forum spam handling

[petzl]

9 hours ago, RobiBue said:

Apologies, but I do see a problem with that. I mean, this is a spam fighting forum, and if someone posts a question about a spam and the words include something that would be filtered, then the OP would have to wait until the admin frees it to the forum...

Just need to invoke a CAPCHA or what is 1+2 = or something similar
Anyone who can't work this out is not going to be a full quid
This forum is being destroyed by spammer static. Google can't search it efficiently and was a good anti-spam resource,

[Lking]

8 minutes ago, petzl said:

Just need to invoke a CAPCHA

we add one several months ago.  Sign out and then click the sign up button to see it.

[petzl]

2 hours ago, Lking said:

we add one several months ago.  Sign out and then click the sign up button to see it.

Not working it seems?

[gnarlymarley]

31 minutes ago, petzl said:

Not working it seems?

Nope, the capcha is not working.  I think it was only about two months ago that Richard increased the capcha challenge level.  Due to the typos and spaces, I don't think this is done by computer.  I think it is done by one or two humans.  If it is humans and you try to stop them with a capcha, you will  also stop legitimate forum users.

But then they have already developed AI on computers that can read any capcha more accurately than humans, so maybe it is a computer.  The "typos" as I call them appear to be when copying from a microsoft product where a space is sometimes added at the beginning or end.

[petzl]

16 hours ago, gnarlymarley said:

Nope, the capcha is not working

Just a check box I'm not a robot

[Lking]

9 minutes ago, petzl said:

Just a check box I'm not a robot

Well not working the way we expect.  (Surely did not block/slow down any spammers this morning!)

On the other hand when I checked earlier, I checked the box and got a series of 4 or 5 'find the traffic lights, car, bicycles'   Now it checks the box for me. So I tried changing my IP (moved VPN from Texas to Chicago).  Still didn't ask.  Cookies maybe?? It did seem to take a second to say I was OK - could be slow network or system was reading a cookie

At any rate, It is not significantly blocking spammers.  If my anecdotal test is true, a human gets passed the first one, and the bot can do the rest.

[petzl]

3 minutes ago, Lking said:

Well not working the way we expect.  (Surely did not block/slow down any spammers this morning!)

On the other hand when I checked earlier, I checked the box and got a series of 4 or 5 'find the traffic lights, car, bicycles'   Now it checks the box for me. So I tried changing my IP (moved VPN from Texas to Chicago).  Still didn't ask.  Cookies maybe?? It did seem to take a second to say I was OK - could be slow network or system was reading a cookie

At any rate, It is not significantly blocking spammers.  If my anecdotal test is true, a human gets passed the first one, and the bot can do the rest.

My bank has three fields, two need different passwords?
Maybe a solution, I read though you believe they are manually entered not by Bot?  

[Lking]

1 hour ago, petzl said:

believe they are manually entered not by Bot?

I was guessing. IF my experience today is indicative I just suggested that a human passes the  capcha then a bot takes over (using the same PC/IP) and creates several accounts to later post the spam.

I think there are several approaches in use.  1) A bot, does it all opens account, replies to the challenge email, and post spam.  (15min - hr between join and spam). 2) cheap labor does step 1 & 2, bot post spam.  3) Some poor sap does it all.  I think a signs of human are changing the photo, posting 'interest', 'about me', sex, location, etc.  But most spam accounts don't do anything except post one spam.

[petzl]

2 hours ago, Lking said:

I was guessing. IF my experience today is indicative

Yes I value your experience.
Signed out removed all cookies and passed the "captcha" test one click?

[RobiBue]

Oh dear, I think I created a monster 😉

I haven't been active recently. just been popping in occasionally (lately)...

Anyway, back to the discussion:

I do believe that the login in created by carbon entities who are promised a certain amount for every successful post

On 8/26/2019 at 10:02 PM, Lking said:

I was guessing. IF my experience today is indicative I just suggested that a human passes the  capcha then a bot takes over (using the same PC/IP) and creates several accounts to later post the spam.

I think there are several approaches in use.  1) A bot, does it all opens account, replies to the challenge email, and post spam.  (15min - hr between join and spam). 2) cheap labor does step 1 & 2, bot post spam.  3) Some poor sap does it all.  I think a signs of human are changing the photo, posting 'interest', 'about me', sex, location, etc.  But most spam accounts don't do anything except post one spam.

approach 1) I think it's too complicated, as there are too many diverse systems floating around.

approach 2) more likely, but still with the differences in the systems somewhat complicated to have bots do it right. although sometimes the resulting spam posts do seem incoherent at best.

approach 3) is IMNSHO the most likely scenario. I think what they do is do some bookkeeping to receive their money, and that is what takes them so long in-between, and they probably have different forum systems open and jump from one to the other. Then, at the end, they copy and paste the spam into all the open forum posts they have in their batch.

