Boards and spam

[daizzzy]

any recommendations how to determine receiver for abuse and how to compose it?

[StevenUnderwood]

any recommendations how to determine receiver for abuse and how to compose it?

IMO, board spam would be similiar to mailing list spam in that only the owner/moderators of the board should be reporting it and making sure it is only reported once (but not through spamcop). Once you have the IP address, you can use spamcop to determine the appriopriate reporting address (unless they have a special spamcop setup).

As to form, I would keep it simple, provide the text of the message, the IP it was posted from and any supporting data (web logs, if possible) proving it was posted by the IP address and ask them to enforce their AUP.

[Geek]

Hi,

I'm a mod at a forum that is a spam magnet and what StevenUnderwood suggested works, but with the small amount that don't post through bulletproof proxies in Russia, South America or blackhat ones in the US.

Most board spam can only be stopped through IP blocking (which works for a week until the spammers use new relays).

Cheers!

[daizzzy]

Iunless they have a special spamcop setup

thx. what does it mean?

[dbiel]

unless they have a special spamcop setup

thx. what does it mean?

If you are using the SpamCop parser to determine the abuse address, then any address that points back to the spamcop domain or has spamcop in the address is considered a special setup.

The most common one is user#domain[at]devnull.spamcop.net

spamcop[at]mailservices.yahoo.com is another example taken from one of your previous posts

Also see you own previous topic ISP does not wish to receive reports regarding

They are the result of the the authorized domain holders request to not forward reports to the standard abuse address. These addresses should never be used outside of the Spamcop reporting system.

[daizzzy]

ok. so i should do the next if someone spams on my board:

1. go to spamcop.net

2. enter user's ip

3. parse it

4. send abuse

is that right?

what to do w/ spam post? should i report sites from it too? if the answer is yes - the process is the same?

[Wazoo]

any recommendations how to determine receiver for abuse and how to compose it?

Personally, I'm still trying to understand the Subject line description and the actual question. ICQ is an Instant-Messaging client for the most part. What does this have to do with (the somewhat undefined term) "Boards" ????

There are previous Topics/Discussions here about dealing with Forum/Blog spam, just as found in a ton load of other 'support' venues for many of those tools. In the long run, it's easiest to work at preventing those posts from being made at all.

[dbiel]

ok. so i should do the next if someone spams on my board:

1. go to spamcop.net

2. enter user's ip

3. parse it

4. send abuse

is that right?

Could be done, but is probably simply a waste of time.

what to do w/ spam post? should i report sites from it too? if the answer is yes - the process is the same?

You could simply delete it, but if you are reporting it, then you should not delete it. What we do here is to move it to a secure part of the forum that is not open to the public; for archival purposes.

You could post a link to one of the spam examples on your board so we could see exactly what you are talking about.

Items to consider when determining what to do include:

1)is this a repeat post from the same IP address?

2)who is the ISP handing the problem IP address, If it is a black hat ISP it is a waste of time to report it.

3)is the post on topic of off topic

4)do you have a set policy for handling spam messages on your board, at this point it sounds like you do not.

5) is it a static or dynamic IP address

6)and of course, your definition of spam has a lot to do with it as well, some might consider any negative post to be spam; thus the "type" of spam must be considered before reporting it.

Just a few of the things that come to mind when deciding how to handle posted spam.

You may what to look at Wikipedia. They get probably more spam and vandalism posts than any other web site. They do very little external abuse reporting. It is basicly all handled internally, using IP blocking as the normal last resort. Unwanted posts are removed by the 1,000's every hour.

[daizzzy]

thx dbiel. that's exactly what i expected to get like an answer.

as spam i call messages like 'buy cheap viagra', 'the cheapest meds online, viagra, viagra, viagra....', etc ) i already deleted all spam i have had, but i'll post new one once i'll get it (it seems like there was only 1 man spamming me regular, i just wrote him back that his spam was reported and it seems like he stopped. now i trying to find something like secure zone on vBulletin. it seems like there's nothing where i can move posts so they would be available by permanent link only and not displayed on the board. but it seems like i'll create 'closed' part of the board and will move all the spam there and will provide access details (the same log/pass) in report.

[Wazoo]

as spam i call messages like 'buy cheap viagra', 'the cheapest meds online, viagra, viagra, viagra....',

I still don't see anything in this description (much less a direct answer) that seems to be related to ICQ. My issue is that folks using search engines to find results for the exact words used in your Subject Title here will get a false hit. At this point the editing of your Title is required, as you have yet to actually bring that second part into clear view.

[daizzzy]

dbiel, i got new spammer on my board

but it seems like i'm not allowed to post links here, so i sent u it in pm. check that, please.

also see how i reported:

Good afternoon.

One of your customers was spamming my board using ip 78.157.143.166

Here you can read spam message: MYSITE/showthread.php?t=76

Use password 1001 to enter.

Let me know what acts you have taken regarding this issue. No reaction will mean that you support spammers and spamming.

