InformAction Forums

I'm an admin on a phpBB3 forum which seems to have been invaded by spambots... they haven't actually posted anything yet, but judging from the usernames & e-mail addresses, I'd definitely classify them as spambots. (If anybody wants to see the username/e-mail list, just PM me... I have an obligation to keep the "users" spam-free, which means not posting their e-mail addresses in a public forum)
Should I wait for them to post, then use their own content against them and ban them? Or should I be more proactive than that?

All suggestions are welcome.... (btw, I seem to have bot registration - I put a few more mandatory questions in the registration process, simple for a human but nearly-impossible for a bot. Haven't had a new bot register since...)

Thanks in advance!

I would say if you are certain they are spam u/p then block them now so to show that there is a proactive system in place. Some will create the accounts and if the accounts are still active past a certain point, they figure its a relaxed board and they might be able to invade. Also some professional shills will post what appears to be relevant feedback and participation before posting to make it look legit. In those cases I would say if they pop up with a suggestion to something that seems promotional within the first x number of posts (I use 5-10 as a rule of thumb) then delete, warn and if no answer, they are bogus, ban them. I also prune on my own server by checking reports of user activity and if I see users that are registered to access content but there is 0 activity and they have not browsed anything, posted anything, they are not here and I will delete them, simple as that. This pruning cuts out alot of the spammers that are not obvious also. Some boards also support the function to make them inactive rather than delete them so if they try to access it, it gives them the option to reactive, gives them warning why they were disabled to begin with and then if they are legit, won't happen again and if they are not back in the box they go.

Boards like ours with guest posting enabled are even worst in that department. Be proactive to get some of them to fall off but in the others you are not 100% sure (ie. no spam link in their profile, the profile info is not commercial (accountant, doctor, developer, etc), the username itself is not obvious) then I would say wait until they violate and then ban them. Also, unless you are located in and serving TONS of foreign or unicode type characters, I would say you can safely block based on language like use of Cyrillic (Russian) or Chinese/Japanese/Korean asian characters, since they are often the source of the spam. I enforce English only on my board and unless you see a need for supporting other languages, English is universal enough that it should be sufficient.

That's how I run my board (not this one where I mod, my own server) and that place is locked up tight because I do not have the need nor want to keep it easily posted, I regulate heavily and keep it organized, clean and almost near strict military style. Not a single spam in nearly 10 years, so must be doing something right and we get nearly 200-500k traffic a day with 30% unique, including the classic Googlebot, Yahoobot, MSNbot visits as well. The accounts have to validate before they can do anything, so if they didn't provide a valid email (which most spammers don't) then the problem is solved and the account will eventually delete from queue and if they did use a legit address, then we have something to trace back and report to spamcop and such to get feedback and report to the abused server and shut down at the source. I do this proactively and have had much success. Two of the people we shut down ended up in US federal court and got jail time, big rings too, not just small ones. This means they will just have to start again but it will slow them down and make them avoid your forum in time knowing you are a proactive fight backer, or they will gang up on you, no way to know until you hit them. But since its about money for them, they can't afford the time and resource wasting to fight you for nothing.

Good luck and hope that provides some perspective and help.

GµårÐïåñ wrote:I would say if you are certain they are spam u/p then block them now so to show that there is a proactive system in place.

Depends on the user. I have a few that might be legitimate, but when you get a user named "xrumer", and another named "buyxrumer", and they're using .ru e-mail addresses...
(btw, in case "xrumer" doesn't mean anything to someone - http://en.wikipedia.org/wiki/XRumer)
If you wouldn't mind, I'd like to PM you a list of my probable-bot users & their e-mail addresses and see what you think of them... I tend to be a little too suspicious of situations like this, and having someone significantly wiser than I am to help me is really great...

GµårÐïåñ wrote:Some will create the accounts and if the accounts are still active past a certain point, they figure its a relaxed board and they might be able to invade.

It is not a relaxed board. After I started getting suspicious users (about 1 a day), I took some steps to block them...
* disabled profile viewing for non-registered users (should have done this from the getgo, but I never realized it wasn't done until another friend of mine said "hey, you have a problem here..." - admin rights can make setup a little difficult, since few others see exactly what you're seeing... )
* harder captchas
* fewer registration attempts (moved it from 5 to 3) before registration is denied
* initial post queue - the first 5 posts a user makes will go into the posting queue, and will need to be reviewed by a mod before they actually show up on the forum
* profile questions - 2 simple ones for humans, but nightmares for spambots (as soon as the profile questions went up, the bot registrations stopped)
* Page monitoring - every 30 minutes, an automated service on my computer checks the forum for changes and lets me know if there are any. As soon as I see a change, I head over there right away (been expecting a tidal wave of spam since late September, when the bots started coming)
* Support from another country - a friend of mine is a global mod, and he's in another country. He's promised to keep an eye on the board as well, and the time zone difference means more coverage...

