Human spammers: anyone noticing a sudden increase?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • cyburbia
    Senior Member
    • Aug 2001
    • 441
    • 3.7.x

    Human spammers: anyone noticing a sudden increase?

    Up until 1 April, the message board I run was virtually spam-free. We took very strict measures to prevent bot spam; among them IP and email block lists, custom fonts and backgrounds with the captcha with vBulletin 3.6, and anti-bot mods such as Is Check. As far as blocking bot spam, we've pretty much implemented all the publicized best practices that are out there, along with some tricks of our own.

    At the start of the month, though, spam from humans that have manually completed the registration process exploded. Where we used to get maybe one human spammer every week or every other week, it's now every day; often two or three times a day. The majority of spammers seem to be from India; Gujarat state, Delhi, or Mumbai mainly. There's also a sharp increase in profile/silent spamming. Nigerian Nokia spam has also made a return. We used to block all IPs from Nigeria, along with those of European, Israeli and Middle Eastern satellite ISPs. Now, Nigerians are using proxies to spam their "LEGITIMATE BUSINESSES BASED IN THE UK". (Don't Nigerian keyboards have caps lock keys that can be turned off?)

    Has anyone else noticed a noticeable increase in the amount of outsourced manual spam on their forums in recent weeks? We're considering blocking all IP addresses in India if this keeps up; most who join our message board from there are either spammers, users who register and never return, or one-post wonders who ask questions with such a broad scope a concise answer is practically impossible. I'd like to have more legit Indian users, but with a couple of rare exceptions, nobody from India joins the site to be a long-term member. We also installed the MonkeyStop Keyword and URL Moderation and New Registrant Analyzer plugins.
    Cyburbia Forums - a third place for urban planners
    http://www.cyburbia.org/forums
  • ---MAD---
    Senior Member
    • Jun 2005
    • 2522
    • 3.8.x

    #2
    We had a few nokia ads ourself the other day as well. They are quite popular ads. I have seen a couple on this forum as well.

    One final step you can take is have a usergroup where you have to moderate all their posts. After they have 10 (or w/e) posts moderated, have a promotion set up to move them to the next group where they will not be moderated . This will work on human spams as well since they won't be able to spam until 10 moderated posts are made.

    Comment

    • Lynne
      Former vBulletin Support
      • Oct 2004
      • 26255

      #3
      Our site went through the same thing about a year ago. We then went to moderating all first posts. That worked, but it's a pain in the a**.... we are now noting the IPs of these spammers and banning them through htaccess if they created more than four accounts to spam. We were getting about 4-8 spam a day... now down to perhaps 1 a day since we finally started doing this a month ago.

      Please don't PM or VM me for support - I only help out in the threads.
      vBulletin Manual & vBulletin 4.0 Code Documentation (API)
      Want help modifying your vbulletin forum? Head on over to vbulletin.org
      If I post CSS and you don't know where it goes, throw it into the additional.css template.

      W3Schools <- awesome site for html/css help

      Comment

      • Floris
        Senior Member
        • Dec 2001
        • 37767

        #4
        Our site gets a spammer a week now I believe. An increase over 1 per month. But it is not a big deal, our moderators just have to work harder

        Comment

        • Steve Machol
          Former Customer Support Manager
          • Jul 2000
          • 154488

          #5
          My spammers stopped to a trickle just by banning yahoo, gmail and hotmail.
          Steve Machol, former vBulletin Customer Support Manager (and NOT retired!)
          Change CKEditor Colors to Match Style (for 4.1.4 and above)

          Steve Machol Photography


          Mankind is the only creature smart enough to know its own history, and dumb enough to ignore it.


          Comment

          • ManagerJosh
            Senior Member
            • Jun 2002
            • 9922

            #6
            I wish i could say the same Steve. Most of my spammers are using domain based email addresses.
            ManagerJosh, Owner of 4 XenForo Licenses, 1 vBulletin Legacy License, 1 Internet Brands Suite License
            Director, WorldSims.org | Gaming Hosting Administrator, SimGames.net, Urban Online Entertainment

            Comment

            • cyburbia
              Senior Member
              • Aug 2001
              • 441
              • 3.7.x

              #7
              At one time, about a third of the users that registered with Yahoo addresses were bad; Nigerian Nokia spammers or bounces/full mailboxes, so I added Yahoo to the prohibited email address list.

