Spherical forums

General Discussion => Site Comments => Topic started by: Fat Cerberus on January 14, 2016, 12:50:00 pm

Title: An immense effusion of spambots from the great darkness
Post by: Fat Cerberus on January 14, 2016, 12:50:00 pm
I've noticed a lot of spambots seem to have found the forums recently.  I can check Who's Online now and it often shows about 8-10 users "Registering for an account".  Nothing ever comes of it so the spam filters are obviously doing what they're supposed to, but it's weird that the activity has picked up all of a sudden.
Title: Re: An immense effusion of spambots from the great darkness
Post by: N E O on January 14, 2016, 03:20:16 pm
'Tis odd indeed.
Title: Re: An immense effusion of spambots from the great darkness
Post by: Fat Cerberus on April 05, 2016, 10:36:12 am
Aww, looks like one finally made it in. :-\
Title: Re: An immense effusion of spambots from the great darkness
Post by: DaVince on April 05, 2016, 11:29:24 am
What's strange is that this "member" wasn't in the group of verified users (only those users can actually post). Something seems to be up with the permissions...

Reported the account to the global spam database and removed posts.
Title: Re: An immense effusion of spambots from the great darkness
Post by: Fat Cerberus on April 12, 2016, 11:24:40 am
These spammers are weird.  The posts are so impenetrable that I have no idea what they're supposed to be selling.  Isn't that counterproductive? ???
Title: Re: An immense effusion of spambots from the great darkness
Post by: Flying Jester on April 12, 2016, 04:46:46 pm
Each one has a link in it, though. That's the payload.
Title: Re: An immense effusion of spambots from the great darkness
Post by: Fat Cerberus on May 05, 2016, 01:58:52 am
Okay, someone really needs to find out how these guys are getting past the verification.  None of them are Verified, which should mean they can't post either.  Really strange.

One pattern I have noticed is that they're all sleepers--members since Sept-Oct of last year.  Maybe the forum software "forgets" they need verification after a while...
Title: Re: An immense effusion of spambots from the great darkness
Post by: Flying Jester on May 05, 2016, 02:07:33 am
That last one seems to have registered last year.
Title: Re: An immense effusion of spambots from the great darkness
Post by: Radnen on May 05, 2016, 02:19:51 am
Ok, so what's happened here is it's sometimes hard to determine who is real and who is not. Every week we get hundreds of 'potential' accounts, yet they verify as positive for spam. So we delete them. Trouble is there's always a few that get through.

A couple weeks ago I just ran the spam-account-finder tool on all verified users and sure enough a good deal of them came back positive. Which means that at the time, they were good to go, but since then, they have been flagged as spam.

As a rule, we can try email activation. But that increases barrier to entry and some bots might be able to beat that. Especially if the bot software sees that an email invite is basically an open door into the forums.
Title: Re: An immense effusion of spambots from the great darkness
Post by: Fat Cerberus on May 05, 2016, 02:33:49 am
Ah, I see.  So even though the accounts were flagged as spam (and thus not "Verified"), it didn't revoke their verified status fully and they could still post?  Sounds like a bug.  As for email verification, I thought we already had that?  I thought I remembered having to verify via email when I created my account in 2013... hm.

But yeah, it's always a game of cat and mouse.  I'm just surprised so many bots are finding the forums lately.  We were practically invisible to search engines from ~2013-2014 (after the crash).  Did minisphere improve our visibility? :)
Title: Re: An immense effusion of spambots from the great darkness
Post by: Flying Jester on May 05, 2016, 02:55:32 am
It could also have to do with having different forum software and forum addresses. We used to get some pretty severe spam on the old forums. Maybe it just took this long for the old spammer's data to expire and to begin collecting new info?
Title: Re: An immense effusion of spambots from the great darkness
Post by: Rahkiin on May 07, 2016, 12:45:27 pm
My user is not Verified and I can post just fine... maybe something in the configuration needs to be made more strict?

It might also be a good idea to do patches on the forum? 2.0.11 is out, we use 2.0.6.
Title: Re: An immense effusion of spambots from the great darkness
Post by: DaVince on May 07, 2016, 01:22:31 pm
The thing is, there's an "Unverified" and a "Verified" group, and you're in neither. As long as you're not in the Unverified group, you can post. I don't even know why the verified group is there if it's like that... :P But something is definitely wrong because accounts aren't being put in either group.

I put you in the Verified group, by the way. Let me know if weird junk happens. (vincentbeers on GMail if you can't seem to contact me here.)
Title: Re: An immense effusion of spambots from the great darkness
Post by: Rahkiin on May 07, 2016, 04:59:13 pm
TEST! :P Well that works.
Title: Re: An immense effusion of spambots from the great darkness
Post by: Fat Cerberus on July 05, 2017, 07:48:24 am
I think these spammers have found some sort of exploit to get into the forums or something.  It's weird, when you view Who's Online after a spam attack, it shows the bot account's last action as "Logging into the forum", NOT as "Posting in..." like it does with normal members.  Are they accessing the database directly or something?

edit: Yeah, the spam is getting really bad now.  I can't even keep up with them anymore.  Why isn't there a way to delete all posts by a user?  I ban the accounts (because I've seen them log back in and post again otherwise), but then I have to delete all the spam posts, sometimes two pages' worth, one by one... we really do need a better forum system. :P
Title: Re: An immense effusion of spambots from the great darkness
Post by: DaVince on July 06, 2017, 04:13:54 pm
Quote
Why isn't there a way to delete all posts by a user?

There is! When you delete a user account, it gives you the option. Sorry I haven't been on top of this, due to stress I've been having to take things a little easier and that's of course when shit goes down on here. I think maybe I'll just put the new forum system up instead, if no one is against it, and slowly fix the little things there over time.
Title: Re: An immense effusion of spambots from the great darkness
Post by: Fat Cerberus on July 06, 2017, 04:16:18 pm
Oh, I didn't know there was a way to delete the accounts, I've just been banning them all this time!

I'm all for the new forums going up now, no objections from me :)
Title: Re: An immense effusion of spambots from the great darkness
Post by: Fat Cerberus on August 01, 2017, 02:53:02 am
Well that didn't take long... :'(
Title: Re: An immense effusion of spambots from the great darkness
Post by: Eggbertx on August 01, 2017, 04:12:07 am
I meant to say this a while ago, but you should look into installing Akismet. It's an anti-spambot service, and it works pretty well. In addition to my own security measures for my own forum (requiring post attempts to have a valid domain referrer), Akismet has been a great help.
Title: Re: An immense effusion of spambots from the great darkness
Post by: DaVince on August 01, 2017, 09:10:55 am
Thanks for the suggestion. I should just have disabled registration until I got the ReCAPTCHA working. It works now, and hopefully the ReCAPTCHA alone should keep bots out of this place. If not, Akismet is my next stop.

Edit: Akismet doesn't seem to be an available add-on for ElkArte but there are some other suggested options like Bad Behavior and question/answer challenges.

@Fat Cerberus, thanks for keeping the place clean. :)