|
jt512
Dec 13, 2011, 3:28 AM
Post #1 of 7
(3083 views)
Shortcut
Registered: Apr 12, 2001
Posts: 21904
|
Below is a snapshot of "who" is currently online. With one notable exception, every username ending in digits is from a spambot.
|
|
Attachments:
|
spam-online.png
(142 KB)
|
|
|
|
|
xmesox
Dec 13, 2011, 6:58 AM
Post #2 of 7
(3066 views)
Shortcut
Registered: Jun 17, 2009
Posts: 326
|
We recently came under a large spam attack, it started in October but seemed to be fairly small so we tried disabling them when they popped up, but earlier this week a look into the database shows that they were as of then registering up to 5000 spam users a day. These bots were able to 'crack' our captcha and validate their account e-mails.
We have taken action and disabled hotmail and yahoo accounts from registering at the moment, until we increase the security in our registration process. So at the moment no new spammers are registering.
But it's going to take a little while to remove the bots that have registered thus far, the process has started and thousands have already been removed.
The only plus side to this is that they weren't forum spammers and they all rather resort to just link building by inserting URLs in their profiles.
Hopefully they will all be gone soon...
|
|
|
|
|
mojomonkey
Dec 13, 2011, 4:19 PM
Post #3 of 7
(3049 views)
Shortcut
Registered: Aug 13, 2006
Posts: 869
|
As noted in another thread, the software used to generate accounts seems to like putting "ffd" for interests. Looks like you should be able to query your user DB for accounts with that interest to get a good list for review / pruning.
A quick scan for ffd with Google seems to only pick up spam accounts, but you could do better with your own DB queries, of course.
Perhaps filter by having 0 posts, the only logon being within 24 hours of their account creation, and the homepage filled out (and maybe additionally that at least the last character of their username is a digit). That would likely clean up much of the user DB.
|
|
|
|
|
donwanadi
Dec 14, 2011, 12:53 PM
Post #4 of 7
(3025 views)
Shortcut
Registered: Oct 19, 2011
Posts: 170
|
jt[u][b]512[/b][/u] wrote: Below is a snapshot of "who" is currently online. With one notable exception, every username ending in digits is from a spambot.
Jt512 is a SPAMMER!
|
|
|
|
|
Kartessa
Dec 17, 2011, 1:53 AM
Post #5 of 7
(2997 views)
Shortcut
Registered: Nov 18, 2008
Posts: 7362
|
I kinda dig how most of them are looking at other users' information
|
|
|
|
|
jt512
Dec 19, 2011, 5:18 AM
Post #6 of 7
(2980 views)
Shortcut
Registered: Apr 12, 2001
Posts: 21904
|
donwanadi wrote: jt[u][b]512[/b][/u] wrote: Below is a snapshot of "who" is currently online. With one notable exception, every username ending in digits is from a spambot. Jt512 is a SPAMMER!
That's a good catch. The "one notable exception" I had in mind was carabiner96.
Jay
|
|
|
|
|
qwert
Dec 26, 2011, 9:57 AM
Post #7 of 7
(2901 views)
Shortcut
Registered: Mar 24, 2004
Posts: 2394
|
xmesox wrote: The only plus side to this is that they weren't forum spammers and they all rather resort to just link building by inserting URLs in their profiles.
Here's one that fits into that name+digits scheme that also posts in the forums. He hasnt yet figured out how the url tags work, and this spam is even more "off" than most stuff, but maybe they have changed tactics?
qwert
|
|
|
|
|
|
