PDA

View Full Version : Attention All Users Of All Net Tools



Moonbat
05-02-2008, 11:19 PM
We are getting a rather large wave of spam. It's been like this since early April. I have contacted D.Parker about the issue, mainly because many of these usernames are coming from the same IPs. There are usually 2-* usernames with each IP address, then a new one is used.

I am getting the feeling these spammers are controlled by a botnet. The symptoms seem to fit:

The same message(s) regardless of IP

We are being (as far as I know) specifically targeted, probably due to our popularity on search engines. I believe this because unlike most spam, which is "hit and run" usually *-2 messages, we've been getting hit for over a month now.

The names seem to be generated from a program that uses keywords related to the topic. For example, the IP 5*.*7*.***.47 has * accounts, tibiaking2008, tibiakings, and tibiagamegold. It seems like a program just generated usernames and registered the ones that worked

The IPs seem to be coming from similar ranges. For example, the users Lifetibia and lifetibiarlz have IPs 20*.*6.*07.**5 and 20*.*6.*04.*5* respectively. From this I can assume that some sort of bot server.exe program was spread to users of a certain region, in this case Latin America, and most likely to users of the same ISP. Also, the IP I posted in point * (5*.*7*.***.47) is on the same IP range as another spammer who registered two accounts under the IP 5*.*74.65.*55. Both come from the Asia Pacific region, and probably the same ISP.

I believe this is a botnet. So how do we stop it? First of all, I need to highlight a point:

We are not getting anywhere banning usernames

Multiple usernames under the same IP, using many IPs. If all we have in our arsenal is banning usernames, we will never stop this spam. We will stop the problem for a day, maybe two at the most. But it will not go away. It hasn't gone away since it started in early April, and I doubt it will go away now.

We have a few options.

We can get more moderators to continue banning usernames
The active moderators can get temporary admin powers to ban IPs or IP ranges
The existing admins can become more active and ban IPs
The existing admins can ban entire IP ranges

I have two nominations for moderators. JayT and gordo. JayT joined around August 2007 and has posted many informative posts in the Programming section, and seems to have enough maturity to be a mod. gordo has been around since April 2007 and has helped people a lot, and has a lot of patience. He is also mature enough in my eyes to be a mod. If the other mods/admins agree, I'd support JayT and gordo becoming moderators. If we can't ban IPs, the least we could do is get more mods to ban usernames

The second option is to endow the mods with temporary admin powers so we can ban IPs. This option is here because many of the people with admin powers aren't very active, and I can understand that. So this would make life easier if we could ban IPs. I know some admins will look at this and think that I just want admin status just to have power, but that isn't the case. Notice I said 'temporary'. I just want to stop this problem of spam. I would gladly give up admin status after the problem goes away. This option would be good, not sure how effective it will be, but I can guarantee that the spam will decrease a lot more if we can ban IPs.

The third option is for the admins to become more active and ban IPs. I doubt this strategy will work because I'm sure that the admins are preoccupied with real life work/other and cannot be as active. I am not trying to bad-mouth or disrespect any admins due to their lack of activity; I just want to be realistic. We can't depend on admins such as Elias or Admin who haven't logged on since 2004 to help us stop this spam problem. D.Parker is the most active out of the admins, and even he can't always login every day.

If by chance we decide to take the third option and the admins become more active, we have another option in addition to IP banning. We can ban whole IP ranges. I personally don't think this is a good idea because you'll be cutting off access to many legitimate users, but if the problem gets worse we'll have no choice but to block entire ranges.

So the point of this thread is to do two things:
a) Decide whether or not this is a botnet
b)Pick one of the options from above

My choice is a mixture of * and *. I want JayT and gordo to become mods. We mods will ban usernames and assemble lists of IPs who are spammers. Once a week or so, the admins will login and we will give them the lists. They will ban the IPs. We will continue as such.

I'm sure the admins can take one day out of the week to log in to ban a list of IPs that we mods will make. This seems like a practical idea.

Anyway, discuss.

Moonbat
06-10-2008, 05:02 PM
As an update, we are getting hit with a wave of pedophile spam, and other sexual spam that seems to be targeting stickied threads and threads with good ratings on the search engines.

