Mail.ru, ukr.net and Yandex.com email accounts banned

Posted on
Page
of 4
    1. Multi Grooves


    Thats Waysis!!

    :)

  • I for one welcome our spammer overlords!

  • The test site is receiving less spam attacks than the main site, by a very wide margin. That virtually none gets through to LFGSS shows how much is done to fight it.

    This isn't just an LFGSS problem, it seems that spammers have shifted focus to forums on the internet, all forums. We fare well mostly thanks to the nursery period and using Akismet to moderate potential spam messages (even though classifieds with lots of images sometimes get caught in this net).

    We already use an additional field during registration (prevents bots that haven't inspected out specific page from registering), and recapatcha (which is known to be broken), and we require email verification (which stops something like 30% of fake accounts registered), and then the nursery means that even if they pass all of that their scripts to post spam won't know that they need to post in existing threads before they can start their own or that they can't yet send PMs.

    Of the account that manage to register, a vague number of around 1,000 threads per day are attempted to be created, with well over 99% failing thanks to the nursery. Somewhere around 2,000 PMs per day are attempted to be sent, with 100% failing thanks to the nursery. Of the post spam, the numbers are much lower with only around 20 per day being tried, and over 99% failing because of Akismet catching them. Presumably posts are so low because it requires a more complex script than one that just blindly sends PMs or creates threads.

    Basically the nursery is the biggest defence we have, but now that it's clear that spammers are paying people to do the registrations I don't think it will be long before they're paid to post the spam, in which case the nursery will be defeated.

    I'm going to join LFGSS to http://www.stopforumspam.com/ and basically vet all registrations by their IP address, and if it is a known spammer then their email address and IP address will be submitted to help protect other forums. Basically hundreds of forums are joining together to watch registrations and to detect and block spam ones.

    As I said before, this means that there is a change in the T&Cs as the IP address will now be shared during registration. There are reports of this being almost 100% effective at blocking registrations (even from humans), and if that can be achieved then they simply cannot spam.

    This morning I've banned another 50+ accounts registered in the last 18 hours. Blocking some countries helped, but the new registrations are using rented servers in France (ovh.net), USA (theplanet.com) and a few other countries... they're basically adapting to country bans really fast so I don't have a great many options open and have to join Stop Forum Spam to block registration by individual IP address rather than country level.

    If it's not clear, this week I've spent an average of 4 hours per day fighting spam. This morning already, over an hour. It's pretty out of control.

  • don't some forums use an invite only registration policy, is that an option, or would the exclusivity of this go against forum principles?

  • It'd go against the idea of being an open forum.

    Anyhow... the Stop Forum Spam stuff appears to be successful. It's been installed for 5 minutes and already stopped that many spammers (1 registration attempt per minute is this mornings average... it's up from yesterday's average of 1 every 10 minutes).

  • To test just how effective this new system is, I've lifted the country wide IP bans so now all traffic can get through again.

  • DK, please accept a forum group hug from us all.

  • One final thing, although I've lifted country bans... the few spammers still getting through are using Tor as their proxy.

    So the only IP range ban that will be in place is that Tor will be blocked. It's the only leaky part of the whole spam shield now, and whilst I know that this does affect a few users who like to run their aliases through Tor I feel that stopping spam is more important than leaving you with the belief that I didn't know who you were... I already did, but I don't care... I do care about stopping the spam though.

    So, Tor is blocked.

  • And I think I'm done.

    17 spammers blocked since it was enabled 25 minutes ago.

    There is still one small thing: Around 30 accounts were registered over the past few days that I'm unsure about. Since the new system blocks registrations, these 30 accounts survive. I could ban them, but as I said I'm unsure... they could be real people.

    So I'm going to leave those accounts and just wait for them to try and spam. At which point, I can ban them.

    Please do report any spam that does manage to get through, it's likely to be from the 30 accounts I didn't want to ban just in case they were real people.

    Cheers all... rest time for me now... or shower and breakfast at least.

  • Just stop letting people register, delete anyone with a user id above 1000. Make the whole thing private. Job done.

    This.

    It's been nice. See you in the next life.

    #notaflouncestayingtobugthepre1000ers

  • I've deleted 813 users who had registered, never posted, and never activated their account using the email they received. In other words, registrations that are likely to have been made by spammers (majority of them) or people who registered but didn't stay long enough to consider activating their account (minority of them).

    This really does bring my anti-spam activity to a close.

  • I fibbed... I've also deleted all of the accounts that had been banned as Spammers and whose posts had been deleted or who had never managed to post.

    Basically... the only accounts left on the forum are people or their aliases. It feels good.

  • Thanks for the explanation and the effort in dealing with the spammers.

  • What is a "Lesbian Grannie Gallery"?

  • Spoken like a true High Court Judge, Clive.

  • Do people keep their registration number, or do we all shift now that large blocks of member numbers have been nuked?

  • People keep their numbers. And most of the junk accounts are above 2,000 so there aren't many low number holes.

  • What is a "Lesbian Grannie Gallery"?

    That reminds me to purge the test forum and to install the software there.

    4,000+ spam accounts.... wow. Let's see what the new thing does to it.

  • The test site has been reset and ALL accounts have been deleted and ALL posts and threads except the one sticky one I had created have been deleted.

    If you want to provide feedback and test the new design when I start work on it again, then you will need to re-register on the http://test.lfgss.com site.

    Cheers

    David

  • Appears to be doing the job on the test site already... 3 spammers block in 8 minutes. I like this whole forums-working-together-to-defeat-spam thing.

  • do the deleted accounts bring the number of 'users' down on the front page stats?

  • They do... but the load balanced servers haven't all refreshed the stats yet. Stats will be refreshed gradually across the servers throughout the day.

    If you reload the home page multiple times and watch the numbers... one of the servers will tell you the real number (it's the lowest user count one).

  • Truly immense work Velocio.

  • good stuff, dk - thanks.

  • Thanks.

    I'm pleased it's working well: 107 spammer registrations blocked since enabling the new tech this morning and 4 new spammers identified and reported.

    Bloody good stuff this.

  • Post a reply
    • Bold
    • Italics
    • Link
    • Image
    • List
    • Quote
    • code
    • Preview
About

Mail.ru, ukr.net and Yandex.com email accounts banned

Posted by Avatar for Velocio @Velocio

Actions