influx of spammers (possibly bots?)

Hangin' Around Joined: May 23, 2006 Posts: 40

Hi All,

I have been trying to slow down the sudden influx of spam "users" and junk posts on my .02 distro.

I have 10 to 30 new users daily that I have to manually delete with another 10 to 50 junk forum posts I also delete. I have stopped banning IP's at this point because thehy are almost always different.

I have the email activation set to 'ON' which I hoped would slow them down but it hasn't seemed to.

I have nukesentinal on, however I don't know how to config it correctly.

Please Help! Any suggestion will be much appreciated.

Thanks

Posted: Tue Nov 28, 2006 9:34 pm

Check your access logs and see if there is anything in the User Agent or Referrer that you might be able to "key off of". If there is something consistent there, there may be a way through .htaccess mod_rewrite to stop that (or slow it down enough to where they go somewhere else).

Posted: Wed Nov 29, 2006 9:32 am

You could also try Guardian's Spam Blocker:
[ Only registered users can see links on this board! Get registered or login! ]

This checks the incoming referrer to see if it is blacklisted, or contains bad words. It also allows you to ban certain domains.

Posted: Wed Nov 29, 2006 4:58 pm

The "key" though, is finding out what the user agent and referrer is. But even these can be "spoofed".

Worker Joined: Nov 17, 2006 Posts: 222

lets say if the gfx-chk is turn on will the spam get into the forum and user ?

Posted: Wed Nov 29, 2006 6:47 pm

It might slow them down a bit, but others have been having troubles still with people registering new users and then using those in the same fashion. What is really needed is a good captcha in all the right places. (Sorry, doesn't help you right now.)

I would turn off all anonymous type posting of comments, forums, web links, downloads, etc. At least they have to go through the effort of registering with a valid email address.

Worker Joined: May 15, 2004 Posts: 119 Location: Germany

Hi,

I do have the same problem:

That is what Sentinel says:

Code:

Datum &amp; Uhrzeit: 2006-11-26 21:47:32 CET GMT +0100


Gesperrte IP: 72.36.233.66


Benutzer-ID: Gast (1)


Grund: Abuse-Harvest


String-&Uuml;bereinstimmung: widow


--------------------


User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Widows NT)


Query-String: [ Only registered users can see links on this board! Get registered or login! ]


Get String: [ Only registered users can see links on this board! Get registered or login! ]


Post String: [ Only registered users can see links on this board! Get registered or login! ]


Weitergeleitet f&uuml;r: none


Client-IP: none


Entfernte Adresse: 72.36.233.66


Entfernter Port: 58483


Anfrage-Methode: POST

But not all are found by Sentinel. Spamblocker might be a solution, but I do not know what 'bad words' I should add to stop (delay) those spammers.

Often the email address used by the bots is invalid and in that case I have to use phpmyadmin to delete these users from nuke_users_temp manually. I would like to have a better Useradmin in phpNuke where I can delete also not registrated users and where I can kill easily new users I have identified as spammers. It is a nightmare to do that with the existing user admin functions and phpmyadmin. (Think about the time you need to kill 100 comments in the news ... Evil or Very Mad

)

Posted: Thu Nov 30, 2006 7:13 am

Bad words would be swear words, or things like viagra, but it's up to you.

Spamblocker also allows you to report spammers to Code-Authors and they can then be added to their blacklist.

If the email address is invalid then Nuke should automatically remove within the set time if the account is no activated and therefore you should not need to do it manually.

CNB YA will allow you to suspend, or deactivate users easily.

You might also want to consider Guardian's comments module, this allows you to review the comments easily.

Posted: Thu Nov 30, 2006 8:10 am

I see this "wow###___" person too. Fortunately Bad Behavior has been blocking them completely. It seems that they are using all @agnitumhost.net addresses, so you could block that in Sentinel's string blocker

Posted: Thu Nov 30, 2006 11:53 am

jakec wrote:

If the email address is invalid then Nuke should automatically remove within the set time if the account is no activated and therefore you should not need to do it manually.

You might also want to consider Guardian's comments module, this allows you to review the comments easily.

Hi,

I show the 'new user' in my admin block and often I can see that it will be a spammer just because I knew the email host address, therefore I like to have a tool to delete them ... Maybe I will write a small admin module to show and delete new users easily.

The comments module is nice, I use it. The only thing I am missing is a multiple selection for deleting more than one comment in a row ...

I just hate those stupid idiots ...