Spam spam spam spam ...

28 posts / 0 new
Last post
MegB
Spam spam spam spam ...

We've recently been plagued by several incarnations of a "ccdeal" user, and it's been quite annoying. Not the first time we've had a spammer create new user IDs by just changing the number at the end, and it won't be the last.

Catchfire and I try to catch as much as possible, but overnight and early morning spam is the norm. Yes, even us superheroes of moderation must sleep, tend children, etc. We ban them when we see them. If we had the capability, we'd block by IP address.

Thank you all who flag spam. It makes the job of overseeing such a large discussion forum easier. 

RevolutionPlease RevolutionPlease's picture

It was recently made more difficult to flag spam. They make you type a reason now?

Unionist

I just write, "Spam is treif". Works every time.

 

mark_alfred

Rebecca West wrote:

If we had the capability, we'd block by IP address.

You are using Drupal, aren't you?  Surely you have the ability to block IP addresses.  Also, I would assume that you could use wildcards (IE, ccdeal*) in the blocking of user names.

Unionist

Don't bother, mark_alfred. Every time we talk to the techies, it costs money, and something else gets screwed up. Just be grateful for the deep discount bargains available from ccdeal000031415926535.

 

Boom Boom Boom Boom's picture

I've done my share of flagging spam, now I'll leave it to the rest of you. Smile

MegB

mark_alfred wrote:

Rebecca West wrote:

If we had the capability, we'd block by IP address.

You are using Drupal, aren't you?  Surely you have the ability to block IP addresses.  Also, I would assume that you could use wildcards (IE, ccdeal*) in the blocking of user names.

We block user names, but our current config of Drupal doesn't let us block by IP.

mark_alfred

Drupal is open-source software (IE, "free" as in both "free beer" and "liberty"), so it shouldn't be either difficult or expensive to change the current config.  Drupal has support forums to assist with this.

I'm not sure whether blocking by IP is any more effective than by username.  Perhaps.  Regarding usernames, in Wordpress, which I use, the set up for either "Comment Moderation" or "Comment Blacklist" is as follows:  It will match inside words, so “press” will match “WordPress”.  Thus all instances of "ccdeal" would be blocked.  I'm guessing it could be similar for Drupal.  I did set up Drupal a while back, but I couldn't find an en-CA version (just en-US), so I switched to WordPress.  Admittedly, Drupal is better for larger projects such as Rabble.  It has more options.

Boom Boom Boom Boom's picture

Just out of curiousity, does anyone know if Drupal is less user-friendly for dialup than other platforms? I have an awful time with this forum sometimes.

Catchfire Catchfire's picture

mark_alfred, you almost certainly know more about this than me, but from what I've been told, banning IP addresses a) isn't successful against savvy spammers and b) risks banning an entire library/community centre or other multiple use site if the spammer is accessing a public ISP or that of an unknowing user.

As for the username wild card idea, ccdeal is actually unique in that s/he keeps using iterations of the same handle. Usually there is some other modulation by repeated spammers. And, of course, as soon as we do introduce wildcards, ccdeal will change to cddeal or some such. Not a good use of tech resources.

Flagging for spam (once) remains the best way to bring this to the mods' attention.

Slumberjack

Back in the day when an international group of us were co-moderating FPS gaming servers, we were sometimes forced to use scorched earth practices against unpleasant intruders who wouldn't go away when asked nicely.  At first we'd use the single IP banning function with IP Wallmaster, but for those whose ISPs used rotating IPs, we'd have to use 'WhoIs' to find the range and block the entire thing.  I would guess such a measure is impractical here, but for our purposes it was 100% effective.   Then we'd scope out the hacker forums and hear them complain about whatever we were using, and then see them asking if anyone had a workaround.  No one ever came up with one.

Caissa
oldgoat

Back in the day, banning by IP address was a lot more effective.  However, it doesn't always work.  I remeber banning one person's IP address and the entire babble pro Israel lobby fell silent.

 

Ya know if people ever got my screwed up mod permissions sorted out, I'd be happy to help.

kropotkin1951

oldgoat wrote:

Ya know if people ever got my screwed up mod permissions sorted out, I'd be happy to help.

Are you sure you just didn't ban yourself from using them?

Laughing

 

 

mark_alfred

Catchfire wrote:

Flagging for spam (once) remains the best way to bring this to the mods' attention.

