Forum bots - what are they up to?
I got an e-mail from someone who’s plagued by bots that register on her forum.
She wonders if the point is to harvest e-mail addresses from the participants?
The behaviors we’ve seen from forum registering bots so far are:
*Spam posts
*Delayed spam posts
*Spam link in profile
*Delayed spam link in profile
To find out if there are mail harvesting bots, we’d need for someone to register on a forum with a spamtrap address. A forum that already has a bot problem. A forum where the e-mail addresses are visible to logged in users. Then only leave it there, and see what happens.
And even then it’s hit and miss. We’d need some statistical material to be sure.
June 13th, 2006 at 5:14 pm
Not everything is about harvesting email.
Some of these ’scrapers” just want unrestricted access to your site to scrape your content, mash-up all your stuff with similar sites, then they spit out tons of pages all over the internet to “spam” search engines.
The purpose of this is to get multi-keyword phrases in the SE’s that people land on so they’ll get clicks to the Google AdSense ads all over their sites.
June 14th, 2006 at 12:11 pm
Update: think I’ve partially tracked the culprits best I can with 1&1 Webstatistics, and the internet providers visitors were using:
2 from “layeredtech.com” (usually have quite a bit of trouble from them)
1 from “umostel.ru”
Guess I’ve got some IP address blocks to find + a .htaccess file to cobble together
~ JD
June 22nd, 2006 at 3:03 pm
Captcha
is now being installed on some forums - perhaps others are waiting to work out the intergration technicalities,
but in theory that should do it - those letters have almost gotten to the point of being unrecognizable to even HUMANS
July 10th, 2006 at 10:33 am
@cashette.com spams my forums like mad! atleat 1-3 new users daily, once banned that the @mail.ru statrted spamming and it keeps on going
July 31st, 2006 at 2:19 am
Well, here’s a weird one…. they’re still at it…… I tried to catch them out by installing a tracker from MVTRACKER.com yesterday…… had another suspect joinee (”malish111@bk.ru” who gets a few hits on google elsewhere) at around 5:27am this morning….. and they don’t even show on the Stats at that time.
I’m currently compiling a blacklist of E-mail addresses involved in this + other dodgy activities on sites I’m in charge of keeping them at bay:
http://www.jdaltpol.co.uk/forum_spammer_blacklist.html
August 21st, 2006 at 5:24 am
I’m getting hit on my forum by spambots signing up. Two recently got past email validation, so I’m presuming these were human spammers. CATCHPA is standard in Invision 2.x and it doesn’t stop them. I’m getting several a day caught up in the validation queue.
August 21st, 2006 at 4:01 pm
@Longrider: I have recently found that captcha in joomla akobook doesn’t work at all. Search for updates to your software.
August 22nd, 2006 at 1:13 am
Invision claim that the new version when it comes out will have a better CAPTCHA. We wait and see in the meantime.
October 3rd, 2006 at 1:35 pm
Think I’ve caught ‘em out……. I registered myself under a spamtrap e-mail address on my own board….. just recently received a “pump & dump” stockmarket tip spam to that address (only used exclusively on the board registration)…… spam received from “Davis Chung ”
Received-SPF: none (mxeu10: 189.166.15.141 is neither permitted nor denied by domain of trebads.com) client-ip=189.166.15.141; envelope-from=785stocknews@trebads.com; helo=dsl-189-166-15-141.prod-infinitum.com.mx;
Received: from [189.166.15.141] (helo=dsl-189-166-15-141.prod-infinitum.com.mx)
by mx.kundenserver.de (node=mxeu10) with ESMTP (Nemesis),
id 0MKu60-1GUoGv4Ahc-0005Sy for spambot.trap@jdaltpol.co.uk; Tue, 03 Oct 2006 19:42:05 +0200
Already spamcopp’ed ‘em >:)
November 25th, 2006 at 8:52 am
I have run an SEC Sports website for nearly 3 years with virtually no problems……until this summer. The @cashette fools are driving me absolutely insane. We are averaging 15-25 signups per day. We are running vB and although the obvious email addresses are blocked, they are still duping the forum script through the “contact us” link…..any idea how to prevent this from happening? I am totally new at trying to prevent this from happening.