[Wazoo]

but it seems like i'm not allowed to post links here,

Ignoring others doesn't leave things in a positive light either.

Topic Subject/Title edited to remove the unsubstantiated claim/subject matter.

[Farelf]

...but it seems like i'm not allowed to post links here, so i sent u it in pm. check that, please. ...

You mean MYSITE/forum/showthread.php?t=76 I think (member Nuarnek's post). My very slight experience with a (then) heavily spammed board was that the ICQs were inevitably spoofed by the robot 'members' registering and 'they' never posted, merely relied on placing exploit weblinks in their profiles (the phony ICQ was probably just to make them look like regular members). This looks quite different, and the 'spammer' (however defined, your board, your definition) is relying on ICQ contact for whatever his agenda might be?

Your board is probably successful/mostly so in keeping the robots out? Do you use confirmation emails with a validation link to tighten it right up? Maybe not if that is outside the norm in 'your world'. Anyway, I think you have all the advice about how to complain to the providers - examples I have seen of complaints include some sort of log/record to demonstrate the member-IP address link and these were fairly mainstream spam or hacking attempts. Not sure that Nuarnek's post would be readily apparent as spam in a porn site. The character encoding being out of whack for most/many viewers and all.

[daizzzy]

Ignoring others doesn't leave things in a positive light either.

Topic Subject/Title edited to remove the unsubstantiated claim/subject matter.

sorry, didn't get what u mean. i read all post one more time and can't figure out what your are talking about.

and sorry it also may be caused by language troubles.

[daizzzy]

You mean MYSITE/forum/showthread.php?t=76 I think (member Nuarnek's post). My very slight experience with a (then) heavily spammed board was that the ICQs were inevitably spoofed by the robot 'members' registering and 'they' never posted, merely relied on placing exploit weblinks in their profiles (the phony ICQ was probably just to make them look like regular members). This looks quite different, and the 'spammer' (however defined, your board, your definition) is relying on ICQ contact for whatever his agenda might be?

Your board is probably successful/mostly so in keeping the robots out? Do you use confirmation emails with a validation link to tighten it right up? Maybe not if that is outside the norm in 'your world'. Anyway, I think you have all the advice about how to complain to the providers - examples I have seen of complaints include some sort of log/record to demonstrate the member-IP address link and these were fairly mainstream spam or hacking attempts. Not sure that Nuarnek's post would be readily apparent as spam in a porn site. The character encoding being out of whack for most/many viewers and all.

yep, but i used keyword instead of /forum/ so i decided that it would be not good to post it here.

it seems like u didn't understand me correctly. i claimed 2 separate things: bords spam and icq spam (spam which i sometimes receive by icq).

my board is still in beta and we didn't send there any serious traffic )) so i just worry what there will be once we'll begin to send >1M/day. it's my first experience with boards.

sure i use email validation during registration, but these guys create accounts manually.

i determined Nuarnek as a spammer by his links. also the mail he used is blacklisted everywhere where it's only possible (i googled it).

[Farelf]

...it seems like u don't understood me correctly. i claimed 2 separate things: bords spam and icq spam (spam which i sometimes receive by icq).

OK, now we're getting somewhere.

• I think you're well on track to handle board spam - keeping the robots from joining is a big thing, bad live members are just hard work, unless they are malicious it is probably not worth trying to complain to their providers - just ban and watch out for them trying to re-register (IP address, topics, 'style', no single or simple way - Wazoo could say more).
  
• ICQ spam, not sure there's much expertise here on that topic but you can block the nuisances (until they come back with another 'address'). Maybe other things to be tried - have you looked at ICQ 4.0 Preferences & Security Center - Fight spam?
  

[dbiel]

any recommendations how to determine receiver for abuse and how to compose it?

Getting back to the original question. After several PM messages and multiple posts in this topic; my recommendation on how to determine the receiver for abuse reports is simply NOT to do it at all. Unless you have a persistant user who keeps registering multiple names from IP addresses from a common ISP don't waste your time trying to track it down. Simply warn the user, and if that does not work block or ban the user. If necessary, you can block the IP address, but that might also block other users you might not want to block. If you are going to run an open board, then you will have unwanted posts; that is simply a fact of life in the internet. If you can not accept that, then keep the board private.

[Wazoo]

it seems like u didn't understand me correctly. i claimed 2 separate things: bords spam and icq spam (spam which i sometimes receive by icq).

I had asked repeatedly just how ICQ figured into your 'board' spam. Only now do you get around to actually describing the ICQ issue .... which has nothing to do with 'board' spam. spam seen via ICQ has been talked about in the past. However, it is known that the built-in search tool here doesn't like three letter or less words, so the use of the top-most Google search box would be needed to look for those past discussions.

my board is still in beta and we didn't send there any serious traffic )) so i just worry what there will be once we'll begin to send >1M/day. it's my first experience with boards.