              In the past month, about a third of all Gmail registrants were Indians who never returned after validating, or Indian spammers.

              Banning Gmail would have been pushing it for prohibiting registration from popular free email providers, so I said "screw it" and allowed registration from Yahoo again. I've got no reason to keep on banning Yahoo when an equal or greater percentage of Gmail registrations are bad.
              Last edited by cyburbia; Mon 23 Apr '07, 6:29am.
              Cyburbia Forums - a third place for urban planners
              http://www.cyburbia.org/forums

              Comment

              • JPT62089
                Senior Member
                • Jun 2004
                • 779
                • 3.6.x

                #8
                The thing I see wrong with banning Gmail, Yahoo, and Hotmail is that (especially in the broadband age) not everyone has their own email. So most resort to free emails.

                And back to the original topic, yes I have noticed that we have been getting a bit more spammers. We used to get just about no spammers. But now we get about 1 per week at most.
                http://helpmegetamac.net/blackapple.gif MacBook Pro 15.4" Core2Duo 2.33GHz.

                Comment

                • monet_06
                  New Member
                  • Jul 2006
                  • 16
                  • 3.0.0 'Gold'

                  #9
                  Originally posted by cyburbia
                  Up until 1 April, the message board I run was virtually spam-free.
                  ...
                  At the start of the month, though, spam from humans that have manually completed the registration process exploded.

                  Has anyone else noticed a noticeable increase in the amount of outsourced manual spam on their forums in recent weeks?
                  Yup. It's what brought me here, today. I'm even getting weird stuff coming in through the contact us form.

                  Comment

                  • cricketsings
                    New Member
                    • Mar 2007
                    • 1

                    #10
                    We just jumped from 2 per week to 5 a day.

                    How do you block an entire range of IP addresses from a specific country? You mentioned you blocked all of Nigeria for a while. I'd like to get rid of Netherlands (RIPE Networks).

                    Comment

                    • JakeS
                      Senior Member
                      • Jul 2005
                      • 1975

                      #11
                      Nope, Never had any spam well besides once.

                      Comment

                      • cyburbia
                        Senior Member
                        • Aug 2001
                        • 441
                        • 3.7.x

                        #12
                        Blocking these IPs killed most of the recent crop of Indian manual spammers. I did an IP search against my userlist, and couldn't find a legit user from India among them.

                        59.92.*: National Internet Backbone, Calcutta
                        59.93.*: National Interent Backbone, Calcutta
                        59.176.*: Mahanagar Telephone Nigam, Delhi
                        61.2.*: National Internet Backbone, Delhi
                        61.16.*: Primus India
                        122.162.*: Airtel Broadband
                        122.167.*: Airtel Broadband
                        122.168.*: Airtel Broadband
                        125.99.*: Hathaway Cable, Mumbai
                        203.123.*: Spectranet, New Delhi

                        I do have some Indian IP blocks with a mix of legitimate users and spammers. I won't be blocking them quite so fast.

                        For Nigeria, try this in your .htaccess file. This includes all Nigerian IP blocks that I know of, along with those of satellite ISPs that serve Nigeria. I'm still blocking them. The occasional 419 spam slips through; usually it's a proxy.

                        Code:
                        # Block Nigeria.  Yes, the whole damn country.  
                        
