What spammer & anonymous email services do you block?

Worker Joined: Aug 02, 2004 Posts: 165

What spammer & anonymous email domains do you block in the yaUsersConfig (e.g. bugmenot / mailinator.com)? What about restricted user names?

Below list includes domains which were highlighted in earlier message + some new domains.

Quote:

0clickemail.com
10x9.com
20minutemail.com
2minutecashadvance.com
alliedcreditcounseling.com
anonymbox.com
aravensoft.com
assuredcashadvances.com
assureddebtconsolidation.com
autoloansbadcreditcarloans.com
bigstring.com
binmail.com
bk.ru
BriefEmail.com
Bugmenot.com
car-loans-financial.com
cash-advances-today.com
chammy.info
despam.it
devnullmail.com
discardmail.com
dodgeit.com
emaildienst.de
expressnofaxpaydayloans.com
fastmail.fm
faxlesspaydayloanscash.com
gawab.com
GuerrillaMail.info
guerrillamail.org
haltospam.com
hidzz.com
horizonautoloans.com
hushmail.com
inbox.ru
lavabit.com
leadingpaydayloans.com
lendersdebtconsolidation.com
letthemeatspam.com
list.ru
mail.ru
mail2world.com
mailcatch.com
mailexpire.com
mailin8r.com
mailinator.com
mailinator.net
mailinator2.com
mailnull.com
moderncashadvance.com
mt2009.com
muchomail.com
mysite.com
mytrashmail.com
nfsautoloan.com
nfsdebtconsolidation.com
nofaxpaydayexpress.com
non-fax-payday-loans.com
NoSpam4.Us
NoSpamFor.Us
notmailinator.com
notmymailbox.com
online-payday-loan-express.com
paydayez.com
paydayloandraw.com
paydayloanpapa.com
payday-loan-place.com
pay-day-loans-expert.com
peoplescashadvance.com
personalloansgalore.com
personalloanspro.com
quickpaycheckadvance.com
selectpaydayloans.com
slopsbox.com
snappymoney.com
sofort-mail.de
sogetthis.com
spam.la
spam.su
spambog.com
spambog.de
spambox.us
spamcorptastic.com
spamfree24.com
spamfree24.de
spamfree24.eu
spamfree24.info
spamfree24.net
spamfree24.org
spamgourmet.com
spamherelots.com
spamhole.com
spammotel.com
supergreatmail.com
suremail.info
techemail.com
TempEMail.net
tempinbox.com
temporaryinbox.com
thisisnotmyrealemail.com
trash-mail.com
trashmail.net
trashymail.com
wh4f.org
ya.ru
yopmail.com
yoursite.com
zippymail.info

Posted: Sun Feb 05, 2012 8:48 am

I have many of the ones you posted, plus a few more here:

Quote:

datarecoverysoftware.com
ddiitt.com
ddimp.com
free.fr
gmx.com
pookmail.com
sendgroupsms.com
spamavert.com
spamcorptastic.com
thisisnotmyrealemail.com

Posted: Fri Feb 17, 2012 4:25 pm

Do you block these through htacess, or something else?

Posted: Fri Feb 17, 2012 5:03 pm

I would check out nukeSPAM Smile

[ Only registered users can see links on this board! Get registered or login! ]

Site Admin Joined: Jun 04, 2004 Posts: 6433

Thanks, spasticdonkey. This is a good list for people to use in conjunction with nukeSPAM, CA Honeypot and other tools designed to prevent spammers from achieving their goals.

One of the sites I support suddenly saw a spike in members (the number of members doubled in less than 1 week from 150 to over 300). I noticed that these were variations on random email address with free websites (e.g. hotmail, gmail, etc.) and, because the site allowed signatures, they were simply registering with spam links (mostly to casinos) in their signature. Since the latest version of RavenNuke allows full control over user fields, I employed a multiple part strategy that has proved to be quite effective:

- upgrade to RN 2.50
- disable signatures (so even the existing users with spam signatures aren't displayed)
- change the registration to require acceptance of the terms of service, etc. (this makes automated registration more difficult - at least temporarily)
- implemented nukeSPAM

Total time spent was about 3 hours (last night).
Number of blocked spammers since: over 50, not counting those with multiple attempts (reminds me of Einstein / Franklin's theory of insanity: doing the same thing again and expecting different results)
Number of successful spammer registrations: 0

Anyway, I believe they found the site by searching for the default keywords for PHP-Nuke / RavenNuke (which, I'm sorry to say, the site still had). So, I used nukeSEO DH to change that, too.

I'll eventually look into adding the ability to check existing users against spam databases, but with RN's powerful RNYA capabilities, cleaning up these users (or making their spam attempts irrelevant by hiding signatures) is much easier than it was in the old days...

RavensScripts

[EDIT: grammar]

Posted: Sat Feb 18, 2012 6:04 am

Will this work with a non-nuke site, such as a SMF forums site?

Posted: Sat Feb 18, 2012 7:56 am

Unfortunately, not out-of-the-box. There are some provisions to work with other Nuke distributions, but it's designed to work with RavenNuke. However, there might be a similar addon for SMF forums that either integrates with Spambot Security Tool or uses the same approach of verifying username, email and IP address against databases of known spammers at registration.

Posted: Sat Feb 18, 2012 9:31 am

FireATST wrote:

Do you block these through htacess, or something else?

These are under RNYA on the Limits tab.

@kguske - thank you for documenting your approach! With regards to signatures, I really hate not allowing those for true "friendlies" as it can help them with their link juice... but, unfortunately, I think those days are gone now.