GµårÐïåñ wrote:Also some professional shills will post what appears to be relevant feedback and participation before posting to make it look legit. In those cases I would say if they pop up with a suggestion to something that seems promotional within the first x number of posts (I use 5-10 as a rule of thumb) then delete, warn and if no answer, they are bogus, ban them.

Thanks. (The forum I'm on actually has a no-promotions rule, so that makes life even easier)

GµårÐïåñ wrote:I also prune on my own server by checking reports of user activity and if I see users that are registered to access content but there is 0 activity and they have not browsed anything, posted anything, they are not here and I will delete them, simple as that. This pruning cuts out alot of the spammers that are not obvious also. Some boards also support the function to make them inactive rather than delete them so if they try to access it, it gives them the option to reactive, gives them warning why they were disabled to begin with and then if they are legit, won't happen again and if they are not back in the box they go.

That's a good idea! I should get a lot more familiar with the server logs... (just wondering, what kind of board do you have? I haven't seen any way to monitor "normal" user activity, just the moderator log & admin log, both of which are pretty much blank...)
I especially like the account deactivation idea; it keeps people from getting kicked out, while booting out all the bots...

GµårÐïåñ wrote:Boards like ours with guest posting enabled are even worst in that department. Be proactive to get some of them to fall off but in the others you are not 100% sure (ie. no spam link in their profile, the profile info is not commercial (accountant, doctor, developer, etc), the username itself is not obvious) then I would say wait until they violate and then ban them.

Thank you, I'll probably wait for them to tip their own hands... could be a long wait if the board stays as inactive as it's been lately.

GµårÐïåñ wrote:Also, unless you are located in and serving TONS of foreign or unicode type characters, I would say you can safely block based on language like use of Cyrillic (Russian) or Chinese/Japanese/Korean asian characters, since they are often the source of the spam. I enforce English only on my board and unless you see a need for supporting other languages, English is universal enough that it should be sufficient.

Nope, not really any foreign characters... it's pretty much all English (all English so far, but I've seen a few Spanish posters in a similar board), so I'll talk to the site admin about removing Cyrillic, Chinese, Japanese, Korean, etc...

GµårÐïåñ wrote:That's how I run my board (not this one where I mod, my own server) and that place is locked up tight because I do not have the need nor want to keep it easily posted, I regulate heavily and keep it organized, clean and almost near strict military style. Not a single spam in nearly 10 years, so must be doing something right and we get nearly 200-500k traffic a day with 30% unique, including the classic Googlebot, Yahoobot, MSNbot visits as well.

Wow, that's impressive!

GµårÐïåñ wrote:The accounts have to validate before they can do anything

There's another thing I should do - e-mail validation. It's not up right now...

GµårÐïåñ wrote:The accounts have to validate before they can do anything, so if they didn't provide a valid email (which most spammers don't) then the problem is solved and the account will eventually delete from queue and if they did use a legit address, then we have something to trace back and report to spamcop and such to get feedback and report to the abused server and shut down at the source. I do this proactively and have had much success. Two of the people we shut down ended up in US federal court and got jail time, big rings too, not just small ones.

Wow.
Just wondering, I assume you trace back by looking at the e-mail address and the domain thereof? (Don't know much about Internet security at this point, but I'm learning as quickly as possible...)

GµårÐïåñ wrote:This means they will just have to start again but it will slow them down and make them avoid your forum in time knowing you are a proactive fight backer, or they will gang up on you, no way to know until you hit them. But since its about money for them, they can't afford the time and resource wasting to fight you for nothing.

So the idea here is shut down the income potential, and the bots go down too... if they can't make cash from a site, they won't waste time with that site.

GµårÐïåñ wrote:Good luck and hope that provides some perspective and help.

Thanks a lot, that was really useful!
Going to apply some of that stuff right now...

computerfreaker wrote:Depends on the user. I have a few that might be legitimate, but when you get a user named "xrumer", and another named "buyxrumer", and they're using .ru e-mail addresses...
(btw, in case "xrumer" doesn't mean anything to someone - http://en.wikipedia.org/wiki/XRumer)
If you wouldn't mind, I'd like to PM you a list of my probable-bot users & their e-mail addresses and see what you think of them... I tend to be a little too suspicious of situations like this, and having someone significantly wiser than I am to help me is really great...

Not a problem, send them and I will take a look and get back to you on them shortly.

