Anti spamming techniques.

Quantum Quack

Quantum Quack

Life's a tease...
Valued Senior Member
After a recent spate of spamming has any one suggested the possibility of the first 3 to 6 posts of any new member being subject to moderation before posting?
I believe most popular forum software apps have this provision.
Even moderating the first post only before allowing subsequent posts will stop most robotic spamming
 
James R said:
We certainly need to solve this problem.
Click to expand...
The server load due to the latest one that I am aware of would be quite significant. Fortunately it was only one poster. If Sciforums was inundated with numerous spammers simultaneously it will shut the board down entirely and possibly destroy the archives...Called flooding and not to deliver spam but more to destroy a web sites function and blow the data storage facilitation. From experience it can take as little as about 10 minutes in total.
So I would strongly recommend an immediate 1 post trial period for all new members. Until some other way is worked out. I hope my suggestion is not an over reaction.
According to one security expert I subscribe to, it only cost about $50 usd for any person to organise a "killing" if so inclined
summary:
  • moderate first posts
  • Set a size limit to post to not exceed 1000 characters
  • Install captcha security on registration form.
  • Ensure server has anti-flood provisions.
If you wish to move this post I would fully understand.
 
Basically as the security guy said,
"every obstacle you place in the way of a "hacking" increases the cost associated with the desire to damage a web site"
Simply introducing a one [first] post moderation puts the cost of "hacking" into a much higher cost bracket making it generally too expensive for non-commercial return attacks.
 
Quantum Quack said:
Simply introducing a one [first] post moderation puts the cost of "hacking" into a much higher cost bracket making it generally too expensive for non-commercial return attacks.
Click to expand...
Some forums moderate the first 3 posts (Moderation Que). In addition, no active links allowed until the 4th post.

> Make sure the Captcha program is the newest generation
> Require a human response (i.e. - 12+9=?)
> Shared IP alerts. Program such alerts to be auto-sent to a hidden forum visible to moderators
> There is a vB hack (program) called GloHost that will recognize many spam bots via email addy (a shared pool database)
 
There was one forum that had a tough cryptic statement to solve...maybe I shall find it and post it here cause I have no idea how to decipher it...[chuckle]
Ie. one word required as a solution. "Roses are blue, violets are pink, love is new so what are you?" only one solution to succeed. [this is not a test as I just made it up...]
 
The recent problem is an ongoing battle, it's part of the problem of using a commercially available software solution for form software and being a forum with a predominant footprint and history to search engines. Some of the problems have actually been down to small misconfigurations in regards to the new forum build which should currently be fixed (considering I have no eyes on, it's difficult to say other than what has been stated in memo's)

CAPTCHA's are obviously great when defeating the vast robot hordes, however due to economic down-turning there are actually "Humans" out there that are sad enough to spam forums to make extra cash or "Survive", CAPTCHA's aren't suppose to stop humans otherwise we'd just lock the forum completely.

The main problem is of course "sleeper accounts" accounts that never posted but were able to be created, while they might not have broken rules, they could still be a way in for any spammer in the future. So It's likely that there needs to be a policy change in regards to how the forums handles old accounts and 0 post accounts, perhaps deleting them after a set period of inactivity and reallowing the more humanised forms of username to be put back into the pool of potential usernames.
 
Old tried and tested methods:
  • Restrict links for new users until post 10 (was 20)
  • Upgraded CAPTCHA (done apparently)
  • Clandestine user tests (The problem with this is such tests likely fall under the legislation of "Cookies" and "User Privacy", it should be made to be understood that every person that joins this forum or is active on this forum will have small amounts of data occasionally processed on them to identify their legitimacy, this doesn't mean we learn your name and address, where you eat on a sunday or how many toes you have on your left foot, thats left for people searching facebook entries)
  • Banning of untrusted (Mostly anonymous) proxies (Proxies can be set up by botnet hosters to gain access to forums through peoples legitimate accounts, after all if legitimate access comes from an address, how do you detect the illegitimate traffic?)
  • Use HTTPS/SSL for website access. (This increases server load a little due to the crypto-process but reduces some types of x-scripting attacks and decreases endpoint spoofiing.)

There are of course dozens of mod's for the software to do many of these and other things, however the problem with mod's is firstly they aren't always kept up to date and secondly they aren't necessarily produced by competent or trusted programmers, so you can actually install something that increases problems rather than decreasing them. So it's definitely something that the dev's have to analyse before using.
 
