I’m sure I’m not alone in seeing this new spammer tactic… I called it delayed spam. How does it work?

A spammer registers on a board. They might not do anything for a while. Then they try to post something that looks legitimate, using generic language that could be appropriate anywhere. Stuff like:

You make some good points, please keep posting

I find your arguments compelling, can you link your sources?

Thanks, it helped me

None of those add anything to the discussion, but they’re not really spam. What happens next? The spammer goes quiet for a few weeks, hoping that the topics they have posted in will fade from the front page. Then they carefully go back in and edit their post. They might change the text of the post itself, or they might add a signature that wasn’t there before. They are relying on the fact that phpBB (and other boards as well) do not bump a post back to the front page if something is edited, only if new content is added.

Very frustrating.

So far I have not come up with a programmatic solution to the problem. I am working on code that will capture the edit history of a post and allow board moderators to revert to an original version, so that at least would let me prove how the spammer added their content after the fact. That doesn’t solve the problem, it just provides an audit trail should I decide to try to take action against the spammer.

A frequent suggestion at this point might be something along the lines of preventing someone from posting URLs or links until they reach a certain level of post. That doesn’t help either, as the spammers often have five or ten posts under their belt before they come back and edit. Plus it impacts the legitimate new users that come on board with questions that require links. It’s not my favorite concept.

So today what my moderator team does is a manual process. When we get a suspected spammer, they will do a web search for either their username, their email address, or both. If they find the same username on hundreds of different boards that’s a good indication they’re a spammer, especially if the user is recently registered on all of them. They can also pull up posts from the user on these other boards. If they look similar to what they’re posting on our board, that’s another indication. All of these steps are used to decide whether to preemptively ban the spammer before they spam, or decide to wait.

It’s all a manual process for now. So while I’ve been away from phpBB2 for a while because of other demands on my time, this has never really been far from my mind. I just haven’t come up with an idea that can be implemented in code versus a manual process.

Guess I should check in with the BB Protection folks, and see what they’re up to at this point.

The focus for the past several years for board owners has been to prevent (or at least have some easy way to ignore) spammer registrations. When spammers thought it was useful to have an entry on a board memberlist they were often satisfied with getting through the registration process. They didn’t bother to activate their account. As a result, one of the most popular (and fortunately very easy) MODs for discussion boards was to prevent inactive members from showing up on the member list. This is the standard configuration for phpBB3, no MOD required.

Spammers reacted by altering their process so they can activate accounts. (I as well as other board owners have seen a dramatic increase in use of gmail accounts for this, so clearly Google’s registration process has been cracked and automated as well.) Like many board owners, I would like to have a “clean” database. But it wasn’t a huge imposition to get spammer registrations. If they never posted, they were not a contributing member of my board but at least they weren’t getting in the way. I had a MOD that prevented board members from entering a web site until they had a minimum number of posts on my board, so at least I didn’t get a member database sprinkled with unsavory web links. There are also MODs available that prevent zero-post users from showing up, and for pruning inactive or zero-post users after some specific period of time. All of these were okay in their day, but are not as effective anymore.

I’ve posted many times about my Checkbox Challenge code. It has served very well in protecting my blogs, several phpBB boards, and even my comment forms from spammers. However I am starting to see some issues, and that bothers me. Why? Because the new spam seems to be coming from humans rather than bots. I don’t know how we can combat that. Spammers seem to be quite creative with their posting strategies as well. More…

I don’t like most current CAPTCHA techniques. There is nothing that frustrates me more than trying to use a web site and being presented with this:

Yes, that is an actual CAPTCHA image that I was presented with. If anyone can figure out what that one is supposed to be saying, you have better eyes than I do. More…

After just cleaning up yet another gmail spammer (I so love the Spammer Hammer™ MOD, is one of my favorites ) tonight I found myself wondering: Is it worth setting up an extra activation step for gmail.com accounts? More…

It has been a while since I visited my honeypot board. I decided to have a look today…

Our users have posted a total of 385789 articles
We have 43968 registered users

And when I logged in, I had 33 unread PMs as well.

Bots have been busy. I intend to go back and see what additional patterns I can get from the data. In light of one of my recent posts about gmail being the most abused email domain, here are some stats that speak for themselves. These are the top ten email domains in use on my honey pot board:

+-----------------+----------+
| email_domain    |  users   |
+-----------------+----------+
| gmail.com       |    11323 |
| mail.ru         |     6034 |
| meltmail.com    |     1179 |
| gawab.com       |      859 |
| getciallis.info |      855 |
| spambox.us      |      479 |
| serpdomains.com |      449 |
| atlantaclubs.cn |      282 |
| coolgwen.cn     |      274 |
| coolsanta.cn    |      255 |
+-----------------+----------+

More…

Not too long ago I participated in a topic at phpbb.com where the author was asking about blocking gmail email addresses. The general consensus from the community was that the board owner should not block gmail but instead rely on some other methods for blocking spammers. I don’t block gmail, but sometimes I would like to. In this post I think I summarized it best, saying:

hotmail, yahoo, gmail… any free email account is subject to abuse. Spammers are using the fact that board owners are, as you are, reluctant to ban gmail outright because it does have so many legitimate users.

Having said that, I decided it was time to go back and work through some numbers. Instead of guessing how bad the problem is, I wanted to get actual statistics to back up my claims. Anyone can say anything they want. Having numbers makes the claims more substantial. And graphs. Pictures are always good. The data used for this post is available as an Excel file for anyone to download and review (link at the end of the post). Here’s the summary:

Google: Your gmail system is borked. Fix it or risk it becoming irrelevant. More…

Anyone want to bet how long it takes the automated posting bots to infect twitter?

Will the battle never end?

Apparently not.

I have seen a new style of spam coming in on another blog that I have. Based on past experience, I normally expect the spam to include links to various sites that I have no interest in. These sites will normally promote things like products I don’t want (or need).

Lately, however, I have been getting spam comments that include links to “linked in” or other social networking sites. What’s the point of that? <sigh> The comments include anything along these lines (these are actual spam comments)

After reading through the article, I just feel that I really need more information on the topic. Can you suggest some resources ?

The style of writing is quite familiar . Have you written guest posts for other bloggers?

The topic is quite hot in the net right now. What do you pay the most attention to while choosing what to write about?

My friend on Facebook shared this link with me and I’m not dissapointed that I came here.

… and many more like this. The good news is that the comments were held in the moderation queue. The bad news is that these comments were all made on a blog that is protected by the checkbox challenge code that I use here. I have plans to go out and analyze the server logs to see if the comments were made by a human or a bot, based on time spent on the various pages.

A few weeks ago I posted about increasing the flood interval on my honey pot board. My theory was that since bots seem to have a fairly regular posting process I could cut down on the number of spam posts simply by changing the flood interval.

It didn’t seem to work.

More…

Today I decided to check in on my “honey pot” board that I have running. I haven’t been there in a week or so but things were still humming along last time I looked. This time when I logged in I got a warning from my pop-up blocker. My initial reaction? I’ve been hacked.

PM Spammers

It turned out that the real answer was much more benign… it was the notification of new private messages popping up. More…