Posted: Sat Feb 18, 2012 9:51 am

Thank you, will take a look for one Montego.... Smile

Posted: Sat Feb 18, 2012 10:39 am

Sorry to continue the :offtopic: discussion, but I do believe it's relevant to blocking domains.

Further analysis of the attempted spammer activity on the previously mentioned converted site showed that all attempts came from the same 2 IP addresses (which are now blocked, courtesy of NukeSentinel). It appears that a bot was used as the interval between attempts was regular (once from each IP address every half-hour using nearly identical random names).

I'm not sure if the email addresses were real as they appear to be randomly created and all unique, but I supposed the spammer could have a database of free email accounts. The point is that you could block domains like gmail.com, but you'd potentially be blocking valid users, vs. using tools like CA Honeypot and nukeSPAM which would block the specific spammers. That said, I do recommend blocking throwaway domains and those that are primarily used for spamming like mail.ru.

In fact, I'd suggest we make the combined lists above installed with RavenNuke - by default.

Posted: Sat Feb 18, 2012 11:18 am

@montego: I'll probably open up signatures on that site after I have a chance to clean up those that shouldn't have been able to register in the first place. Thanks for pointing that out - it applied to this case because most users don't have signatures - just the spammers, and that should be temporary. Also, I have since updated the blocked domains setting with the sorted list from your and crypto's lists above (there were a couple of duplicates, btw: spamcorptastic.com & thisisnotmyrealemail.com ).

@FireATST: If you find another tool that uses Spambot Security Tool, be aware that there were several bugs that were resolved in the nukeSPAM version - you might want to use the functions.php from nukeSPAM. When I get a chance, I'll let the original developers know what needs to be corrected.

Posted: Mon Feb 20, 2012 8:53 am

Posted: Mon Feb 20, 2012 8:33 pm

I need to review to see if it's checking nukeSPAM first, or blocked domains. It should check blocked domains first, but I think that is not the case.

Posted: Sun Jul 29, 2012 12:42 pm

Blocked new:
@dresssmall.com
@sina.com
@163.com

They do smell if you don`t update your site on a regular basis and register with many different usernames..

Posted: Wed Aug 08, 2012 8:52 pm

and to anyone who codes and wants to block automated signup my answer is simple change the sign up process or change the field names for example uname becomes myuname this basicly gives the automated signup script useless on your sit and the result no automated signup

and yes i know companys employ people to signup manually but really the price of an automated signup script to the price of paying someone to do it manually is a fraction

so kguske seeing as the your account is your domain have you thought about with every release changing the field name of the uname so this eventually elimates automated signup?

yes i know its a simple way to a more complex problem but it does stop alot of it

how i think they signup with 30 users a day on a site

man at computer
man gets given a list of usuable email addresses (ie dont bounce back)
man gets given another list of domain names that run rn nuke
man uses said lists in a script that not only sends info to the user sign up but can get post data from the said domains its looks for the check_num catches it and inserts in the activation link then the same script posts to the save edit user function with there signature

Posted: Thu Aug 09, 2012 5:30 am

gazj, long time since I have seen you around.

Posted: Thu Aug 09, 2012 6:52 am

Hi gazj!
Changing the variable names is an interesting idea. I agree that it's possible to use a script in this way to automate registrations, but I also believe that to some extent we'd be chasing our tails, so to speak, by changing code with each release, since dedicated spammers would simply change their scripts to use the new variable. At the same time, I like the idea of making the bad guys work a little harder, too! Let's see what others think about this approach.

Posted: Thu Aug 09, 2012 10:07 am

When I have enough from some spam countries like China I just ban these via IP.cidr in my .htaccess
Now thinking about to ban China completely and possible Russia too. I don ´t care. Also my next website will not be multilingual anymore therefore such things will be reduced autmatically.
Yes, I have also restricted user names since I found out there exist sites with success rates with a specific username to sign up e.g. at my site.
There are just so many ways to be prepared and fight back.
It `s only important to never give up.

Posted: Sat Aug 11, 2012 7:01 pm

Palbin wrote:

gazj, long time since I have seen you around.

thanks palbin i have more free time now so i may be around alittle more from time to time Smile

kguske wrote:

Hi gazj!
Changing the variable names is an interesting idea. I agree that it's possible to use a script in this way to automate registrations, but I also believe that to some extent we'd be chasing our tails, so to speak, by changing code with each release, since dedicated spammers would simply change their scripts to use the new variable. At the same time, I like the idea of making the bad guys work a little harder, too! Let's see what others think about this approach.

i know its easy but what if you add an admin option to change this variable via the user admin panel

Posted: Sun Aug 12, 2012 9:04 pm

That's a different twist... Webmasters would need to know that any pending registrations wouldn't work if they change the variable. We might also want to make it part of the site setup process. And, we could use an effective date and time to allow registrations generated prior to changing the variable to use the old variable name...

Still thinking about this - and would definitely like input from others, too.

Posted: Sun Oct 06, 2013 7:52 am

Just found another one and no-one is going to like this! You need to block this ASAP.

@mmmmail.com

Email to RSS and the RSS is public!!!!! This is crazy.

Posted: Sun Oct 06, 2013 9:42 am

Thanks! Added it to my list. I looked at some services that identify throwaway email addresses, but they weren't too accurate. Thinking of creating a service for RN users. In the meantime, this has been added to the sites with registration that I support.

Posted: Wed Oct 09, 2013 5:28 am

kguske wrote:

Thinking of creating a service for RN users.

I might even pay something like $5 / year for something like this that keeps my site updated with these. Although, I might want the ability to allow some by exception...

Posted: Wed Oct 09, 2013 8:16 am

You read my mind...