 

So let's say it's carbon entities and not silicon based bots.

Side question: why isn't the advertised "By harnessing the combined knowledge of thousands of Invision Communities, our spam Defense can assess the potential threat of each new user and stop them before they can cause any problems. It's instant and free with all plans." not working?

My original thought on marking them as spam by peers, hiding the post in default view after a certain amount of reports, would still be the most feasible option -- if the original developer could/would implement it, that is.

[Lking]

1 hour ago, RobiBue said:

My original thought on marking them as spam by peers

Several thoughts.  You had marked 4 of the 12 spam I cleaned up just now. In the morning (when you read this) one member, sometimes two, will mark the spam before I delete it even when I sleep in.

Another way to look at it is

• On "Thursday"  10 members visited the forum
• 6 show 1 post and have 1 warning point (i.e. been band for spamming)
• 2 have joined and not posted yet.
• That leaves 2 members in good standing ( + me)

[RobiBue]

17 hours ago, Lking said:

Several thoughts.  You had marked 4 of the 12 spam I cleaned up just now. In the morning (when you read this) one member, sometimes two, will mark the spam before I delete it even when I sleep in.

Another way to look at it is

• On "Thursday"  10 members visited the forum
• 6 show 1 post and have 1 warning point (i.e. been band for spamming)
• 2 have joined and not posted yet.
• That leaves 2 members in good standing ( + me)

If I read this correctly:

1. 10 members visited the forum; that is everybody that logged in/signed up(registered) (but not guests) to read and/or post (including me)
2. 6 of the 10 have all been now banned for spamming and received a warning point (for posterity)
3. this leaves 4 (including me and you) and 2 of them have not posted yet

• so who posted the other 6 spams?

I am a bit confused...

And according to what you say, there aren’t enough people around to mark the spam...

bummer!

Edited September 1, 2019 by RobiBue
Added som comment

[petzl]

just looking at latest forum flood

https://pil4pedia.com/krygen-xl/
198.54.125.159   NAMECHEAPHOSTING.COM

https://topwellnessblog.com/control-x-keto/
185.61.152.24  NAMECHEAPHOSTING.COM

[gnarlymarley]

On 8/26/2019 at 6:39 PM, Lking said:

If my anecdotal test is true, a human gets passed the first one, and the bot can do the rest.

I can cut and paste from wordpad almost faster than running a scri_pt anymore these days.  A few months ago, we had some duplicates where the email subject (or the post's title) where one started with "http" and the other started with " http".  So if a bot is posting it, would the bot randomly add a space in the title?  (Either at the beginning or the middle.)

On 8/26/2019 at 9:02 PM, Lking said:

(15min - hr between join and spam)

I think the quickest one I saw a few months ago was between three and four minutes.  If I was going to automate any part of this (via a bot), the sign up portion would be what I would automate.  Most of the providers have imap or pop and the fetchmail command can output the email directly to a scri_pt.  I expect that if I were to do this, the posts would show around the first 10 seconds of every minute.  (It could be they do a randomized sleep, but cron starts at the top of the minute.)

[petzl]

1 hour ago, gnarlymarley said:

I can cut and paste from wordpad almost faster than running a scri_pt anymore these days.  A few months ago, we had some duplicates where the email subject (or the post's title) where one started with "http" and the other started with " http".  So if a bot is posting it, would the bot randomly add a space in the title?  (Either at the beginning or the middle.)

I think the quickest one I saw a few months ago was between three and four minutes.  If I was going to automate any part of this (via a bot), the sign up portion would be what I would automate.  Most of the providers have imap or pop and the fetchmail command can output the email directly to a scri_pt.  I expect that if I were to do this, the posts would show around the first 10 seconds of every minute.  (It could be they do a randomized sleep, but cron starts at the top of the minute.)

The log-in IP is not a Bot'; 
Namecheap runs 1000's of Bot's from their domains, all with different IP's.
Domain blocklisting is now the most effective way of stopping forum spam.
https://www.spamhaus.org/news/article/786/mta-developers-allow-use-of-domain-dnsbls-at-the-smtp-level

latest flood
https://topwellnessblog.cXm/fungus-eliminator/
185.61.152.24  abuseXnamecheap.cXm

Edited September 3, 2019 by petzl

[gnarlymarley]

On 9/2/2019 at 8:53 PM, petzl said:

The log-in IP is not a Bot'; 
Namecheap runs 1000's of Bot's from their domains, all with different IP's.
 Domain blocklisting is now the most effective way of stopping forum spam.

This is in part why I try to put a note for the reports going to legitimate hosters such as "You might want to work with your customer to clean up their compromised system."