Ravens PHP Scripts: Forums


View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> RavenNuke(tm) v2.5x
Author Message

Joined: Feb 26, 2006
Posts: 206
Location: Springfield, MA

PostPosted: Sat Mar 24, 2012 5:35 am Reply with quote

I upgraded our production site to RN 2.5 this week.
All is well, and I like the changes - kudos to the diligent workers!


Over the past two days, I've seen almost two dozen registrations.
While I should be thrilled, the pattern is abnormal.
Additionally, all the users have email from hotmail.com

I'm not seeing any spam in the comments or posts in forums.
Just lots of user registrations.
Is this legitimate or am I dealing with a script kitty?

Awaiting His Shout
Webservant - GraciousCall.org
Romans 8:28-39 
View user's profile Send private message Visit poster's website AIM Address

PostPosted: Sat Mar 24, 2012 5:37 am Reply with quote

BTW - I installed nukeSPAM yesterday.

I tested it successfully on an entry from the spam forums.
It has not caught anything.
RavenNuke(tm) Development Team

Joined: Mar 11, 2007
Posts: 2024
Location: North Carolina

PostPosted: Sat Mar 24, 2012 7:17 am Reply with quote

Check the ip addresses and email on Project Honeypot and see if they match known spammers.

Tricked Out News 
View user's profile Send private message Send e-mail Visit poster's website
Former Moderator in Good Standing

Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY

PostPosted: Sat Mar 24, 2012 8:28 am Reply with quote

You might also want to look at the patterns in IP tracking. If you look by users and then look at the anonymous user you can see the pattern they are taking when they register. Or look at some of the new users and see what their pattern of use is. Were they trying to post when they were still anonymous? Do you have Captcha enabled for new registrations ... if so they must be entering that successfully. I have noticed quite a few bots trying to register but they all get rejected by the captcha. You can see that happening right in IP tracking.
View user's profile Send private message Visit poster's website

PostPosted: Sat Mar 24, 2012 10:12 am Reply with quote

CAPCHA is enabled on the second page of user registration.
So, how are they getting through because there are only three IPs involved?

Here is the data:

avilalj avilalj Theresia Avila banojdigaelfesriede@hotmail.com
wellscb wellscb Stephine Wells fluqoramulernary@hotmail.com
gilbertte gilbertte Rey Gilbert swbyinneyxebodonita@hotmail.com
beltranih beltranih Matthew Beltran yjkorilqiemapierre@hotmail.com
tracyda tracyda Tracy Cuevas armaneqvudinuwaraney@hotmail.com
darellya darellya Darell Bowers doreyqttahemowbburee@hotmail.com
beanmm beanmm Filomena Bean abrykeilumqiarita@hotmail.com
royro royro Freeman Roy jalisacvupehaywmpagne@hotmail.com
vHumbertoLyonss vHumbertoLyonss Humberto Lyons pillowyxbrituxntoey@hotmail.com
phebesi phebesi Phebe Miller ombesevandoefria@hotmail.com
eMarioOlivero eMarioOlivero Mario Oliver otrsuuthluoglu@hotmail.com
arroyosj arroyosj Harold Arroyo jegonnilamonetyhte@hotmail.com
stewartpw stewartpw Rico Stewart hlyoinristonpura@hotmail.com
ranahl ranahl Rana Gardner mcvadaniviecdaddie@hotmail.com
sMarinaOlivero sMarinaOlivero Marina Oliver sheorrkarihedujge@hotmail.com
fosterlu fosterlu Craig Foster ehkeefnyattaeayxdy@hotmail.com

I'll check honeypot, but my concern is how to detect / stop this.

PostPosted: Sat Mar 24, 2012 12:12 pm Reply with quote

You can ban the IP's easily enough with NS or even directly in htaccess.

If you have automatic approval on, even with email activation, then any spammer who comes to the site in person and has a real email can get registered. I require approval of new registrations by an administrator. I look at their locations and other factors before deciding whether to approve them.
Site Admin

Joined: Jun 04, 2004
Posts: 6407

PostPosted: Sun Mar 25, 2012 8:23 am Reply with quote

A little research on this:

Amazon Mechanical Turk (http://ws.amazon.com/mturk) and other sites pay pennies for people to do "data entry" (read: comment spam). They do this by posting forum and comment spam, but also be entering signatures with spam links (typically to sites for casinos, performance enhancing drugs, etc.).

Some times, they even go so far as to create an account, post some meaningless forum reply, then, later return to "update" their signature with spam links. They might do this just with the signature.

nukeSPAM will stop a lot of it, but with IP spoofing, cheap domains and endless free email accounts, it isn't possible to block 100%. All of the things fkelly mentioned are good approaches to keep in your toolbox, and Guardian suggested a mod to notify administrators when someone changes their signature, which I think is an excellent idea for yet another tool... Tools like Akismet (which is built into Disqus, which is now integrated with RavenNuke New / Tricked Out News) which analyze the content could also be valuable and effective means for blocking spam. If we could have a generic class / tool for integrating Akismet into Forums and modules with comments...yet another argument for a class-based comment system.

I google, therefore I exist...
nukeSEO - nukeFEED - nukePIE - nukeSPAM - nukeWYSIWYG
View user's profile Send private message

PostPosted: Sun Mar 25, 2012 12:36 pm Reply with quote

Thank you - all of you. These are all excellent suggestions. I did implement nukeSPAM and added CA Honeypot. There an uncomfortable amount of information flowing into/through the site. I'll look more for Guardian's suggested mod, and keep you posted.

The flow of users seemed to stopped when both of these modules came into play, but I'll keep you posted.
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> RavenNuke(tm) v2.5x

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum

Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
Forums ©