Attack of the Message board Robots.

Overman

Master Poster
Overman
Joined
Feb 2, 2006
Messages
2,629
Hey all,

Our message board on our site is being attacked, and I have no idea how to stop it, I am somewhat computer savvy and can't figure it out. Please go to www.overman.info and then click on the 'Overmanics' tag to check out what is going on...Please post suggestions here, or if you want to check out behind the scenes, email me for passwords and such.

I have sent an email to the 'creator' of our site, but he takes a while to get back...'the first thing that you learn is that you always gotta wait...'

How do I stop these evildoers?!?!?

Thanks,

Matt
 
They are getting aggressive. I formated a forum with phpbb and it was just on a test site, no domain, just an IP, no one knew it was there but me and one day I sign in to check a few things and it had hundreds of spam posts. While deleting all the users more were popping up, and this is with the mixed letter picture verification that is supposed to thwart bots. I had to set it for no more users just to get it to a point where it was clean again. Oh, and every name that signed up came from a different IP.

Why do spammers think that pissing us off is the best way to sell to us?
 
1: Check your configuration. Specifically check if the registration process is/can be supplied with a distorted image security code and whether or not it's turned on. If not turned on, do so. It will, to a certain degree, keep the autosignup bots out.
2: If your board is loggin ip's, check if the spam is coming from the same ip. if so, BAN IT!
3: Removing the posts are down right manual labor. Sorry.


I'm not sure how widespread this feature is, but some coders makes it possible to enable a "deny post containing banned words" feature. If this is so, add the urls of the spam posts to this list and enable the "deny post" feature.
 
Starthinker said:
They are getting aggressive. I formated a forum with phpbb and it was just on a test site, no domain, just an IP, no one knew it was there but me and one day I sign in to check a few things and it had hundreds of spam posts. While deleting all the users more were popping up, and this is with the mixed letter picture verification that is supposed to thwart bots. I had to set it for no more users just to get it to a point where it was clean again. Oh, and every name that signed up came from a different IP.

Why do spammers think that pissing us off is the best way to sell to us?
Click to expand...

*Snort* I had an old, never published RPG community page over at tripod UK. Never added it to any search engines. One day I got an email: "YOu database have been restricted to read only due to size limitation". Turns out the guest book was rife with viagra etc. adverts......
 
Funny thing is most of the links there don't even go anywhere in particular, and the other ones...You know, I was just checking out my local band and was thinking about buying a range rover...oh! There is a link for one right here! Sweet! WTF?
 
Just checked the posting option on your site. Your biggest problem is not having an authentication code. Right now its just post/run. IF you can, add a code, preferable with a distorted image,

Check out this wiki for what I'm talking about.

I recommend this one, which is freeware, for integration in PHP if you don't have it in your script. You'll need to dig into the code of your script, but it's not too bad.
 
Last edited:
Overman said:
Funny thing is most of the links there don't even go anywhere in particular, and the other ones...You know, I was just checking out my local band and was thinking about buying a range rover...oh! There is a link for one right here! Sweet! WTF?
Click to expand...

And the ones that do? Well, I'll just say that I hope that your protection is up to date. Those sites are virtual VD's waiting to happen.......
 
The_Fire said:
Just checked the posting option on your site. Your biggest problem is not having an authentication code. Right now its just post/run. IF you can, add a code, preferable with a distorted image,

Check out this wiki for what I'm talking about.

I recommend this one, which is freeware, for integration in PHP if you don't have it in your script. You'll need to dig into the code of your script, but it's not too bad.
Click to expand...


TY Big time...I'm gonna get on this during the weekend...
 
I have the distorted image for sign up, but I think there must be a phpbb hack for getting around it or something because they were signing up like crazy from so many IPs (no two were the same) on my forum. I think if a human were behind it they'd realize it was an empty forum with no users and give it a pass.
 
Starthinker said:
I have the distorted image for sign up, but I think there must be a phpbb hack for getting around it or something because they were signing up like crazy from so many IPs (no two were the same) on my forum. I think if a human were behind it they'd realize it was an empty forum with no users and give it a pass.
Click to expand...

There are other reasons for linkspam

Basic CAPTCHAs can be bypassed though
 
The simplest and most effective way to deal with it is to ban links. I had to do this recently for a comedy site I built a year or so ago, and it worked like a charm.

In your script, just do a quick check for strings like 'http://' and 'www.' and '<a href=' in the message body, then refuse the post - giving a nice clear message to legitimate users of course. If you're not a coder, chuck me the files and I'd be happy to fix it up quickly for you.

If you disrupt the addresses, the only way they can post links (broken up) will be be useless to them. I'm guessing they're google-spamming for better SEO, rather than selling direct...

Legit users can always post partial, non-clickable links if they really want to. It's pretty harsh, but anything else will just be an arms race. Arms races are no fun, and best avoided unless you have permanent staff ;)

By the way, I'd get a new developer. The site seriously needs an overhaul. I like a lot of the the graphics, but pretty much everything else could be done better - making a faster, more usable, modern, legal, accessable, easy-to-read site - with no pop-ups!

Just my 2c. :)
 
every name that signed up came from a different IP.

Forged client to server strings.
 
You must log in or register to reply here.

Back
Top Bottom