It is not a relaxed board. After I started getting suspicious users (about 1 a day), I took some steps to block them...
* disabled profile viewing for non-registered users (should have done this from the getgo, but I never realized it wasn't done until another friend of mine said "hey, you have a problem here..." - admin rights can make setup a little difficult, since few others see exactly what you're seeing... )
* harder captchas
* fewer registration attempts (moved it from 5 to 3) before registration is denied
* initial post queue - the first 5 posts a user makes will go into the posting queue, and will need to be reviewed by a mod before they actually show up on the forum
* profile questions - 2 simple ones for humans, but nightmares for spambots (as soon as the profile questions went up, the bot registrations stopped)
* Page monitoring - every 30 minutes, an automated service on my computer checks the forum for changes and lets me know if there are any. As soon as I see a change, I head over there right away (been expecting a tidal wave of spam since late September, when the bots started coming)
* Support from another country - a friend of mine is a global mod, and he's in another country. He's promised to keep an eye on the board as well, and the time zone difference means more coverage...

These are good steps, well done. I do the post moderation too for fewer than 5 and then also have the no-promotion rule within the first 15, although less stringent than less than 10. I also have bad behavior modules built-in and enabled as much restriction that was reasonable before making it too hard to use.

Thanks. (The forum I'm on actually has a no-promotions rule, so that makes life even easier)

Any good board should have that rule. You don't want to be promoted the wrong way or less than honestly. Automatically paints you as bad and first impressions are everything.

That's a good idea! I should get a lot more familiar with the server logs... (just wondering, what kind of board do you have? I haven't seen any way to monitor "normal" user activity, just the moderator log & admin log, both of which are pretty much blank...)
I especially like the account deactivation idea; it keeps people from getting kicked out, while booting out all the bots...

Not as difficult as you would think. I mainly use phpbb3 and vbulletin, but also dev/maintain some lithium boards (which are almost exclusively ASP.net). This is why on larger projects I have one admin assigned to ONLY handling pruning (deactivating, evaluating, reactivating), one admin ONLY handling banning/spam control (banning, research, warnings, reports), one admin that maintains the content flow (re-order posts, merge, split, prune, sticky, rules, instructions, tips) and then anywhere from 1-5 mods who handle the support, interactions and reporting problems up the chain, they cannot take action, they can only report it for escalated review, this prevents bias or unilateral decision making and leaves it in the hands of the higher ups who have lesser human contact and generally expected to have less bias but hey we are human too.

Thank you, I'll probably wait for them to tip their own hands... could be a long wait if the board stays as inactive as it's been lately.

Yeah your traffic sort of promotes its own level of aggressiveness, so adjust accordingly.

Nope, not really any foreign characters... it's pretty much all English (all English so far, but I've seen a few Spanish posters in a similar board), so I'll talk to the site admin about removing Cyrillic, Chinese, Japanese, Korean, etc...

We have those measures here, as well as email, domain, keyword control over the UA (UserAgent) and etc that fit bad behavior profiles. The rest we just spot catch and research and quarantine and eventually purge. I have encountered some foreign posters who just absolutely couldn't speak english AT ALL, which is tough to find nowadays but still. I usually take the post and translate it and post it back into as an edit so it maintains the flow for the majority. Takes work, some languages I know, so not an issue, some I don't, I ask friends to translate for me so the grammer stays correct, google translate only does so much.

Wow, that's impressive!

Thank you, actually the CIO was pissed with me that the traffic seem small. I asked him: compared to what, google? I was being snippy but I felt that he was being unreasonable in his expectations, especially that since the forum portion is for support, you WANT less traffic, meaning there is less problems generally, so I am content with quality of our traffic but sometimes they say stupid stuff that annoys me.

There's another thing I should do - e-mail validation. It's not up right now...

You should do that and make sure the reply is an alias that is not monitored (auto-bounce) or a mailbox that is not checked but flushed, you could and most likely will get spammed at that address. It sucks, so usually it ends up being admin@domain.name but ours says no-reply@ on one, bounce-noreply@ on the others.

Wow.
Just wondering, I assume you trace back by looking at the e-mail address and the domain thereof? (Don't know much about Internet security at this point, but I'm learning as quickly as possible...)

Yeah I spend more time with SpamCop and their system than my own kids. Nah, we rip apart the header and walk it line by line to detect the injected fake bull from the real header that CANNOT be skipped or faked, trace it back to the what IP sent it, who owned the IP and was the ISP serving it, contact the admins, abuse, and spam addresses and also any legally established contact addresses in the database. IN certain cases they also go to the FTC when it involves phishing/scams.

So the idea here is shut down the income potential, and the bots go down too... if they can't make cash from a site, they won't waste time with that site.

Bingo, for now its cheap, when it becomes expensive to operate, they cut and start again where there is less saturation and let the rest thin out for a while. Its a cycle. For them its a business, so as long as the profit is there, work is justified and they keep it up.

I can imagine that's a potent weapon...

