Comments on: E-mail harvesting on forums?

by: Damon

Fri, 24 Aug 2007 13:47:01 +0000

I’ve banned the standard list of the spammers favorite email servers (gawab.com, mail.ru, etc) but was still getting around 10 new spam registries per day. I added admin activation and started recieving emails when a new account was entered. This allowed me to catch the bastards online and get their IP. I started by banning individual addresses, but they were back the next day, if it took that long. I found that ARIN will give you the range of addresses allocated to a particular ISP and their location. So, if the ISP is in a country that has no business being in my forum (Thailand, Korea, etc) I’ve started banning the entire range. Might not be the best thing for everyone, but it seems to be working for now.

by: Alex

Fri, 13 Apr 2007 21:33:57 +0000

Definatley. My forum was attacked by spammers not long ago- I implemented a moderated registration system, and I could usually tell just from the name/email address whether they were spammers or not. Usually the email was blahblahblah@blah.ru…

by: John D

Sat, 07 Apr 2007 02:56:18 +0000

Looks like I got a potential one lurking on one of my boards right now……. registered TWICE as “MapQuest” / E-mail address “mapquest@mail.ru” from IP Addy 216.32.81.18 (2:40am BST, zapped 2:48am…. then had signed-up again within 5mins of zapping them the first time).

I think I must be developping a psychic ability to tell one has registered, as 3 times in the past 24hrs I’ve had this hunch to check in on my board, and each time it’s been almost exactly 10mins after one has registered (you know the sort… the ones with @cashette.com / @gawab.com / @mail.ru e-mail addresses).

I’ve also created 2 spoof memberships with e-mail addresses going to my Spamtrap inbox to try catch ‘em out. >:) *evil cackle*

by: Thane Pullan

Sat, 10 Feb 2007 06:27:58 +0000

Or they could edit the post later with actual spam.

by: Carbonize

Mon, 29 Jan 2007 11:05:18 +0000

The latest spamming method I have come across was to post a request for help (in this case help in backing up Outlook) and then a week or so later they post a reply (actually they started a new thread) saying they had found the solution and posting a link to the site with ‘the solution’.

by: admin

Fri, 19 Jan 2007 18:39:08 +0000

Hi Romayne,
Most of those registrations are due to trying to place links on profile pages and member lists. I checked your forum, and couldn’t find a member list easily accessible, but did find a website field.

Even if that field isn’t actually filled by the spammers, that doesn’t mean they didn’t try. You’re using Simple Machines, but the bots registering users on your forum may have been coded for another type of forum, but still works for yours. I don’t know. A lot of the spam we see these days doesn’t actually work, but that doesn’t mean they’ll stop the spamming.

by: Romayne

Fri, 19 Jan 2007 17:12:46 +0000

Just been doing a search on this very topic which led me here - I run a charity website and forum and from last year noticed a huge increase in these types of registrations - 80-90% of them register and never post which is weird but just as annoying as the rest who do post their very obvious spam message up. Your point about email harvesting would be my biggest concern I think, as I really can’t figure out any other possible reason for their veracity. Hugely annoying for us tho, as we’ve only 3 Mods including myself, and we all suffer from fibromyalgia so not always on form for having to deal with such c**p daily, BUT having already moved our site twice through a bigger hacking issue, we’re not about to start shifting again, esp given this seems to be a web-wide problem now sadly!

by: freshlysqueezed

Thu, 18 Jan 2007 08:34:52 +0000

I was racking my brain over that, too, Johann. What sort of sheer volume do these people need to make it profitable? Would they go to the effort to build a relationship with someone else in the forum just to spam them…or perhaps try to cull a few more valid emails out of their new forum friend? I suppose high-quality email addresses could be useful. Perhaps setting up a “test-post” is their real intent - to set the stage for a spam-attack after being accepted into the board?!

by: Johann

Wed, 17 Jan 2007 05:29:31 +0000

Uhm, but how would making that post be any use in collecting valid email addresses, or user names? *registering* on a forum, okay, depending on the settings, but making a post, and such a generic one?

What possibly could be the reason for that? None of the suggestions here seem plausible to me, and so far I haven’t come up with anything either.

by: Al Hart

Wed, 27 Dec 2006 08:22:26 +0000

A quick google search finds the phrase “Who can tell me more in detail about” together with “please mail me” on over 20,000 forums.

There does not seem to be any hidden text. Perhaps this is a way for someone to try to collect valid email addresses, or valid forum user names?