                        order allow,deny
                        allow from all
                        # Nigerian/African 419 Scammers IP addresses
                        deny from 12.166.96.32/27 41.220.64.0/20 61.11.230.112/29 62.56.128.0/17 62.56.235. 62.56.236. 62.56.244.0/22 62.56.248. 62.128.160.0/20 62.173.32.0/19 62.192.128.0/19 62.192.140.250 62.193.160.0/19 63.70.178. 63.73.58. 63.100.193. 63.103.138. 63.103.139.64/26 63.103.140.0/22 63.109.245.168/29 63.109.248.128/25 63.122.154. 64.110.30. 64.110.31. 64.110.64.16/28 64.110.76.0/23 64.110.81. 64.110.93.16/28 64.110.93.176/28 64.110.147. 64.201.33.0/24 65.209.91. 65.209.92. 66.18.64.0/19 66.110.31. 66.178.7.16/29 66.178.7.32/28 66.178.46.0/24 66.178.55. 66.178.62. 66.178.80.176/29 66.178.81.64/29 66.199.241.82 66.205.20. 80.87.64.0/19 80.88.128.0/20 80.88.129. 80.88.130. 80.88.131. 80.88.132.0/26 80.88.132.64/27 80.88.132.104/29 80.88.132.128/26 80.88.132.192/27 80.88.132.224/28 80.88.132.240/29 80.88.133.0/25 80.88.134.0/26 80.88.134.64/29 80.88.136. 80.88.137. 80.88.138.0/25 80.88.138.128/26 80.88.138.192/27 80.88.139.0/25 80.88.139.128/26 80.88.139.192/27 80.88.139.224/28 80.88.140. 80.88.141.0/25 80.88.141.128/27 80.88.142. 80.88.143.128/24 80.88.144.0/23 80.88.146. 80.88.147. 80.88.148. 80.88.149.0/25 80.88.149.128/26 80.88.149.192/28 80.88.150. 80.88.151. 80.88.152. 80.88.153. 80.88.154.32/27 80.88.154.72/29 80.88.154.80/29 80.88.154.96/28 80.88.155.0/25 80.88.155.128/27 80.88.155.160/29
                        deny from 80.179.102.0/24 80.179.107.64/27 80.179.107.224/29 80.179.128.0/17 80.231.4.0/23 80.247.136.0/24 80.247.137.0/24 80.247.141.32/27 80.247.141.64/26 80.247.141.128/25 80.247.142.0/24 80.247.147.16/28 80.247.147.32/29 80.247.147.64/27 80.247.147.96/28 80.247.151.0/24 80.247.153.0/24 80.247.156.0/26 80.247.156.128/28 80.247.157.0/24 80.247.159.0/24 80.248.0.0/20 80.248.64.0/23 80.248.70.0/20 80.248.64.0/20 80.250.32.0/20 80.255.40.48/28 80.255.40.96/29 80.255.40.112/28 80.255.40.128/28 80.255.40.192/28 80.255.40.224/27 80.255.40.240/28 80.255.43. 80.255.46.0/29 80.255.46.16/28 80.255.46.64/29 80.255.59.19 80.255.59.0/24 81.18.32.0/20 81.18.40.0/24 81.18.42.0/24 81.23.194.0/27 81.23.194.64/27 81.23.194.128/25 81.23.195.0/24 81.23.196.0/25 81.23.196.128/29 81.23.200.0/21 81.24.0.0/20 81.91.224.0/20 81.199.0.0/16 81.199.6.0/24 81.199.7.0/24 81.199.72.0/22 81.199.76.0/24 81.199.82.0/23 81.199.84.0/22 81.199.84. 81.199.85. 81.199.86. 81.199.87. 81.199.88. 81.199.89. 81.199.90.0/24 81.199.94.0/23 81.199.108.0/22 81.199.124.0/22 81.199.240.0/21 82.128.0.0/17 83.229.100.0/23 84.254.188.3 84.254.128.0/18
                        deny from 155.239.0.0/16 192.116.64.0/18 192.116.128.0/18 192.116.152.0/21 193.110.2.0/23 193.189.0.0/18 193.189.64.0/23 193.189.128. 193.219.192.0/18 193.220.0.0/16 193.220.26.0/24 193.220.30.0/26 193.220.30.64/27 193.220.31.0/26 193.220.31.64/27 193.220.45.0/25 193.220.47.0/25 193.220.77.0/26 193.220.187.0/26 193.220.187.128/27 195.8.22. 195.44.168.0/21 195.44.176.0/21 195.137.13. 195.137.14. 195.166.224.0/19 195.166.237.0/24 195.166. 195.219.176. 196.1.176.0/20 196.3.60.0/22 196.3.180.0/22 196.29.208.0/20 196.38.110.0/23 196.45.192.0/18 196.46.240.0/21 196.46.144.0/22 196.200.0.0/20 196.200.64.0/20 196.200.112.0/20 196.201.64.0/19 196.201.64.128/25 196.201.65.0/24 196.202.160.0/19 196.202.224.0/21 196.207.0.0/20 196.207.128.0/18 196.207.192.0/18 196.207.247.0/24 196.220.0.0/19 204.118.170.0/24 209.88.163. 209.101.84. 209.159.164. 209.159.166.0/24 209.198.240.0/23 209.198.242.16/28 209.198.242.96/29 209.198.242.104/30 209.198.242.108/31 209.198.242.128/27 209.198.246.240/28 212.96.2.0/23 212.96.4. 212.96.28. 212.96.29. 212.96.30. 212.100.64.0/19 212.165.128.0/17 212.165.132.64/27 212.165.135. 212.165.140.16/29 212.165.140.64/26 212.165.140.128/25 212.165.141.0/24 212.165.147.0/26 212.165.147.128/26 212.199.108.0/24 212.199.251.0/24 212.247.93.0/24
                        deny from 213.136.96.0/24 213.136.116.0/24 213.140.62.0/23 213.150.192.0/23 213.166.160.0/19 213.181.64.0/19 213.185.96.0/21 213.185.106.0/24 213.185.112. 213.185.113.0/26 213.185.124. 213.187.135. 213.187.145. 213.211.128.0/18 213.211.188.0/24 213.232.96. 213.255.193. 213.255.195.0/25 213.255.195.128/27 213.255.198. 213.255.199. 216.72.104.0/21 216.129.147.128/28 216.129.159. 216.133.174. 216.147.132.144/28 216.147.132.160/28 216.236.200.96/28 216.236.202.96/28 