Yes but thankfully in the last 21 years, I have resorted to it twice outside of cooperative efforts with the government. Yes we help out in cases involving children and bad things. We are good at getting into places and near those where a cop would be spotted right away.

Thanks a lot, that was really useful!
Going to apply some of that stuff right now...

You are most welcome, take care. Let me know anything you find out, in case I don't already know. Never can have too many good solutions. Take care.

GµårÐïåñ wrote:Not a problem, send them and I will take a look and get back to you on them shortly.

Thank you!
The list is in your inbox...

GµårÐïåñ wrote:

It is not a relaxed board. After I started getting suspicious users (about 1 a day), I took some steps to block them...
* disabled profile viewing for non-registered users (should have done this from the getgo, but I never realized it wasn't done until another friend of mine said "hey, you have a problem here..." - admin rights can make setup a little difficult, since few others see exactly what you're seeing... )
* harder captchas
* fewer registration attempts (moved it from 5 to 3) before registration is denied
* initial post queue - the first 5 posts a user makes will go into the posting queue, and will need to be reviewed by a mod before they actually show up on the forum
* profile questions - 2 simple ones for humans, but nightmares for spambots (as soon as the profile questions went up, the bot registrations stopped)
* Page monitoring - every 30 minutes, an automated service on my computer checks the forum for changes and lets me know if there are any. As soon as I see a change, I head over there right away (been expecting a tidal wave of spam since late September, when the bots started coming)
* Support from another country - a friend of mine is a global mod, and he's in another country. He's promised to keep an eye on the board as well, and the time zone difference means more coverage...

These are good steps, well done. I do the post moderation too for fewer than 5 and then also have the no-promotion rule within the first 15, although less stringent than less than 10. I also have bad behavior modules built-in and enabled as much restriction that was reasonable before making it too hard to use.

The bad-behavior modules sound interesting... if my friend comes back, I'll talk to him about implementing those.

GµårÐïåñ wrote:

Thanks. (The forum I'm on actually has a no-promotions rule, so that makes life even easier)

Any good board should have that rule. You don't want to be promoted the wrong way or less than honestly. Automatically paints you as bad and first impressions are everything.

yes, I agree... first impressions really are everything, and a board full of bots is a sure turnoff for many users. A board full of promotions is almost as bad, IMHO...

GµårÐïåñ wrote:

That's a good idea! I should get a lot more familiar with the server logs... (just wondering, what kind of board do you have? I haven't seen any way to monitor "normal" user activity, just the moderator log & admin log, both of which are pretty much blank...)
I especially like the account deactivation idea; it keeps people from getting kicked out, while booting out all the bots...

Not as difficult as you would think. I mainly use phpbb3 and vbulletin, but also dev/maintain some lithium boards (which are almost exclusively ASP.net). This is why on larger projects I have one admin assigned to ONLY handling pruning (deactivating, evaluating, reactivating), one admin ONLY handling banning/spam control (banning, research, warnings, reports), one admin that maintains the content flow (re-order posts, merge, split, prune, sticky, rules, instructions, tips) and then anywhere from 1-5 mods who handle the support, interactions and reporting problems up the chain, they cannot take action, they can only report it for escalated review, this prevents bias or unilateral decision making and leaves it in the hands of the higher ups who have lesser human contact and generally expected to have less bias but hey we are human too.

Sounds like a good control structure. Unfortunately, due to the tiny size of the board I'm on, there aren't even enough users to divide the admin rights among, like you're doing... however, if things get busy, I'll keep your control structure in mind.

GµårÐïåñ wrote:

Thank you, I'll probably wait for them to tip their own hands... could be a long wait if the board stays as inactive as it's been lately.

Yeah your traffic sort of promotes its own level of aggressiveness, so adjust accordingly.

yep, not much traffic, so not much aggressiveness is needed. Just some prevention steps to keep out the bots...

GµårÐïåñ wrote:

Nope, not really any foreign characters... it's pretty much all English (all English so far, but I've seen a few Spanish posters in a similar board), so I'll talk to the site admin about removing Cyrillic, Chinese, Japanese, Korean, etc...

We have those measures here, as well as email, domain, keyword control over the UA (UserAgent) and etc that fit bad behavior profiles.

Nice! I'd assume that means editing the phpBB files? (Can't seem to find any options like that in the regular Admin Control Panel)

GµårÐïåñ wrote:

Wow, that's impressive!

Thank you, actually the CIO was pissed with me that the traffic seem small. I asked him: compared to what, google? I was being snippy but I felt that he was being unreasonable in his expectations, especially that since the forum portion is for support, you WANT less traffic, meaning there is less problems generally, so I am content with quality of our traffic but sometimes they say stupid stuff that annoys me.

I agree with you, that kind of traffic volume is very reasonable... and for support forums, the less traffic the better. (Besides, as my Dad likes to say, "Quality, not quantity, is what counts.")