Hi Catchfire.  Yes, you're probably right.  Seems that for problems with spam-bots the best solution is a human based solution.  Robotic solutions to robotic problems just don't work in the end.

Michelle

The "bots" are often human now.  So CAPTCHA and e-mail validation probably wouldn't work - they can generate endless e-mails.

mark_alfred

I don't think many are human.  I think most are sophisticated programs like XRumer.

ETA: 

Here's a tip from the article on XRumer:

Quote:
The easiest method to defeat Xrumer is to simply require the first post of any new forum member or blog poster to be approved before it can appear.

kropotkin1951

I would bet that CCdeal is a human and not a spamming program. 

mark_alfred

Unionist, from what I read in the article, it can handle many forms of CAPTCHA with OCR.  I'm sure CAPTCHAs still block a lot of crap though.  The article says it can handle email validation as well, but I've not read of how it does this.  You are right though that making people wait a day is likely too severe, in that it could frustrate new users. 

I've read that people buy this program for about $500, primarily to get links across the internet to raise the profile of their snake-oil sites on search engines like google.  So there's likely some human interaction at times too.  But I think spamming is mostly an animated process from software like Xrumer.

As for human spammers, yes, certainly a lot of posters here (myself included at times) ignore the thread topic and instead post advertising-like links to whatever issue turns their crank.  So creating any automatic moderation rules for Babble would be a challenge. 

mark_alfred

kropotkin1951 wrote:

I would bet that CCdeal is a human and not a spamming program. 

You might be right about that.  I checked the list at stopforumspam.com and ccdeal is not on its list.

Catchfire Catchfire's picture

Unionist wrote:
As for human spammers, well, doesn't that describe all of us after a fashion?

Ha! Or the more terrifying thought that all of us are, in point of fact, spam bots after all -- and ccdeal is the only human...

Michelle

Heh.  Philosophy major much, Catchfire?  :D

Also - Mark, that's really interesting, thanks for your posts!  Educational.

infracaninophile infracaninophile's picture

Slumberjack said

Quote:
At first we'd use the single IP banning function with IP Wallmaster, but for those whose ISPs used rotating IPs, we'd have to use 'WhoIs' to find the range and block the entire thing.  I would guess such a measure is impractical here,

My ISP is one of those that uses rotating IP addresses -- every time I log on, my IP address is different. If I were the spammer, and babble blocked the IP addy I was spamming from, I could readily spam again by logging off and on, no? And if the whole range was singled out, innocent non-spammers in my area (I'm sure other babblers are from this area) would be unjustly excluded. Am I understanding this correctly?

When I had dial-up (which I still have access to for a backup in case Big Corporation service goes down), I had a single IP address that never changed.

mark_alfred

Servers usually have static IP addresses, rather than anything random (though I think some of these spam bots rely on proxy servers.)  So, I think banning IP addresses can help.  Many of these come from overseas IPs, so I wouldn't worry about "library/community centres" in Canada.  That's not where these spam-bots come from.

mark_alfred

To digress for a second, I often wonder if programs like XRumer are used to generate all the right-winged nonsense that is seen in many paper columns.  For instance, I wonder if the program could be set to target various media sites, with responses that are preset to be made whenever a topic occurs within these media sites' articles.  IE, could it be set up that whenever the character string "Mulcair" is found by the program within an article in these media sites, could it generate numerous users making a variety of preset comments to establish a negative theme, regardless of what the article was actually about?  I haven't much followed the comments section of newspapers lately, but did notice something that appeared to simply be spambots back when Layton was leader. 

Slumberjack

infracaninophile wrote:
And if the whole range was singled out, innocent non-spammers in my area (I'm sure other babblers are from this area) would be unjustly excluded. Am I understanding this correctly?

Yes, which is why I referred to our practice as scorched earth.  In our case we had a website, forum and email contact to address appeals and mistakes.

Unionist

1. How about CAPTCHA on initial registration? or 2. Do we require email validation? I can't remember. Can bots do that? This can't be that difficult.

Unionist

Can Xrumer handle CAPTCHA or email validation? I'd much rather have to do one of those to register, than have to wait a day for my first brilliant post to go stale. As for human spammers, well, doesn't that describe all of us after a fashion?