If you have ever watched poker (or other games that involve bluffing) then you might have heard people talk about “tells” from other players. A “tell” is simply something that the person does – perhaps without even being aware of it – that gives away certain information. Spammers do the same thing. If I can find their tells then I can use that information against them, just like I could use that information to my advantage in a poker game.
Here are some “tells” that I have identified after analyzing my phpBB2 honey pot board with one month of spammer data.
Before I get into the statistics I think a disclaimer should be made. About a month ago I set up an “unprotected” phpBB2 board on a domain that had formerly had a phpBB2 board. (Technically it’s on a subdomain but the point remains valid.) I was a bit surprised by how quickly this domain was found and overrun by spammers so I set up another unprotected board a few weeks later on a domain that had never had a forum. That second domain – at least so far – remains undiscovered and untouched.
But the first domain… it’s really in bad shape.
There are multiple ways for spammers to win. The most obvious victory for them is when they manage to get content on your board or blog. But there are other victories as well that are not quite so obvious. For example, every time a spammer takes up some of my time, they’ve won a minor victory. There are plenty of studies that can be found via google that talk about how much productive time is lost to corporations due to email spam. If I look closer to home… how much of my personal time would have been lost, had I not been able to create some systems to combat spam?
Some people wonder just how bad the spammer problem is with phpBB2. I can answer the question posed in the subject of this blog post in one word: Very.
As part of an experiment and a desire to capture more seed data for the upcoming relaunch of the bbProtection service I set up a phpBB2 board with no protection other than what is built in to the software. I have enabled user activation and I have activated the visual confirmation. I launched the board on August 15. Within 48 hours I had my first spam registration and my first spam post. The honey pot process has started slow but I’m getting an average of four registrations a day so far. Nine of the 17 have posted at least once (over 50% ratio). None of the posts are anything you would want your children to see; it’s really nasty stuff.
The only MODs I’ve applied to this board are a MOD to capture the IP address during the registration process (in case the bot doesn’t post I still want to know where they’ve come from) and to add the “nofollow” attribute to every link. If google finds this board I don’t want to be penalized for all of the nastiness on the other end of the outbound links.
I’ll be back in a month to post more statistics about the board. It should be interesting.
The bbProtection folks have launched a blog. The most recent post mentions that they’ve opened up the IRC channel for input from the user community.
At this point I would like to mention that I was invited to join the bbProtection team a few weeks ago and I accepted a limited role. I won’t be doing any coding (at least that’s the plan). My role is more of an enthusiastic user than anything else, I guess. I have offered my input as to the relative value of some of the features being considered and suggested some others. I hope to be able to provide some value as far as the database design and tuning, as that’s where my main expertise lies.
Why mention this now? Because if you do pop in to the IRC channel as discussed on the team blog, I may be there as one of the team members that you see. I don’t go into IRC every day but if I am signed on, I will be in the channel. If you have any concerns or comments about the service I would be happy to hear them, as would any of the other team members.
See you there.
At Londonvasion 2008 I delivered a talk about various anti-spam techniques available for board owners. One of the challenges that is facing board owners today is that spammers are getting more creative at masking their true intentions. They post stuff that looks like legitimate content but it contains cunningly masked spam. Unless a board owner takes the time to research the rest of the web, it can be difficult to determine if the same content is appearing on other boards.
That’s where a service like AKismet (for Wordpress) or bbProtection (for bulletin boards) comes in. More…