GµårÐïåñ wrote:

There's another thing I should do - e-mail validation. It's not up right now...

You should do that and make sure the reply is an alias that is not monitored (auto-bounce) or a mailbox that is not checked but flushed, you could and most likely will get spammed at that address. It sucks, so usually it ends up being admin@domain.name but ours says no-reply@ on one, bounce-noreply@ on the others.

I don't have control over the reply e-mail address, unfortunately... if my friend comes back I will have him change it.

GµårÐïåñ wrote:Yeah I spend more time with SpamCop and their system than my own kids. Nah, we rip apart the header and walk it line by line to detect the injected fake bull from the real header that CANNOT be skipped or faked, trace it back to the what IP sent it, who owned the IP and was the ISP serving it, contact the admins, abuse, and spam addresses and also any legally established contact addresses in the database. IN certain cases they also go to the FTC when it involves phishing/scams.

Sounds like an interesting, albeit difficult, thing to do. "we rip apart the header and walk it line by line" - just a plain-text editor, I'd assume? "trace it back to the IP that send it, who owned the IP and the ISP serving it" - just a standard trace tool? (Actually have a trace feature built into Fx, part of the ErrorZilla mod; never used it though)

GµårÐïåñ wrote:

So the idea here is shut down the income potential, and the bots go down too... if they can't make cash from a site, they won't waste time with that site.

Bingo, for now its cheap, when it becomes expensive to operate, they cut and start again where there is less saturation and let the rest thin out for a while. Its a cycle. For them its a business, so as long as the profit is there, work is justified and they keep it up.

Some "business"... I prefer a legal one. At least with a "normal business cycle", it's not hard to keep an eye on things...

GµårÐïåñ wrote:

I can imagine that's a potent weapon...

Yes but thankfully in the last 21 years, I have resorted to it twice outside of cooperative efforts with the government. Yes we help out in cases involving children and bad things. We are good at getting into places and near those where a cop would be spotted right away.

That's really good of you... I'm also interested in cleaning up the Internet, looks like a massive job though.

GµårÐïåñ wrote:Let me know anything you find out, in case I don't already know. Never can have too many good solutions.

If I run across anything useful, I'll be sure to let you know...

Have a good day!

computerfreaker wrote:Thank you!
The list is in your inbox...

Yes I saw it, answered and returned to you already.

The bad-behavior modules sound interesting... if my friend comes back, I'll talk to him about implementing those.

Take a look here for some more on the subject: www.bad-behavior.ioerror.us

yes, I agree... first impressions really are everything, and a board full of bots is a sure turnoff for many users. A board full of promotions is almost as bad, IMHO...

Yeap and you can turn off that type of display or limit it to mods or admins so that the users don't see it at the bottom but it seems to be a bit difficult to segregate that, not sure if that's an all or nothing feature.

Sounds like a good control structure. Unfortunately, due to the tiny size of the board I'm on, there aren't even enough users to divide the admin rights among, like you're doing... however, if things get busy, I'll keep your control structure in mind.

Yeah as I mentioned, it comes with size and level of traffic, that kind of segregation may not be necessary unless your company is subject to federal compliance rules or that you are large enough to justify it. Just something to keep in mind.

yep, not much traffic, so not much aggressiveness is needed. Just some prevention steps to keep out the bots...

That is often the basic if not only step needed for the majority of forums, unless as I said before, they are very large and serve large traffic.

Nice! I'd assume that means editing the phpBB files? (Can't seem to find any options like that in the regular Admin Control Panel)

Yes, some editing is needed and Giorgio takes care of that as the sole admin with access to the source and of course being a majorly talented programmer helps too. He implemented a few features right away and added some later when he had time to make use happy. Unfortunately editing the code means that upgrading is harder to do since some custom code may be lost or need to be redone for a new update.

I agree with you, that kind of traffic volume is very reasonable... and for support forums, the less traffic the better. (Besides, as my Dad likes to say, "Quality, not quantity, is what counts.")

Thank you, finally some voice of reason. Exactly, support forums you want less traffic (means generally less problems) and currently thank goodness most of the traffic is users discussing among themselves and/or feature requests and/or request for how-tos, thankfully not too many are actually "your crap don't work" and usually a bit more constructive.

I don't have control over the reply e-mail address, unfortunately... if my friend comes back I will have him change it.

Just something to consider, its not a super duper rush or concern usually at first, it comes with time.

