E-mail harvesting on forums?
Someone posted this on a forum I own:
Hi everyone, I am new on your forum www.nameofsite.com, I’ve been reading it for a while, and decided to try my luck asking a few questions
Who can tell me more in detail about the “name of subforum”. Please Mail Me..!!
Best Regards..!!
To me that sounds like a spammer. Either an attempt to get a specific wording on to a forum, and then spam a forum that accepts the post like crazy. Or an attempt to harvest e-mail addresses?
The username was MelliFobian.
December 19th, 2006 at 12:09 pm
Definitely a spammer. I just delete these posts.
December 19th, 2006 at 7:06 pm
I’ve seen these posts on some of the forums I frequent. Often the punctuation or the emoticons are hyperlinks to porn sites, fake search sites, the ubiquitous drug sites, etc. Typical stuff for spiders to find, except they are somewhat hidden. Did you do a “View Source” (or your browser’s equivalent)? Also, a Google search for the text of the message usually reveals several similar or identically-worded instances.
December 20th, 2006 at 4:06 am
There were no hidden links, and nothing in Google when I checked. By today there are lots of profiles with that name…
December 27th, 2006 at 2:22 am
A quick google search finds the phrase “Who can tell me more in detail about” together with “please mail me” on over 20,000 forums.
There does not seem to be any hidden text. Perhaps this is a way for someone to try to collect valid email addresses, or valid forum user names?
January 16th, 2007 at 11:29 pm
Uhm, but how would making that post be any use in collecting valid email addresses, or user names? *registering* on a forum, okay, depending on the settings, but making a post, and such a generic one?
What possibly could be the reason for that? None of the suggestions here seem plausible to me, and so far I haven’t come up with anything either.
January 18th, 2007 at 2:34 am
I was racking my brain over that, too, Johann. What sort of sheer volume do these people need to make it profitable? Would they go to the effort to build a relationship with someone else in the forum just to spam them…or perhaps try to cull a few more valid emails out of their new forum friend? I suppose high-quality email addresses could be useful. Perhaps setting up a “test-post” is their real intent - to set the stage for a spam-attack after being accepted into the board?!
January 19th, 2007 at 11:12 am
Just been doing a search on this very topic which led me here - I run a charity website and forum and from last year noticed a huge increase in these types of registrations - 80-90% of them register and never post which is weird but just as annoying as the rest who do post their very obvious spam message up. Your point about email harvesting would be my biggest concern I think, as I really can’t figure out any other possible reason for their veracity. Hugely annoying for us tho, as we’ve only 3 Mods including myself, and we all suffer from fibromyalgia so not always on form for having to deal with such c**p daily, BUT having already moved our site twice through a bigger hacking issue, we’re not about to start shifting again, esp given this seems to be a web-wide problem now sadly!
January 19th, 2007 at 12:39 pm
Hi Romayne,
Most of those registrations are due to trying to place links on profile pages and member lists. I checked your forum, and couldn’t find a member list easily accessible, but did find a website field.
Even if that field isn’t actually filled by the spammers, that doesn’t mean they didn’t try. You’re using Simple Machines, but the bots registering users on your forum may have been coded for another type of forum, but still works for yours. I don’t know. A lot of the spam we see these days doesn’t actually work, but that doesn’t mean they’ll stop the spamming.
January 29th, 2007 at 5:05 am
The latest spamming method I have come across was to post a request for help (in this case help in backing up Outlook) and then a week or so later they post a reply (actually they started a new thread) saying they had found the solution and posting a link to the site with ‘the solution’.
February 10th, 2007 at 12:27 am
Or they could edit the post later with actual spam.
April 6th, 2007 at 8:56 pm
Looks like I got a potential one lurking on one of my boards right now……. registered TWICE as “MapQuest” / E-mail address “mapquest@mail.ru” from IP Addy 216.32.81.18 (2:40am BST, zapped 2:48am…. then had signed-up again within 5mins of zapping them the first time).
I think I must be developping a psychic ability to tell one has registered, as 3 times in the past 24hrs I’ve had this hunch to check in on my board, and each time it’s been almost exactly 10mins after one has registered (you know the sort… the ones with @cashette.com / @gawab.com / @mail.ru e-mail addresses).
I’ve also created 2 spoof memberships with e-mail addresses going to my Spamtrap inbox to try catch ‘em out. >:) *evil cackle*
April 13th, 2007 at 3:33 pm
Definatley. My forum was attacked by spammers not long ago- I implemented a moderated registration system, and I could usually tell just from the name/email address whether they were spammers or not. Usually the email was blahblahblah@blah.ru…
August 24th, 2007 at 7:47 am
I’ve banned the standard list of the spammers favorite email servers (gawab.com, mail.ru, etc) but was still getting around 10 new spam registries per day. I added admin activation and started recieving emails when a new account was entered. This allowed me to catch the bastards online and get their IP. I started by banning individual addresses, but they were back the next day, if it took that long. I found that ARIN will give you the range of addresses allocated to a particular ISP and their location. So, if the ISP is in a country that has no business being in my forum (Thailand, Korea, etc) I’ve started banning the entire range. Might not be the best thing for everyone, but it seems to be working for now.