                        deny from 216.236.205.0/24 216.236.222.128/26 216.250.195.0/27 216.250.195.64/26 216.250.221.0/24 216.250.222.0/24 216.252.176.0/24 216.252.177.0/24 216.252.231.0/25 216.252.245.0/24 217.10.163.128/26 217.10.163.192/27 217.10.163.224/27 217.10.166.0/26 
                        deny from 217.10.166.64/28 217.10.169.0/24 217.10.170.0/24 217.10.171.0/24 217.10.173.0/26 217.10.182.0/27 217.10.184.0/24 217.14.80.0/20 217.15.124.0/25 217.20.241.0/25 217.20.241.128/29 217.20.241.136/29 217.20.241.144/28 
                        deny from 217.20.241.160/29 217.20.241.168/29 217.20.241.176/29 217.20.241.184/29 217.20.241.192/29 217.20.241.200/29 217.20.241.208/29 217.20.242.0/24 217.20.243.24/29 217.20.243.32/27 217.78.64.0/20 217.117.0.0/20 217.146.3.144/28 217.146.3.160/28 217.146.3.176/29 217.146.3.224/27 217.146.4.64/26 217.146.5. 217.146.6.0/25 217.146.6.160/27 217.146.7. 217.146.8.0/25 217.146.9. 217.146.10.128/25 217.146.11.0/25 217.146.12. 217.146.13. 217.146.14.0/25 217.146.15.0/25 217.146.16.0/27 217.146.16.32/29 217.194.140.0/22 217.194.144.0/20 217.20.242.0/27 217.20.242.32/28 217.20.242.48/29
                        # Cote d'Ivoire Telecom: Cote d'Ivoire (forum spam)
                        deny from 41.207.192.0/19 196.201.64.0/19 213.136.100.0/24
                        # Supernet/skyvision: Nigeria/UK (forum spam)
                        deny from 83.229.90.0/17 213.255.192.0/18 217.194.128.0/19
                        # Turner Technologies: Nigeria
                        deny from 82.205.242.0/23
                        # Pan Am Sat: Nigeria
                        deny from 64.88.224.0/20 65.90.72.0/22 216.139.160.0/19 216.250.192.0/19
                        # New Skies Satellite Service: UK
                        deny from 66.178.0.0/17
                        # Versatel: Netherlands
                        deny from 62.59.36.0/22 62.59.40.0/21 62.59.48.0/22 82.93. 82.168.0.0/14
                        # Goldenlines.net.il: Israel
                        deny from 80.179.244.0/24
                        # Ariave Satcom: Israel
                        deny from 192.22.62.0/23
                        # IronLink Communications: US
                        deny from 216.118.252.0/24 216.118.253.0/24
                        # Teleglobe: Canada (reassigned IP blocks to Nigeria)
                        deny from 64.86.155.0/24 64.201.33.0/24
                        # Sky-Vision: Cameroon
                        deny from 83.229.64.0/18 217.194.144.0/20
                        # Netdish S.p.A.L.: Italy
                        deny from 80.86.16.0/20 83.137.61.0/24 	217.57.94.224/27
                        # Net Planet Earth Limited: Cyprus
                        deny from 82.211.128.0/18 213.138.96.0/19
                        # Quark Telecom Consulting Constellation Networks: Bosnia
                        deny from 212.247.71.0/24
                        # Qkon satellite: Nigeria
                        deny from 216.139.185.32/27 
                        # Redwing Satellite Solutions: UK
                        deny from 195.144.134.0/24 213.38.33.0/24 217.20.240.0/20
                        # SpaceGate: Ukraine (and others)
                        deny from 62.244.6.128/26 87.238.112.0/21
                        # Itelsat: Ukraine
                        deny from 87.238.117.0/24 87.238.118.0/23
                        # Eutelsat: Italy
                        deny from 84.22.64.0/19 193.251.135.0/24 195.234.248.0/22 213.180.224.0/19
                        # Horizon Satellite Services: UAE
                        deny from 82.205.128.0/17 213.166.35.0/24
                        # RuSat: Russia
                        deny from 80.81.208.0/20
                        # SatGate Network: Russia
                        deny from 82.198.0.0/19 85.195.128.0/18 212.44.92.0/22
                        Last edited by cyburbia; Fri 27 Apr '07, 10:59am.
                        Cyburbia Forums - a third place for urban planners
                        http://www.cyburbia.org/forums