Sounds like an interesting, albeit difficult, thing to do. "we rip apart the header and walk it line by line" - just a plain-text editor, I'd assume? "trace it back to the IP that send it, who owned the IP and the ISP serving it" - just a standard trace tool? (Actually have a trace feature built into Fx, part of the ErrorZilla mod; never used it though)

It can be at first until you get used to the process. You see, first you need to know what mailhosts are your own (meaning what part of the header was put there by your own mail server that got it or processed it) and then you need to figure out which ip/hostname information is bogus (which takes out the fake ones added to throw people off) and then what is left is authentic sender information and then you get busy with DNS lookups, Whois, etc, until you track down the responsible parties. Unfortunately getting compliance from foreign based ISP is difficult as they are not subject to our laws but given they know their ISP or IP ranges will end up in the blacklist, tends to keep them moderately cooperative. As for the tool, yeah just simply grab the full real header from your mail client, paste in notepad and start going through it line by line. Of course a healthy understanding of headers and what they mean would also be helpful. SpamCop and a few other entities have developed better more versatile tools that will read and parse the header and match it with relevant contact/report addresses but sometimes it just hits a wall, it was a hit and run dialup or temporary ISP used at a cafe somewhere. No point with those, nothing to shut down but still you can go after the product/company being promoted and asking them to verify what client has that referral, affiliate id or who makes money from this message if someone clicks, that's another way to block them that way but cutting their revenue at the source they are promoting.

Some "business"... I prefer a legal one. At least with a "normal business cycle", it's not hard to keep an eye on things...

Yes, its a horrible "business" but unfortunately it _IS_ a business for many, while some do it just to annoy.

That's really good of you... I'm also interested in cleaning up the Internet, looks like a massive job though.

No kidding, I do what I can because I grew up when the internet was developing, so I saw it go from potential to crap in my lifetime, so I am hoping my kids will have a better "internet" if you will. With considerations on net neutrality and equal traffic and stuff like that, either the prices will go up or an elite group will build a SECOND more exclusive internet for those willing to pay to use the "cleaner", "better" version. When I was IU, we were working on internet 2 which is currently similar to the original internet and exclusive to universities, research and government and probably will remain that way to keep it from being abused and ruined too. But if it is ever released to the public, it will be regulated heavily. If you want good quality then you abide or you use the crap that everyone else is using, that's the general simplified idea.

If I run across anything useful, I'll be sure to let you know...

Have a good day!

Thank you.

GµårÐïåñ wrote:

computerfreaker wrote:Thank you!
The list is in your inbox...

Yes I saw it, answered and returned to you already.

Saw the reply, banned a dozen bots, and replied back to you... thanks for the quick & thorough response!

GµårÐïåñ wrote:

The bad-behavior modules sound interesting... if my friend comes back, I'll talk to him about implementing those.

Take a look here for some more on the subject: http://www.bad-behavior.ioerror.us

That looks good. Definitely going to implement that if my friend comes back...

GµårÐïåñ wrote:

yes, I agree... first impressions really are everything, and a board full of bots is a sure turnoff for many users. A board full of promotions is almost as bad, IMHO...

Yeap and you can turn off that type of display or limit it to mods or admins so that the users don't see it at the bottom but it seems to be a bit difficult to segregate that, not sure if that's an all or nothing feature.

At least in phpBB3, it seems to be an all or nothing feature (except perhaps manually editing the board's config files)... and sig lines are frequently not only fascinating, but downright useful. I think a "no spamming, even in your sig line" policy, coupled with vigilance, should be enough...

GµårÐïåñ wrote:

Sounds like a good control structure. Unfortunately, due to the tiny size of the board I'm on, there aren't even enough users to divide the admin rights among, like you're doing... however, if things get busy, I'll keep your control structure in mind.

Yeah as I mentioned, it comes with size and level of traffic, that kind of segregation may not be necessary unless your company is subject to federal compliance rules or that you are large enough to justify it. Just something to keep in mind.

yep, not much traffic, so not much aggressiveness is needed. Just some prevention steps to keep out the bots...

That is often the basic if not only step needed for the majority of forums, unless as I said before, they are very large and serve large traffic.

Well, our board is small & serves little (if any) real traffic... but, as I mentioned, I'll keep your approach in mind if we ever "hit the big time"...

GµårÐïåñ wrote:

Nice! I'd assume that means editing the phpBB files? (Can't seem to find any options like that in the regular Admin Control Panel)

Yes, some editing is needed and Giorgio takes care of that as the sole admin with access to the source and of course being a majorly talented programmer helps too. He implemented a few features right away and added some later when he had time to make use happy. Unfortunately editing the code means that upgrading is harder to do since some custom code may be lost or need to be redone for a new update.

yes, like most things in life, it's a tradeoff. Not a bad-looking one, though... especially with Mr. Maone doing the config editing.

GµårÐïåñ wrote:

I agree with you, that kind of traffic volume is very reasonable... and for support forums, the less traffic the better. (Besides, as my Dad likes to say, "Quality, not quantity, is what counts.")