In general, most "boards" aren't typically concerned with that kind of out-going traffic. Either you are not talking about a 'forum' type thing or you are apparently getting ready to run into other issues, based on your questions dealing with bad registrations.

sure i use email validation during registration, but these guys create accounts manually.

Not sure I understand that sentence.

Just going with the flow, there a ton-load of Domains offering up free e-mail accounts that don't seem to be used by anyone other than spammers/hackers. As these are free accounts, there seems to be little hatm in not accepting those for Registration attempts.

The easiest statement to make at this point would be to go to the support venue for whatever 'board' application you're running and see what the latests strategies are provided/in use to prevent spamming. Running any kind of web-site these days is a definite pain.

[daizzzy]

it would be great to have such service like SpamCop for forums

[Farelf]

...but it seems like i'm not allowed to post links here, ...

And a good thing too - following the latest update to SuperAntiSpyware just the other day a routine scan of my system picked up an 'Ad-aware' cookie from your site, presumably acquired in the course of going at that (earlier) time to the link you very properly didn't post to check out your (then) latest spammer. Such cookies aren't (necessarily) a big deal but you might like to know that SAS is now calling them. And you could accordingly have some queries from other visitors - other ramifications (if any) unknown but I should think it certainly could lead to a loss of reputation of any linked sites.

[daizzzy]

Maybe i didn't understand u right. correct me if so

cookie - is a system of text data storage in client's browser, up to 4kb length. i don't know any order of bytes, which could damage client's pc (anyway i don't except that ie may have such weaknesses, but i don't know any and didn't make any research on it). send me more info about cookie - title, content and domain, which set it, and i'll ask my coder to check it out

i think it's irresponsible to bring such things in public knowing that i'm not permanent SC board's member and don't check it frequently. please fix your previous post and send me pm if u really want to find what's wrong. we don't and didn't use any malicious or overadvertising techniques in our promo.

thx

[dbiel]

i think it's irresponsible to bring such things in public knowing that i'm not permanent SC board's member and don't check it frequently. please fix your previous post and send me pm if u really want to find what's wrong. we don't and didn't use any malicious or overadvertising techniques in our promo.

I think you need to change your point of view. You came here for help. We could care less if you fix your problem or not. This IS a public board. If you do not want the information public, please go elsewhere for help. We do NOT offer individual help here. We are simply a group of users, just like yourself who have an interest in SpamCop.

Maybe i didn't understand u right. correct me if so

cookie - is a system of text data storage in client's browser, up to 4kb length. i don't know any order of bytes, which could damage client's pc (anyway i don't except that ie may have such weaknesses, but i don't know any and didn't make any research on it). send me more info about cookie - title, content and domain, which set it, and i'll ask my coder to check it out

For more information on cookies see Wikipedia entry

[Farelf]

...cookie - is a system of text data storage in client's browser, up to 4kb length. i don't know any order of bytes, which could damage client's pc (anyway i don't except that ie may have such weaknesses, but i don't know any and didn't make any research on it). send me more info about cookie - title, content and domain, which set it, and i'll ask my coder to check it out

i think it's irresponsible to bring such things in public knowing that i'm not permanent SC board's member and don't check it frequently. please fix your previous post and send me pm if u really want to find what's wrong. we don't and didn't use any malicious or overadvertising techniques in our promo.

Cookies aren't malicious, they usually record date/time of last visit and pages viewed, some are used to gather information about the browser, some gather other information, they are 'read' by the setting site on the next visit and some people feel some (or all) of them are intrusive but they're fairly well essential in one form or another for a forum/board anyway. For whatever reason SAS decided yours was 'ad-aware' (implying it might be gathering extra information) and recommended deletion. I let it.

If you don't know what cookies your board sets I suggest you find out. It was on another computer, using a different browser (IE7) and is gone now but if I recall correctly used a standard name in the form me[at]www.yourdomain[1].txt. I wouldn't have a clue about its content - that is mostly coded anyway. I don't think it's a big deal, I just wanted to alert you that SAS had retrospectively put its finger on your cookies and you should be aware because that might have ramifications.

I am not changing my previous post. I saw you were looking at the board here within minutes/seconds of me making that post and assumed you had subscribed for notifications or had anyway seen it. It would be a remarkable coincidence otherwise.

[dbiel]

The cookie you dropped on my computer looks pretty tame.

Tracking last visit date and time as well as last activity on your web site.

One possible thought is simply the name of your domain. The word "porn" might in itself be setting off some flags. But since it does reflect your web site I would not recommend changing it.

[daizzzy]

thx, but i don't require any special attention. the man offended me in cookie-playing and he definitely knows that i will read this message not immediately to response on it. np, will see how you will act in the same situation.

btw Farelf, there should be healthy border between your reporting motivation and paranoia.

I think you need to change your point of view. You came here for help. We could care less if you fix your problem or not. This IS a public board. If you do not want the information public, please go elsewhere for help. We do NOT offer individual help here. We are simply a group of users, just like yourself who have an interest in SpamCop.

For more information on cookies see Wikipedia entry