| Author |
Message |
crypto
Worker
Joined: Aug 02, 2004
Posts: 165
|
 Posted:
Fri Nov 14, 2008 7:05 am |
|
TIP:
It would be great if you would block by default some free anonymous emails to be used in the RN Your Account 2.3.0 ("limits section")
Some examples:
Bugmenot.com, dodgeit.com, wh4f.org, mailinator2.com, sogetthis.com, mailin8r.com, mailinator.net, spamherelots.com, thisisnotmyrealemail.com. |
| |
|
|
|
kguske
Site Admin
Joined: Jun 04, 2004
Posts: 6433
|
| Posted:
Fri Nov 14, 2008 7:17 am |
|
|
|
|
|
crypto
|
| Posted:
Fri Nov 14, 2008 7:42 am |
|
Yes I did.
I also found "trashmail.net", which was also included to the policy. |
| |
|
|
|
|
crypto
|
| Posted:
Sat Nov 15, 2008 3:58 pm |
|
By the way, if you have something to be added to the domain block list, please reply to this topic. |
| |
|
|
|
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9457
Location: Arizona
|
| Posted:
Sun Nov 16, 2008 8:49 am |
|
|
|
|
crypto
|
| Posted:
Tue Nov 18, 2008 2:48 am |
|
Updates:
spamcorptastic.com
guerrillamail.org
GuerrillaMail.info
anonymbox.com
BriefEmail.com
mailexpire.com
TempEMail.net
yopmail.com
spamgourmet.com
hidzz.com
slopsbox.com
spam.la
spam.su
spamfree24.com
spamfree24.net
spamfree24.org
spamfree24.info
spamfree24.eu
spamfree24.de
spamhole.com
tempinbox.com
despam.it
20minutemail.com |
| |
|
|
|
|
Susann
Moderator
Joined: Dec 19, 2004
Posts: 3191
Location: Germany:Moderator German NukeSentinel Support
|
| Posted:
Tue Nov 18, 2008 6:42 am |
|
These are a few from my string blocker:
discardmail.com
temporaryinbox.com
emaildienst.de
sofort-mail.de
spambog.com
spambog.de
trash-mail.com
trashmail.net
Within the sting blocker you need a @ before.
If you have many legitime registered users from Rumania and your website is indexed by their search engine you should think about to not ban all examples.ru addresses.
The problem is many spammers use these e-mail addresses also.
There are countless tempory e-mail services and it`s your personal decision to allow or to block. |
| |
|
|
|
|
duck
Involved
Joined: Jul 03, 2006
Posts: 273
|
| Posted:
Mon Dec 01, 2008 8:11 pm |
|
Just keep in mind there are many many users that will not sign up with a site that doesn't allow online emails.
I for one have no clue what my ISP provided email is? I have never not even once logged into it I only use my online accounts with either gmail or yahoo or msn and any site that I visit that refuses to allow me to register from one of those is not worth my time and I never visit back. Yes the spammers suck but theres plenty other ways to combat them than punish the regular public with PITA signups. |
| |
|
|
|
|
kguske
|
| Posted:
Mon Dec 01, 2008 8:56 pm |
|
True, and I wouldn't block Gmail, MSN or Yahoo as these are respectable sites. But the others are hotbeds for spammers, and most people would like the option to prevent registration from these (or other) sites, based on their preference. |
| |
|
|
|
|
Susann
|
| Posted:
Tue Dec 02, 2008 5:16 am |
|
There is a difference between free e-mail addresses and temporary redirected e-mail adresses.
Why should I allow such addresses ?
I get daily such registration. The latest are from:
spammotel.com
dodgit.com
And from 1000 banned addresses I get max.3-5 request.
At the top of my site is a message and it tells everybody in English and German such temporary e-mails are not allowed for registration.
But they don´t care. |
| |
|
|
|
|
duck
|
| Posted:
Tue Dec 02, 2008 7:33 am |
|
Yeah I know the spammers use the temp email boxes but I've been to sites that won't allow the big 3 either (yahooo, gmail and MSN) sometimes I will then use a temp box like mailinator to login which sorta makes me laugh when it works that they block the addresses 95% of the real people in the world use and then let in the spammers favourite choices. hehe.