Thank you, finally some voice of reason. Exactly, support forums you want less traffic (means generally less problems) and currently thank goodness most of the traffic is users discussing among themselves and/or feature requests and/or request for how-tos, thankfully not too many are actually "your crap don't work" and usually a bit more constructive.

IMHO, anybody who says "your junk doesn't work", regardless of the software being discussed, should get kicked out and never come back. At the very least they could explain the problem...
yes, most people on here are having conversations about security, web tech, etc. or asking for new features... (I think the quality of NoScript is important in this, if it was poorly coded the forum would be a lot less peaceful. The REAL Software forums used to be happy & peaceful, too, until REAL Software started filling REALbasic full of bugs - the forums degraded into a lot of flame wars, a lot of irritation, etc.)

GµårÐïåñ wrote:

Sounds like an interesting, albeit difficult, thing to do. "we rip apart the header and walk it line by line" - just a plain-text editor, I'd assume? "trace it back to the IP that send it, who owned the IP and the ISP serving it" - just a standard trace tool? (Actually have a trace feature built into Fx, part of the ErrorZilla mod; never used it though)

It can be at first until you get used to the process. You see, first you need to know what mailhosts are your own (meaning what part of the header was put there by your own mail server that got it or processed it) and then you need to figure out which ip/hostname information is bogus (which takes out the fake ones added to throw people off) and then what is left is authentic sender information and then you get busy with DNS lookups, Whois, etc, until you track down the responsible parties.

I got busy with some Whois stuff this afternoon, while I was banning those bots... either some major corporations are sending out spambots or the bots are hiding themselves pretty well, as the bots' IP addresses were registered to official-looking companies (one was registered to Comcast!!)

GµårÐïåñ wrote:Unfortunately getting compliance from foreign based ISP is difficult as they are not subject to our laws but given they know their ISP or IP ranges will end up in the blacklist, tends to keep them moderately cooperative.

Thanks for the tip, working with/against foreign ISP's is probably a major headache... it's nice to have a bit of leverage when doing that.

GµårÐïåñ wrote:As for the tool, yeah just simply grab the full real header from your mail client, paste in notepad and start going through it line by line. Of course a healthy understanding of headers and what they mean would also be helpful. SpamCop and a few other entities have developed better more versatile tools that will read and parse the header and match it with relevant contact/report addresses but sometimes it just hits a wall, it was a hit and run dialup or temporary ISP used at a cafe somewhere. No point with those, nothing to shut down but still you can go after the product/company being promoted and asking them to verify what client has that referral, affiliate id or who makes money from this message if someone clicks, that's another way to block them that way but cutting their revenue at the source they are promoting.

Thanks for the tool info. I'll probably use Notepad++, as it's my favorite text editor... and I should start learning headers, as I don't know a darn thing about the "meat" of the header.

GµårÐïåñ wrote:

Some "business"... I prefer a legal one. At least with a "normal business cycle", it's not hard to keep an eye on things...

Yes, its a horrible "business" but unfortunately it _IS_ a business for many, while some do it just to annoy.

IMHO, those doing it "just to annoy" are the worst... they aren't even trying to make money, just drive others crazy.

GµårÐïåñ wrote:

That's really good of you... I'm also interested in cleaning up the Internet, looks like a massive job though.

No kidding, I do what I can because I grew up when the internet was developing, so I saw it go from potential to crap in my lifetime, so I am hoping my kids will have a better "internet" if you will. With considerations on net neutrality and equal traffic and stuff like that, either the prices will go up or an elite group will build a SECOND more exclusive internet for those willing to pay to use the "cleaner", "better" version. When I was IU, we were working on internet 2 which is currently similar to the original internet and exclusive to universities, research and government and probably will remain that way to keep it from being abused and ruined too. But if it is ever released to the public, it will be regulated heavily. If you want good quality then you abide or you use the crap that everyone else is using, that's the general simplified idea.

I like the idea of Internet 2... the real problem is making it accessible for people without draining them, while making it pointless for spambots/malicious users to join.
(My pet peeve on the Internet is the awful content: I had to get ProCon Latte just to keep my mind reasonably clear of bad words, and my #2 use for AdBlock Plus is to block inappropriate pictures. What a waste of Internet space & people's time...)

Have a good rest of the week!

computerfreaker wrote:Saw the reply, banned a dozen bots, and replied back to you... thanks for the quick & thorough response!

You are welcome.

That looks good. Definitely going to implement that if my friend comes back...

Have fun, I got that one from Giorgio when he implemented some stuff, for that particular link you have him to thank, I just happen to remember it.

At least in phpBB3, it seems to be an all or nothing feature (except perhaps manually editing the board's config files)... and sig lines are frequently not only fascinating, but downright useful. I think a "no spamming, even in your sig line" policy, coupled with vigilance, should be enough...