August 24th, 2007 at 7:08 am
If you are using PHPBB2 there’s several mods that you can use. i wouldn’t recommend captcha because bots are beginning to figure that out. i don’t know how but they manage to bypass that. however the mods that do work are pretty simple (take about 5 minutes to install) antibot or botstop will make it so anytime a website, aim,icq etc is entered during registration it blocks it (bots will always attempt to enter this information) there is a warning to users who are NOT bots to ignore those fields and populate them after registering. i used to get 100 new bots signed in a week.. now i have 0
November 22nd, 2007 at 5:49 am
Typical… they even blummin’ well still manage to sign up when you try mess them around by using the html tag to make the board scroll across the screen… even had one showing as signed in when I’ve checked just now.
Latest plagues seemed to have shifted from the @cashette.com / @gawab.com to a fresh plague involving @trugreen.cn e-mail domains, always starting with a k, then a 1 or 2 digit number followed by @trugreen.cn
latest of these sign-ups about to be blasted into silicone heaven are:
“Nreoloikasi” (k6@trugreen.cn) + “loolreioas” (k5@trugreen.cn).
Got an updated version of the JDALTPOL blacklist for these morons about to be launched in the not-to-distant future at a new URL of http://blacklist.jdaltpol.co.uk (not uploaded yet)
Right…. where’s my shotgun?
December 29th, 2007 at 8:44 am
Hi,
Came upon this blog while searching for solutions to the forum and blog bots problems. I have been running PHPBB and PHORUM forums for years and the problem is out of hand. I read through most of the comments above and let me summarize what we know.
1. Forum Bots are not usually email harvesting (this I know) they are there to have their links and products listed in the profiles as well as in posts.
2. IP Blocking is not a solution because they are not running using an ISP’s IP, they use IP emmulators that change randomly. If they encounter one particular IP or Block of IP’s that are blocked they go ahead and automatically use another.
3. Captcha does not work either in the case of these forum bots since the program that they use tells the script that verifies the captcha that the combination of letters and numbers is correct. Remember that for sites with user activation or no activation the profile becomes active immediately.
4. PHPBB has a mod that seems to be working on one of the sites that we manage and in 6 months we have not had a single “successful” sign up, the attempts were amazing, we were getting 50 emails per day of attempts (the mod actually sends the admin of the forum or the webmaster an email when there is an attempt with the information of the personattempting like email, IP, referrer). For more than 3 months I have gotton no attempts.
5. I have a competitor who is still running a cgi powered forum and has not had the same problems as we do with php mysql or ASP driven forums.
Things we have tried and if they work or not.
1. PHPBB we installed the antibot mod and it seems to work great.
2. modification of the .htaccess file in the case of linux servers, we began adding like everyone else the deny ip’s and in the case of specific countries that are offenders like .cn, .ru, .ro, .hk we added the entire country to the .htaccess file to be banned. In our case we don’t need the traffic from those countries, our sites are for english and spanish speaking audience and mostly North America and the area around the UK. I don’t think this is effective because the idiots use IP emulators and can change on demand and we have even encountered them using US providers. Someone mentioned earlier Layered Tech. they are the absolute worst offenders in the US and their company is actually a russian company. We did some investigation there and traced them to Russia.
2A. We are even getting bot activities from comcast in Mt. Laurel New Jersey and another provider in washington and one in Canada but the Canadian Provider was more than helpfull during a phone conversation to get information and discuss their proceedures.
3. Captcha does not work.
4. We have a list of ip ranges for blocking from the countries who are the biggest offenders but it is loooooong and makes the .htaccess file very heavy.
5. Remember you can put the .htaccess file in the root of your site to block those IP’s and countries from accessing your site, or you can put it in the forum directory to block only the forum. I suggest the site unless you really want them eating up your bandwidth.
Hope that was helpfull..
Kevin