Some forums require moderator authorisation prior to publication for "newbies"
In this case though [re: recent spamming] a delay of 20 minutes between posts for the first 20 posts may be a great start. At least the spam could be caught with the first 2 or 3 posts.
I am pretty sure VB Bulletin Board has this option in the Control panel somewhere. [or something very like it]
 
In honesty QQ, It would be possible to allow people to post straight away with no timing delay, however it requires one of the Dev's to actually configure it. Heck I could fix the problems if I had the priv's however I don't which is a bit of pain. It's agonising to see itches that need to be scratched and not be empowered enough to do so, so instead we are just left with this irritable body, throwing itself around in some fit to alleviate what's causing the distress but not actually getting anywhere with it.
 
Stryder said:
In honesty QQ, It would be possible to allow people to post straight away with no timing delay, however it requires one of the Dev's to actually configure it. Heck I could fix the problems if I had the priv's however I don't which is a bit of pain. It's agonising to see itches that need to be scratched and not be empowered enough to do so, so instead we are just left with this irritable body, throwing itself around in some fit to alleviate what's causing the distress but not actually getting anywhere with it.
Click to expand...
In some ways what you are expressing is actually a good thing... it shows as other posters are also showing a keen interest in the welfare of the forum.
My main concern is that the site dev. do not make the mistake of underestimating the potential threat this spamming poses if a flood occurs.
Last night two usernames appeared [that I noticed] one after the other both delivering relatively small volumes of spam. The concern is that the dev. realise what would happen if say 100 usernames delivered a large volume of spam and then consider that the numbers are merely abstract as the generation of spamming usenames can be severe. example : say an indefinite number of spamming usernames is generated. As many as they can before the site dev. stops registration. The possibility to flood the board appears to exist and that is why I started this thread.
I visited one forum that had been flooded as the owner had left the forum for a few days for a holiday. A huge number of posts like in the vacinity of 30,000 + had rendered the entire forum unworkable. I guess the admin had a huge task of deleteing all the spammer usernames labourously one by one which probably numbered in the thousands. His best option was either back up if he had a valid [no sleeper usernames] one or abandon the forum and start again.

I have about 6 or so empty forums uploaded [Kunena] that have no main menu links waiting for publication as they are preinstalled in a web software package I developed. These are hit on a regular basis with bots possibly Vandex style bots that register numerous accounts and immediately spam those fora. To stop this I had to change the fora settings to reject registrations completely, install an intrusion monitor and lodge a intrusion report upon all attacks to the software.
Also worth considering the number of spamming emails this forum generates to all those subscribed to the various threads and topics. Last night I recieved I think about 8 emails spamming me from sciforums.

If a flood occurs millions of email spamming messages could be sent out to members before the server was shut down.

I guess what I am saying is, as you Stryder, are already well aware of, is that the use of robotic crawlers [ie. Yandex and other] with malicious intent means that it is easy to underestimate the potential and severity of a bot attack if a weakness if found.

And the worst part from a global perspective, is that these bots were probably started years ago and forgotten about... simply a rogue with out governance untill someone actually manages to work out how to turn them off. Blocking is one thing but to remove them from the web entirely is another.
 
You can apply an abstraction of "Moore's law" to the problem. As time marches on, the bot army increases in size, while trends for human interaction through devices with in-house applications threaten's the number of available "Human" members to forums such as this.

One of the main things that is key at the moment is that the Dev's keep the forum "Backed up", because while these problems aren't addressed, should the worst happen, a roll-back will be possible.

Like I've mentioned elsewhere I know a few dozen methods of stopping bots and abusers to forums, for the most part it doesn't require installing third-party applications, it just means understanding better methods of configuration.

For instance a decent installation of an Apache webserver configured with a number of Mod's can greatly undermine bots, coupled with personalised scripts, it can allow autobanning of entire IP ranges if needed and respond to bots with bogus data, since the reason bot's are almost viral in nature is their bot masters attempt to polymorph their code to any would be attempts to stop them. So if the bot isn't seeing a block or retaliation attempt and think it's fullfulling their obligation, it will likely mean they won't recode their bot since it's not outputting "errors".
 
You must log in or register to reply here.
Back
Top