Yeah, it seems that way. Siggy block is a must but in some rare cases the person is legit and the link is good, despite possible commercial content. In my case there is a link to my personal blog but I don't sell nothing, so there is no issue and if I did begin selling something, I will probably remove the link.

Well, our board is small & serves little (if any) real traffic... but, as I mentioned, I'll keep your approach in mind if we ever "hit the big time"...

You'll get there one day hopefully.

yes, like most things in life, it's a tradeoff. Not a bad-looking one, though... especially with Mr. Maone doing the config editing.

Of course GM doing the editing, you can't ask for a better maestro but still its annoying, time consuming and cuts into his other tasks, but he gracefully manages to get it done here and there just the same.

IMHO, anybody who says "your junk doesn't work", regardless of the software being discussed, should get kicked out and never come back. At the very least they could explain the problem...
yes, most people on here are having conversations about security, web tech, etc. or asking for new features... (I think the quality of NoScript is important in this, if it was poorly coded the forum would be a lot less peaceful. The REAL Software forums used to be happy & peaceful, too, until REAL Software started filling REALbasic full of bugs - the forums degraded into a lot of flame wars, a lot of irritation, etc.)

No kidding, if it was up to me, when a person posts a question and its not a question but a statement that is not relevant to anything or seeks support but no data provided, I would ditch them instantly but sometimes that rule needs a small degree of relaxing. There are unique conditions where its legit but not often.

I got busy with some Whois stuff this afternoon, while I was banning those bots... either some major corporations are sending out spambots or the bots are hiding themselves pretty well, as the bots' IP addresses were registered to official-looking companies (one was registered to Comcast!!)

No, that just means their server was used to do the bad behavior, that's all. They are an ISP so it would stand to reason their network/ip/servers would be used by a subscriber to send out crap. We send them the technical details and when they are not being lazy and resistant, they do look into their logs, issue warnings, ban users, etc.

Thanks for the tip, working with/against foreign ISP's is probably a major headache... it's nice to have a bit of leverage when doing that.

Yeah, small but still a block to their revenue stream.

Thanks for the tool info. I'll probably use Notepad++, as it's my favorite text editor... and I should start learning headers, as I don't know a darn thing about the "meat" of the header.

You are welcome. I N++ is alright but I personally use Programmer's Notepad or just good old Notepad, the syntax highlighting is good and so is the interface. Still a work in progress but a good one. In the end it makes no difference what you use, its the logical process that is the goal. You can study RFC standards if you like and it should shed some light. The problem is the text is long, technical, dry and often more confusing than the problem. So some familiarity going into it might help. Basically if you know how to interface with mailserver:25 and know the command line without using a client, then you should be ok.

IMHO, those doing it "just to annoy" are the worst... they aren't even trying to make money, just drive others crazy.

Yeah, some thrive on chaos, some thrive on order and some just go with the natural order of the universe, entropy

I like the idea of Internet 2... the real problem is making it accessible for people without draining them, while making it pointless for spambots/malicious users to join.

Since it follows a subscription model and verified participant paradigm, it cuts out the malicious riffraff who want to annoy because it won't be cost effective and they will be exposed to sanctions, so it should be pretty effective in eliminating them but as you pointed out and I said earlier, it will be more costly to use the internet. It comes down to choice, deal with it and tolerate or ditch and move to greener pastures.

(My pet peeve on the Internet is the awful content: I had to get ProCon Latte just to keep my mind reasonably clear of bad words, and my #2 use for AdBlock Plus is to block inappropriate pictures. What a waste of Internet space & people's time...)

Have a good rest of the week!

I am generally content since I have my internet experience so tight that I don't deal with much annoyances or "bad" things and plus I have seen it all, so nothing shocks me. As you know the hacker community is often supported by funds from porn industry and so we are used to seeing this stuff so much, it bounces off of us and goes ignored for the most part. It also helps weed out the noobs coming to our playgrounds, they are the ones that get the brunt of the "CRAP" content. I hardly see anything with the level of restrictions I have in place. Between my host files, registry, policy and MIM solutions, I don't get any bad traffic. The only thing that makes it through are the SPAM to some extent and I want that because of my own personal choice to fight back, otherwise I wouldn't even get that and they arrive completed neutered anyway.

Currently the internet is like the wild west with little to no rules and everyone is making them up as they go. This is why its such a waste of good technology and potential serving crap content under the banner of free speech. I think its tarnishing and shaming the principle of free speech but I am hardly a puritan or religious nut, so I take it with a grain of salt and move on but still it bothers me that my kid will grow up in the middle of all this. I can only hope to teach her my skills as well as I learned them so that she can improve them and make herself better and someday run circles around her pop.