                        Comment

                        • Kathy
                          Senior Member
                          • May 2000
                          • 1251
                          • 3.8.x

                          #13
                          Originally posted by cyburbia

                          Has anyone else noticed a noticeable increase in the amount of outsourced manual spam on their forums in recent weeks?
                          Yes, I've noticed on my two sites that actual humans are taking the time to get through the image verification process, receive their email and click to activate their account. They then return to the site to post a single thread (sometimes they manage to get in two before they are found out and disabled).

                          Besides blocking IPs from India, any other thoughts on putting a stop to their process? Seems a lot of work on their part to go through the process to gamble on one post that will likely be removed.
                          Fan Club member for VBulletin Dev and Support Team ;)

                          Hysterectomy - GirlsGetGoing.com - Fabulous Fifty

                          I'm frequently asked about the skin designer for my forums. ForumSkin.com

                          Comment

                          • Wayne Luke
                            vBulletin Technical Support Lead
                            • Aug 2000
                            • 73981

                            #14
                            Originally posted by Kathy
                            Besides blocking IPs from India, any other thoughts on putting a stop to their process? Seems a lot of work on their part to go through the process to gamble on one post that will likely be removed.
                            Their actually hoping that your forum is like the thousands of proboards, easyphpbb, invisionfree and countless other free and outdated boards out there there that are either abandoned or not moderated. If one post lasts on your forums for 30 minutes and gets 100 views or tagged by a spider, then they are worth the 10 cents or so that it takes to have it posted.
                            Translations provided by Google.

                            Wayne Luke
                            The Rabid Badger - a vBulletin Cloud demonstration site.
                            vBulletin 5 API

                            Comment

                            widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
                            Working...