October 22, 2017, 03:14:31 am
News:
Pages: [1]
Print
Author Topic: Spam problems, and what's been/being done  (Read 2009 times)
greyback
Administrator
Hero Member
*****
Posts: 1639


View Profile
« on: January 10, 2011, 06:18:26 pm »

Hi all,
regular members of these forums will have noticed that we've developed a bit of a spam problem here.

To tackle this, I have installed a spam honeypot with Project Honey Pot, and all registrations and posts are verified from this. It won't stop all spam, but should lower it considerably.

Somehow the captcha on registration is not having much of an effect, as there are over 34,000 accounts here which I suspect as fake - some have spam in their profiles, and all have made zero posts. Some have not even been registered by the forum as having viewed a page!

So let's see if spam is affected. If not, I'll try something else.

Also I'm to delete those 34,000+ spam accounts. I'm going to run them through the honeypot for any obvious ones, but probably will delete all accounts with zero posts, as it's easier Smiley Now's your chance to make a post & introduce yourself!

Comments and criticisms welcome
-G
Logged
greyback
Administrator
Hero Member
*****
Posts: 1639


View Profile
« Reply #1 on: January 11, 2011, 08:23:19 am »

Well since I set up the additional anti-spam system last night, 245 spammers have been stopped! That's a lot for 12 hours.

However new fraudulent accounts are still being created, still at a high rate Sad
I find it hard to believe the captcha is so ineffective. Anybody have any ideas?

There must be a flaw in the registration system. I'll have to dig deeper.
-G
Logged
heyrick
Global Moderator
Sr. Member
*****
Posts: 340



View Profile WWW
« Reply #2 on: January 11, 2011, 06:39:43 pm »


A rather impressive bug in SMF, it might be patched in your version:
http://www.simplemachines.org/community/index.php?topic=309741.0

How 4chan hacked recaptcha:
http://musicmachinery.com/2009/04/27/moot-wins-time-inc-loses/
(plus some interesting info on how recaptcha works)

Can't see any obvious "exploit" code for SMF 1.1.12. Are you sure one of the PHP scripts itself hasn't been compromised by an earlier hack?

Otherwise, can you hang an IP tracer on the new user reg code? Could be interesting to see if the signups are coming from specific places.


Best wishes,

Rick.
Logged
ChadV
Administrator
Hero Member
*****
Posts: 1611


View Profile WWW
« Reply #3 on: January 12, 2011, 05:10:23 pm »

I'm not seeing any particular trend in IP addresses, but I've not been paying THAT much attention...
Logged
Pages: [1]
Print
Jump to: