I can remember UseNet when it was a viable communications tool much like today's forums. It was destroyed by spamming that started with a couple of lawyers in Arizona who dreamed up the idea of "Free" advertising. It not them somebody else would have figured it out sooner or later.

There were methods of spam reduction, in particular a guy in Oklahoma who acted like the Dutch boy with his finger in the dike. He eventually burned out. I was one of his unpaid helpers.

The real culprit was the indifference of those who hosted UseNet servers. That and way too many techs who were too busy with their own deals.

As email spam activity gets less, and it is with filters getting more and more sophisticated, and legal deals that do not cover forum spam, spammers have been turning more and more to the tens of thousands of forums, chat rooms, and even guest books to do their thing.

Since 2008, the site www.stopforumspam.com has been proactive in storing spammer IP and email addresses. Since 2008. . .and the list is almost two million strong.

Their current project is something called a "hostile networks list." This is going to be a long post anyway, so I will tell the story.

Indians are getting active in spam activities. Cheap, English speaking labor, is used to get around captcha and email verification techniques. We have thrown three out in the past week or so. They post junk and have a signature that leads to some site or the other. As an example, one led to a site www.mrage-license - site name distorted on purpose.

That site is an email harvesting site. Digging around on the site, you can find a disclaimer about what they do with the emails they harvest when people click to find out about licensing information in their states.

While they are on the site, the Indians harvest any email address they can see, including admin addresses and those who have their email in their signature. Yea, that one is illegal.

When we detect a spammer, we copy their posts, ban their IP and email addresses, then list what we found on SFS. Yes it takes time. More on this down the page.

Then we turn them in to the abuse@ address for their ISP and the same with whoever is hosting the site they are trying to advertise. Yes it take time. More on this down the page.

Rackspace, a major hosting operation, after nagging them including an email to their executive offices, finally said they would do nothing because with the disclaimer, there was no violation of their AUP. Beltch. . .

To which I replied, "So, if I understand what you are saying, you are willing to host sites that violate the AUP of other sites, so long as they do not violate yours?' In other words, one of their customers advertises its site by spamming, and Rackspace does nothing. Eventually, we will "Get" Rack space through the introduction of the "Hostile Network list."

If someone wants the procedure list I created so some of our other admins could help, I will post it here. It includes what to say and how to say it.

The issue I have is twofold.

How many of you help by taking the three steps to rat out a spammer? Yea I suspect all will ban them, but how many turn the IP and email addresses in to SFS, then abuse@ for both the ISP of the spammer and hosting company for the advertised site?

Frankly, if you don't, you are part of the problem, not part of the solution.

Apathy and/or not enough time in a day killed UseNet.

Secondly, what is the prognosis for a plug in between UBB and SFS? That would save a bunch of time, which is the reality of why more admins don't do all they can to help stop spam.

Perhaps there is one and I am just unaware of it. Perhaps there is one upcoming in V8, which will certainly speed up our adoption of that upgrade.

If you take the time to read through SFS, you will find stuff like Munge and TOR networks and other things that I understand maybe 25% of, like htaccess?.

And all of it is based on somebody out there reporting attacks. You can bet I am going to try to understand all of what they are talking about because we might be next.

It is gonna get worse. Been there, got the tee-short that says, "UseNet, RIP."

Larry
www.marriageadvocates.com

When I approve new registrations, I manually run every IP address through SFS. When a spammer gets through the registration process, I report them on SFS. I do not report them to their ISP.

If anyone replies to my post, just for giggles, could you please tell us how many spammers you are dealing with a week.

We are averaging three or four.

Larry
www.marriageadvocates.com

I'll say less than one per month. I go through about 100 new registrations per week.

I don't have hard numbers, though.

I am impressed with your registrations. You do more in a week that we do in a month at this point in our growth. Yet we are getting more than our fair share of spammers - 7 in the past 10 days.

Larry

I manually approve registrations. (7-10 a day)

If I don't like the look of their occupation field, display name or email address - they go in the bin. I have had maybe 2 or 3 people contact me (in ten years) wondering why they weren't approved.

The result is only a handful of spammers in my forums entire history.

I used to get a lot of new registrations posting unofficial ads or sneaking links in to tutorials. The good thing about it was they were all from China and India so I just completely blocked IP addresses from those areas. Needless to say that this practice has more or less completely stopped now because of this.

I don't get any abstract spam at all though and never have.

I only got an increase in spam when I first opened facebook and twitter links... I only have about 4500 people registered on my boards and out of those only like 20 actually post consistently...so I am not a real busy board like some of you...but my boards are specifically for one group of people to keep in contact with each other and not really much more... so my needs/wants etc. are different.. not really attractive to spammers

Dunny

I don't think spammers differentiate between board types.

I have seen totally dead forums apammed into oblivion.

An example... I used to visit a support site (modded there for a while).

Admin installed new software but got distracted and now the site is unusable -- 19422 posts like this... знакомства в петрозаводске и карелии. Well, that and a considerable amount of postings relating to more 'unsavoury' topics

I counted 11 forum software programs that someone has written a plug in for that automates reporting to SFS.

Bunch of other stuff there that looks useful as well, on the resources - mods and plugins page.

As information, the Indian group is just now rolling out their product, which we have learned is a cut rate SEO enhancement deal and their main purpose is to somehow drops links into sites.

Larry

I'm looking at the possibility of doing a mod, but there is a really big limitation...

Stop Forum Spam only allows you to do 5k lookups per day... So if you say integrated 3 searches per user in the member search lookup in the control panel (last post IP, signup IP, email) that's 3 searches per user, at 26 users per page, you're going to hit that limit fast...

That doesn't even cover the "view user" or the "registration queue" pages in the CP... Let alone a signup check...

So I ask, what do you HAVE to have...

I generally only use it for new registrations that I am approving, and sometimes I'll check a suspicious user that I notice.

Gizom, by no means have I finished analyzing all the stuff over on SFS. Heck I don't understand a lot of it.

From what I gather, the purpose is to keep miscreants out and report them as opposed to doing analytical work within. On the other hand, they care about site-scraping, bot detection and the upcoming deal, that is apparently going to be hostile network list, a manual deal.

One of the active programmers over there, or maybe two, has a reporting tool(s?) that looks neat.

For sure, they like additional reports on those who would spam.

I suspect if you posted your concerns either in the registered members only section, one of the long timers or pedigree himself would give you some answers. They seem really helpful to folks who are writing tools for forum software upgrades.

If I were capable of writing a plug in, and I am not longer capable, this is probably what I would do:

1. Do everything as a control panel function, including report calls.

2. Scan existing membership. Ask Pedigree for permission to do more than 5K day for that purpose. Ask if IP and email address are two different inquiries or the same for 5K purposes.

In any event, look up existing IP addresses and email against SFS database.

I really don't see a need to go back over a year with that scan, the purpose of which is to detect and isolate stealth bombers waiting to be activated.

If Pedigree does not agree, then write for 2K/day or whatever until the list of users is complete. That could be manual.

3. Tag existing members found in the database and run the report for admin action.

4. Look up all incoming registrations against SFS database, tag those that match.

5. Recommend one of the report tools. Maybe even integrate it.

Heck best I can do.

Larry
www.marriageadvocates.com

Well, to report to them you'll need an API key, and I'm really not interested in that portion for the time being... I'm more interested in aiding you folks identify spammers...

It's not hard, in fact I know exactly how to do it, but I can think of several areas that'd need some love first (immediately, the registration queue and identifying spammers based on email/ip).

I think that it'd be best not to have a mod hook into the member search as larger forums will likely hit the limit (heck, 2k users would hit that limit just scrolling through 3 search types).

I'm thinking of having it only lookup "last ip" and "email" on the user profile screen in the CP and the registration queue, then probably look at the registration scripts to see about it just denying new signups if the user is listed in the filter.

I'm working with the profile page now, I'm thinking of just working with the "last post ip", "registration ip" (as the reg ip will be populated if they've never posted before), and the "real" email; I'm going to leave the username check (and pdn checked against that), the "public" email fields alone as to stay below their limitation of how many lookups you can do per day.

I'll likely tackle the reg queue the same way, but I'll need to work with it a bit..

Well, I have it working with the registration queue and edit user pages (It'll pop up a red bold ! with a link to SFS when a spammer is triggered).

If I do integrate the submission page (which I likely will, but I'll have an option for those who don't want to go hunt around to sign up for an API key and would rather just *see* they have a spammer and deal with them) it'll just be on the "edit user" screen in the CP.

If anyone wants to test what I have so far, take a look at v1 of the modification on UBBDev here.

Giz, I just tried it, with 100 new registrations in queue. I didn't time it, but it took a couple of minutes to run. Now, I seem to have a typo with a "br />", so I'm looking for that. I do see a red exclamation point or two, but I didn't click... I'm going to look at the typo now.

see attached...

I just looked at his code and didn't see any broken breaks. Did you by accident remove a <. There is only one spot that has breaks so it should be easy to find.

I looked at all code on the mod and every br is set correctly; I did "find and replace" versus "add" for a reason, so you can copy and paste lol...

And can we keep all support to the UBBDev thread please... Would like everything in one place.

Hah! I didn't say it was Giz's typo!

And I did "find and replace." But It's really late here...

All fixed now.

I'm disappointed to only have one "hit," and it looks like it's actually a legitimate registration.

Anyway, it seems to be working very well.

Thanks, Gizmo!

Mod updated with the ability to report users from their profile in the control panel.

I really have never had a problem with spammers on my site, except about 4. 3 just deleting and banning fixed, and 1 was an internal troll from the game that was just an a$$, so he was easy to fix. The three came from facebook. I disabled those links and I have not had a spammer since.

Dunny

Added the ability to do an IP check against the Stop Forum Spam database at signup; if their IP is detected then they're not allowed to sign up (see the screen at UBBDev for the error message portion).

How is this working out for everyone? Any changes wanted/needed?

It seems to be working for me as far as I can tell. I only had one so far and reported. I am still getting registrants so I can say the mod don't cause any conflicts with registrations.

As for the stopping them on sign up, I cant tell if it's been used. Maybe an alert when a registration is rejected can be added in??

The original is working fine here. I have not updated to the "report" version, and I'd rather reject them manually.

We have been delayed installing but will get it done next week.

As information, Xruner7 can break captcha and recaptcha, but not 3d captcha (yet).

In reading some of the blackhat seo threads and SFS, it would appear that "Internet Marketing" tools are getting better and better at what they do. I watched a demo of xRuner7, which costs 4 times what UBB does and it was amazing how many forums could be spammed in 15 minutes.

There has been an increase in forum spamming since the first of the year. Another scrapebot has been released and is gonna be in a forum near you - price is down in the $97 range.

I do not mean to be Chicken Little here. And I don't think I am. I was on the front lines of UseNet when it was invaded and I understand the profit motive that can drive the process.

And the lack of ethics. Heck, I was on Alexa earlier today and saw and ad for "Email Marketing." Alexa is owned by Amazon.

Larry

I used to get tons of spam but have made a few changes. New members on my forum need to have 30 posts before they can use html or UBB Code or signatures so they can't link. As well, they have to wait between 5 and 15 minutes between posts (depends on the forum).

I get very few spammers now and it doesn't seem to discourage legit members.