But the problem with blocking these temp mail boxes is they will pop up 10 more tomorrow it's almost an endless battle. If it's a live person behind the spammer there's pretty much nothing you can do to keep them out (short of blocking the world from your site lol) however I think perhaps we could keep the bots at bay better with an improved registration system. One that not only includes captcha but also asks a human response question like what is the biggest shape in this picture etc. This would become too cumbersome for the bot programmers to find ways around. Perhaps in the next release? |
| |
|
|
|
|
Susann
|
| Posted:
Tue Dec 02, 2008 9:36 am |
|
Well I think the integration of RavenNuke Your Account is good enough to prevent automatically spam-registrations.It was somethink like a milestone.
I don´t need mathematic questions or something like in a blog to prevent spam but it would just great when people would read before they register what is allowed and what´s forbidden. |
| |
|
|
|
|
Guardian2003
Site Admin
Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam
|
| Posted:
Wed Dec 03, 2008 6:18 am |
|
I have a message like Susann on my front page too. I also added it in a H1 tag to my Terms page which they have to read when registering.
As I manually approve all registrations I also put in a default 'deny' message in my database table so I do not have to type the reason why a registration is denied because they did not read the two notices. |
| |
|
|
|
r0rz
New Member
Joined: Jul 19, 2008
Posts: 13
|
| Posted:
Wed Dec 10, 2008 6:18 am |
|
mail.ru is popular email in russian its like gmail for russia i dont think its good to block it by default for all :/ |
| |
|
|
|
|
Guardian2003
|
| Posted:
Wed Dec 10, 2008 6:48 am |
|
Almost every single registration application I have had from mail.ru has been from an automated script attempting to register. In most of those cases the originating IP was not even from Russia.
If mail.ru wants to allow abuse of it's system, thats fine with me as they are just putting themselves out of business. |
| |
|
|
|
|
Susann
|
| Posted:
Wed Dec 10, 2008 8:06 am |
|
I noticed exact the same like Guardian. Several years years ago this e-mail address was an insider-tip for users from other countries but the time changed and now in most of the case this address is used by spammers from different countries.
You as webmaster can choose whatever you prefer to block. Its your decision.
If they are really interested to register and are banned they would write an e-mail I think but I know the reality.
Tells me a complete other story.
So there is no reason for me to remove mail.ru or other suspect addresses from this country. |
| |
|
|
|
|
kguske
|
| Posted:
Sun Jan 04, 2009 10:14 am |
|
Here is a list of confirmed spammers that recently registered on my site, then immediately posted comment spam. Please note the increased activity around Christmas.
These people are desperate - probably paying slave labor pennies to manually register and confirm registration. Sad, pathetic...and wastes a lot of my time (Guardian, we really need the spam blocking tool!)
Here is the list of domains in text form in case you want to add these to your blocked registration list:
2minutecashadvance.com
alliedcreditcounseling.com
assuredcashadvances.com
assureddebtconsolidation.com
autoloansbadcreditcarloans.com
car-loans-financial.com
cash-advances-today.com
expressnofaxpaydayloans.com
faxlesspaydayloanscash.com
horizonautoloans.com
leadingpaydayloans.com
lendersdebtconsolidation.com
moderncashadvance.com
nfsautoloan.com
nfsdebtconsolidation.com
nofaxpaydayexpress.com
non-fax-payday-loans.com
online-payday-loan-express.com
paydayez.com
paydayloandraw.com
paydayloanpapa.com
payday-loan-place.com
pay-day-loans-expert.com
peoplescashadvance.com
personalloansgalore.com
personalloanspro.com
quickpaycheckadvance.com
selectpaydayloans.com
snappymoney.com |
| |
|
|
|
|
Susann
|
| Posted:
Sun Jan 04, 2009 11:06 am |
|
I would not hestitate and report such "Christmas spammer" at different sites
E.g. [ Only registered users can see links on this board! Get registered or login! ]
[ Only registered users can see links on this board! Get registered or login! ]
[ Only registered users can see links on this board! Get registered or login! ]
This will help others too.
Join also Project Honeypot.
I don´t have such problems and I ´ m quite sure I don´t need more tools.
