam? I'm sick of deleting this shit and banning half of the internet by IP, and stopped doing so few days ago because it's a useless effort.
Someone could at least give me the right to delete users with all their posts, I'm kinda lazy to remove every single spam post manually.
EDIT: Plus here's a possible solution for the bandwidth outage problem near the end of a month. SMF is actually stupid enough to deliver a captcha image with text that doesn't change. So spambots can keep requesting new captcha images over and over and will eventually be able to solve the challenge, wasting bandwidth in the process. There's Bad behavior SMF mod (http://custom.simplemachines.org/mods/index.php?mod=2502) which will prevent spambots from actually seeing the site they requested (wasting even less bandwidth).
-
Oh, the irony of spam posts in the spam thread...
-
Oh, the irony of spam posts in the spam thread...
It's brutal.
-
I'm working on getting the necessary attention, dw :D
EDIT: Deleting this load is of no use, so i'm not doing it (for now). The spam will come back anyway.
EDIT2: Heh, at least there's no spam bots on IRC ::)
-
Added the registration questions back, which should cut down on most of the spam. I'll add the other mods if it doesn't. All the existing spam has been deleted (that was a lot!).
And if the site goes down again this month, let me know, and I'll upgrade the hosting.
-
Thank you Derek! Let's see how it goes.
-
We hit the execution limit on our hosting again, so I upgraded it. Shouldn't happen again.