Recent problems with spambots

[Phil]

our own spam detector is up for revision. All spam that passes through is added in our database, and we use it do adapt the filter to be more secure in the future.

You're wasting resources with that.

Content-filtering is never a good idea, because spammers (the ones who program these automated scripts) are more intelligent. The days are over when spam used to equal "viagra" and you could simply block anything with that inside the headline. Spam now days is sophisticated and uses text that is indistinguishable [to a script/filter] from coherent human written text. Using a content-filter is therefore a waste of time and resources.

But there's good news too. Forum spam is the most easy task to solve. Why?

Can you create a new topic without a user account? >No< [check]
Can you create polls without a user account? >No< [check]
Can you post in a topic without a user account? >No< [check]
Is there anything you can to, besides lurking (reading) without a user account? >No< [check]

Therefore, we can conclude that to do anything on this site that might cause some form of grief/annoyance/damage/whatever, you need a valid user account.

Therefore, the solution is simple:

1.) Use a better question at the registration processs (simply change the question).
2.) Use an additional captcha.
3.) the most basic simple solution: make user accounts inactive until activated by a moderator or admin.
4.) I assume a valid email address (valid and authenticated, e.g. by sending the password or an activation key to that email address) is already mandatory to actually activate your user account before being able to post is already a requirement??

Point 3 is the most basic one. If a moderator doesn't see enough to distinguish if it's legit or not, then point 1 or 2 may be required. Another way to solve; Add a field at the registration process on why the person wants to register to this site. Or to name their interests. Any coherent text in this field is probably from a human, not a bot.

Irregardless, checking user accounts before hand probably is a much smaller task than checking posts for possible spam content. Eradicate the fake user accounts, you eradicate the unwanted posts.

[rjsa]

Well, I understand spamming with links, but all that other crap with bogus text... I don't see the point, and I guess I'll never understand it.

These are bots. People do it because they can, they are just honing their code on us.

[BanMeToo]

4.) I assume a valid email address (valid and authenticated, e.g. by sending the password or an activation key to that email address) is already mandatory to actually activate your user account before being able to post is already a requirement??

Actually I don't think you get an activation link when you reg here.

e:

Bots chatting among themselves. I've seen it all.

I had quite a chuckle at that haha

[Steven]

1.) Use a better question at the registration processs (simply change the question).
2.) Use an additional captcha.
3.) the most basic simple solution: make user accounts inactive until activated by a moderator or admin.
4.) I assume a valid email address (valid and authenticated, e.g. by sending the password or an activation key to that email address) is already mandatory to actually activate your user account before being able to post is already a requirement?

1) Any suggestions?
2) Will be far better after site update
3) Impossible. A lot of users will slip through, because most spammers only add link signatures after posting. The obvious spamwords in usernames and emails are already caught, while temporary email domains are blocked already as well

4.) I assume a valid email address (valid and authenticated, e.g. by sending the password or an activation key to that email address) is already mandatory to actually activate your user account before being able to post is already a requirement??

Actually I don't think you get an activation link when you reg here.

Yes you do

[rjsa]

(1) Any suggestions?

Don't know if you heard of this? http://nomorecaptchas.com/

[Phil]

1) Any suggestions?

Anything.

The important thing to realize is that it's just a bot. A bot being a program, a script, a piece of logic that has ZERO ounce of intelligence. It can only do, what it is programmed to do. This is for the most part, searching the web, parsing the source code and looking for '<form method...>...</form>' inside it to realize there is a form. When it finds it, it looks for what text inputfields are there (you know, the boxes we use to enter something inside our browser on a webpage) and then they simply enter what ever they were programmed to enter and send it via POST method. Voila.

Most of the time, if the inputfields are some kind of login screen, like to an administration page, the bot will use some kind of bruteforce attempt to 'crack' the username and password. It will simply try various different combinations, more or less default known passwords or simple combinations. It will do this on a regular basis. When you do this on thousands of sites within a day, a week, a month whatever (it can, because noone physically is sitting behind the computer doing anything, the bot is entirely automated). You will find that with that many pages, the odds are actually that occasionally, a bot will actually find the right combination and voila, the site/account is hacked and access is gained.

The core thing here to realize is that bots are designed to attack and abuse as many forms on as many different websites as possible. Therefore, it is rarely a specific programmed bot for *your* unique site, like f1technical.net. Your site, is but many, that is actually 'attacked'.

So if you simply change the first control question to anything 'new' - chances are it will block every bot until someone actually goes and reprograms their little bot to solve the new question. If one of these spammers is an active F1 reader, then the odds are this will happen quickly. If it isn't, then you may have some piece and quiet for some time.

Just remember; The bot is inherently stupid. It doesn't understand the question you are putting there at your registration form. It just knows that there is a field and it will enter different phrases, words whatever and hit enter so many times until it succeeds with one of them. So, changing it to anything will likely result in some form of success.

If it doesn't - then you either are dealing with a bot that is updated frequently (and that someone is reading your forums), or the bots are coming through by some other means, security flaw, unprotected form or something.

[Steven]

So, I have replaced the anti-spam questions upon registration with new ones.
Sadly, the epic Betrand Gachot question has thereby been removed.

Hope the new ones prove a bit more effective.
At least they show no results in my tests on google.

EDIT: Interesting, in 2 days, not a single spam registration
I also deleted nearly 800 sleeping spamusers in our database

[Steven]

So, I have restored the previous anti-spam questions, as it turns out they are far more effective than Google's reCaptha.
Who would've thought that

[Mr.G]

Hi Steven, I use on my forum this extension - so far no problems and it's more user friendly, you just need to drag and drop from left to the right the correct words. https://www.phpbb.com/customise/db/mod/ ... ha_plugin/