NukeSentinel and the .htaccess is power pur.  |
| |
|
|
|
|
Guardian2003
|
| Posted:
Sun Jan 04, 2009 11:17 am |
|
| Quote: | | Guardian, we really need the spam blocking tool! |
An all new and improved tool is in the works but it is one of several projects I'm currently working on so it will be a while I'm afraid. |
| |
|
|
|
|
kguske
|
| Posted:
Thu Jan 08, 2009 8:29 pm |
|
The problem with reporting such sites: they may be targeted by someone who wishes to harm them. And, if your site isn't a target for such spamming, it might be because it has evidence that it is updated frequently (mine is not) using keywords that possibly make it less of a target for such spam attacks. The point is, it may be coincidental.
That said, when I checked some of the domains, they all had different registered users that appear to be bogus (e.g. one site was registered at an invalid mailing address in Miami with a phone number that isn't valid for Miami).
Remember, this punk (I'm assuming it's one, but may be more) registers using a valid address, confirms the email, then posts comments.
I'll look into Honeypot, but certainly liked the results Guardian got with the other tool (I can't remember the name now) were very encouraging... |
| |
|
|
|
|
Susann
|
| Posted:
Fri Jan 09, 2009 4:31 am |
|
If I where you I would not use the cache I found the spam comments in Google.
Also it helps to show no member profile and other data if you are not logged in.
Since version 6.5 I´ve never got any spam comments like that and I have more indexed sites like you. I believe I have this under control and don´t need additional tools but it doesn´t harm to install Guardians spam module if you are often under such attacks.
The name is: Spam Stopper module
Also I believe that the news module in RavenNuke is much better coded and protected against autmatically spam comments than the old standard news module. |
| |
|
|
|
|
Guardian2003
|
| Posted:
Fri Jan 09, 2009 4:40 am |
|
Honeypot is pretty good and there are some excellent Classes available to make it's use really easy - I used it on my own site to 'vet' stuff for a while (there is also a forum MOD that uses it) and it does work very well. It does require free registration at their site to get an API key. I would recommend if you use their code to change the code to use http 1.0 protocol rather than their recommended HTTP 1.1 protocol as it is much faster. Despite being a remote service, in 6 months that I tested it, there were no apparent 'hangs'.
f you have your own VPS or Dedicated server and Apache 2.x there is also an Apache module so you can utilise it at the server level - doesn't work well with comment spam like that but for referer vetting it works great!
My tool of choice at the moment, which I think is the one that kguske was thinking off is Akismet. It is really easy to implement for comments, Feedback etc (a little trickier for forum posts but their are MOD's that use Akismet).
I just wish *nuke had a common function to deal with processing comment and forum data because it would make implementing anti-spam measures as well as other data filtering/verification techniques so much easier.
The nearest thing we have at the moment is the Comments module so I would probably look at expanding on that to cover data not already included in it like Weblinks and Reviews comments and then run a 'check' on the data available there and flag data as either 'passed - do not check again' or 'failed - possible spam'. |
| |
|
|
|
|
Guardian2003
|
| Posted:
Fri Jan 09, 2009 5:52 am |
|
Sorry Susann - I think I was still typing as you posted
Spam Stopper is no longer publicly available but it is available to people I know. I withdrew Spam Stopper because it included a routine to email me spammer details i.e. if the module detected and blocked a spammer or bad referrer, the admin had a button to click to send me the details automatically so I could verify the data and add it to Spam Stoppers database updates.
Very few people bothered to send me the data (one mouse click) so if they cannot be bothered to help me to make the community better for everyone by simply making one click of their mouse, it made it extremely time consuming to keep the product up to date.
The next version will automatically monitor those who 'help' the project and according to how much effort they put into helping, the more frequently they will get updates available  |
| |
|
|
|
|
kguske
|
| Posted:
Fri Jan 09, 2009 6:16 am |
|
| Susann wrote: | If I where you I would not use the cache I found the spam comments in Google.
Also it helps to show no member profile and other data if you are not logged in. |
Great points, Susann, thanks! I haven't looked at turning off the member profile and other data - how did you handle that? Script changes?
Yes, Guardian, Akismet is the one I was thinking of, thanks! Doesn't this also use an offsite service?
I'm not sure of the benefits of blocking referers - as long as they are not displayed anywhere. What am I missing here?
I *really* need to upgrade some sites, but am so swamped with other stuff at the moment... |
| |
|
|
|
|
Susann
|
| Posted:
Fri Jan 09, 2009 6:21 am |
|
Yes I had to change the scripts in phpBB. Will give you an example via PN within the next days. |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