This thread was meant just for mods and admins, but since I haven't gotten any feedback yet about this issue from any of them, I have decided to make it public.

gordo
06-10-2008, 05:11 PM
Thanks for your recommendation Moonbat. Although my computer skills are not much,I can be here every day for awhile and I will help if I can.

nozf3r4tu
06-11-2008, 02:01 AM
Gordo has my vote,not only he will do a good job,but personally trust him as far as been fair with the rest of users.

Ezekiel
06-11-2008, 04:52 PM
This site just needs a better CAPTCHA system; nothing more. Perhaps the web****** could be convinced to upgrade the forum to a post-millennium version.

Moonbat
06-11-2008, 04:57 PM
This site just needs a better CAPTCHA system; nothing more. Perhaps the web****** could be convinced to upgrade the forum to a post-millennium version.
I thought writing an essay and using different colors would be better :D

But yeah, a better CAPTCHA would help. But it's only a matter of time before a program adapts to the new CAPTCHA.

We are pretty much at a standstill until the admins do something. I just brought this up to let people know that I personally am trying to anything I can to fix the situation.

Ezekiel
06-11-2008, 05:06 PM
But yeah, a better CAPTCHA would help. But it's only a matter of time before a program adapts to the new CAPTCHA.

Not if we used something like the ridiculous one on Rapidshare where you have to enter only the letters with cats sitting on them.

This website's been pretty much static since 2004 though, so it's a bit unlikely.

Moonbat
06-11-2008, 05:35 PM
Not if we used something like the ridiculous one on Rapidshare where you have to enter only the letters with cats sitting on them.
I remember when they first started using that, it was pretty funny, creative, and most of all, it worked. Even mangaed to keep some humans out, namely myself :p

I'm assuming you've seen the fake RapidShare CAPTCHA with Riemann's Hypothesis right? That was funny, but it got old after I saw it posted everywhere.

sunnys7
06-15-2008, 06:30 AM
what ever you said is correct even Gordo has my vote, yes he being fair with all the users.
==========================================
phani

Put The Message Where It Matters! A New Way To Advertise On Social Networks!

http://www.widecircles.com

frankiben123
06-29-2009, 10:56 AM
thanks....nice post.....


sales *****ing software (http://sales*****ingsoftware.org)

jonny0009
07-23-2009, 01:06 AM
make mee a moderatorrrrr. =} lol. jkjk. doesnt matter. xD

minaadel1994
07-25-2009, 05:14 AM
I think Admins should give the Moderators the ip ban command , since this issue will lagg YOUR server and take database space needed for other important things (if you're using your database) , assigning more mods is good also to provide more order and make the forum a bit smoother.... because this isn't the only issue , virus posters are everywhere too :P since you're a popular site then you should consider this :-)

Moonbat
07-26-2009, 12:33 PM
We've requested IP ban powers before, but the requests have never been answered. I think the only way to IP ban is to actually be an Administrator, and I don't think the other administrators want to give us the Administrator access.

VirusFlyTrap
10-05-2009, 04:17 AM
Im not really good at this sort of stuff, but can't you get programs that stop spam for you? Probably not that effective though. I personally think captcha is a nuisance, but if it stops spam I can live with it.:rolleyes:

subhylut
10-26-2009, 10:11 PM
It hasn't gone away since it started in early April, and I doubt it will go away now.

Sarien
10-28-2009, 09:54 AM
I would recommend looking into an http blacklist such as
http://www.projecthoneypot.org/httpbl_api.php

I utilize this project for my personal forums to verify the authenticity of an ip and whether it has been associated with spam/dictionary attacks/comment spammers. The project has been very beneficial and may prove to be an extraordinary tool to combat the issue.

I'm not in any way affiliated with the site, I'm just grateful it's there.

Alyazi
10-31-2009, 01:34 PM
actually, I only heard about this website through a broad casted instant message in my black berry which talks about the thread of the Saudi Man who doesn't speak English well. IT MADE ME LAUGH SO HARD!!!!!!

You need to adv for this website more often.. and do not put so many rules :P it just reminds me of our attendance gates in our company :PPP VERY SUFFOCATING :p

Moonbat
11-01-2009, 11:46 AM
Sorry I have to close this thread, but the issue in the thread (regarding spam) isn't really an issue anymore so this thread isn't really useful.