Page Index Toggle Pages: 1
Topic Tools
Hot Topic (More than 10 Replies) My worst spammers - (Read 15,441 times)
JonB
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 4,006
Location: Land of the Blazing Sun!

YaBB 2.6.1
My worst spammers -
Dec 5th, 2011 at 10:37pm
Post Tools
This is a topic stub for posting 'who, what, when, where' on spammers or ghost registrants on YOUR YaBB board - i.e. Share the infos here!

Wink
« Last Edit: Dec 5th, 2011 at 10:42pm by JonB »  

I find your lack of faith disturbing.
Back to top
IP Logged
 
Corey Chapman
YaBB Administrator
*****
Offline



Posts: 10,038
Location: Rock Hill, South Carolina

None
Re: My worst spammers -
Reply #1 - Dec 12th, 2011 at 3:38am
Post Tools
Example spam-related reserved names:

Quote:
support
guest
onlinedrug
pharmacy
pharmacie
ugg
viagra
vuitton
wowgold
cannabis
buywow
  

Back to top
IP Logged
 
Corey Chapman
YaBB Administrator
*****
Offline



Posts: 10,038
Location: Rock Hill, South Carolina

None
Re: My worst spammers -
Reply #2 - Dec 12th, 2011 at 3:40am
Post Tools
Spam Rule Definition:

Quote:
1=;cheapest
0=;online cigarettes
1=;online degree
1=;mortgage rates
1=;online prescriptions
0~;nike888
1=;love online
0~;herbsmd.com
0~;wigswigs4you.com
0=;LETTER OF BUSINESS RELATIONSHIP
0~;Marketnike
0=;We have all brands
0=;House Bill 4176
0=;Thank you for your loan request
0=;High Quality Replica Watches
1=;This special offer
0=;We can produce
0~;explorefashions.net
0~;nike(.?)jordan
1~;max(.?)shoe
0~;nike(.?)shoe
0~;shoe(.?) with top quality
0~;internet(.?)marketing
0~;proms.com
0~;viagra@yandex.com
1~;medical billing software
0~;paris hilton sex
0~;buy tramadol
1~;italy-europe.info
0~;incest
0~;bag1218.com
0~;12x12instantly.com
1~;porn
0~;lolita
0~;s216606257.websitehome.co.uk
0~;clicknearn.net
2=;VoIP
0~;visa-india.co.uk
0=;Visa India
0~;totalsecurityforyou.com
0~;compuquotes.com
0~;adverse-mortgage-centre.co.uk
0~;panamoney.net
0~;acai.vg
0~;intellixmedia.com
0=;destlecare
0=;For Sell 3G Apple Iphone
0~;voipswitch
1~;clicknearn.net
0=;Google are owned by Mafia
0=;online drugs
0=;ugg(?)boot
1=;viagra
1=;louis vuitton
  

Back to top
IP Logged
 
Corey Chapman
YaBB Administrator
*****
Offline



Posts: 10,038
Location: Rock Hill, South Carolina

None
Re: My worst spammers -
Reply #3 - Dec 12th, 2011 at 3:42am
Post Tools
Banned email addresses:

Quote:
charlieinbox@gmail.com
fashionexplo@gmail.com
janukhala@gmail.com
destlecare2@gmail.com
yhwh07o@live.com
blythe_1234@hotmail.com
mad321isn@gmail.com
fuji0000@gmail.com
jamie_robert77@yahoo.com
billreid2000@hotmail.com
bondollars@gmail.com
shoesorder258@hotmail.com
wuhanpoint@yahoo.com
mlui311@gmail.com
cmahe1986@gmail.com
maria2869@gmail.com
sampangi.rishwa@gmail.com
steven8522@gmail.com
ancytvs@yahoo.com
dian532na@gmail.com
yhwh19@live.com
harpergodwill@gmail.com
yhwh24@live.co.uk
im4ubabe@gmail.com
mailis.nuutinen@gmail.com
anthonyjyen@gmail.com
techno.dent@yahoo.com
sjc.taylor@optusnet.com.au
shami_1978@yahoo.com
asiahotelbiz1@gmail.com
dojlaw@hotmail.com
jarasees.nani@gmail.com
yhwh86@live.com
zhaoyingwen1974@sohu.com
pixy_shy@yahoo.com
px4@s293336938.websitehome.co.uk
net4outsource@gmail.com
elo7@valentina-matvienko.com
algapx@valentina-matvienko.com
workerinternet@yahoo.com
zen@europe.com
c5@valentina-matvienko.com
romaamor86@yahoo.com
osmo-s@mail.ru
roger.albion@gmail.com
infoelectltds@gmail.com
info@oblit.co.uk
nandhi.kanth@gmail.com
jennifer01clark@yahoo.com
scarlet0906@yahoo.com
aarose@yeah.net
seasonwholesale@yahoo.cn
wufei629@yeah.net
stockjuliae@gmail.com
maddogie@gmx.de
waslagiswho@gmail.com
harodevil95@hotmail.com
rjohnson1@qwikdial.net
smithbasserr@aol.com
sweety_candy341@yahoo.com
khan_khan201@yahoo.com
kenny.george@webplore.com
iphoneukltd@live.com
cc_yes11@yahoo.com
empanemil93@hotmail.com
thankstom51@yahoo.com
gazda@vojvodina.net
cyfuture0555@gmail.com
joiernigan28@yahoo.com
umer.nadem@gmail.com
teresa0002@gmail.com
kieu_minhtam@yahoo.com
madyyhakhan@gmail.com
freedierocks@gmail.com
rbleadgeneration@gmail.com
okshoesale@yahoo.com.cn
lucky_zhq@163.com
articleterry@gmail.com
tylerenglish101@hotmail.com
louisa7adam@yahoo.com
dylan.smith386@gmail.com
zjygp@126.com
fitness865@yahoo.com
tomjames25@yahoo.com
kelly7898@gmail.com
merchandiseltd_uk05@yahoo.com
cafmike@gmail.com
monica.jvis@gmail.com
webslforums@gmail.com
govbbs@163.com
ranjian666666@gmail.com
ibear2007@hotmail.com
tonephone@live.com
webform@hitechinfosoft.com
meeri425@gmail.com
diegoecw@hotmail.com
saranyamsccs@gmail.com
sidrajaved80@gmail.com
yan9085@yeah.net
luoxiaosang1@yeah.net
luis281@gmail.com
shamraiziqbal76@gmail.com
sraina@live.com
nguyencong997@gmail.com
sergarito@gmail.com
kkanwal12@gmail.com
gcetly07@gmail.com
dengjing22@gmail.com
laixuankien@gmail.com
yhwh77@hotmail.co.uk
johnmethew1@yahoo.com
downloadsversion12@gmail.com
hit4seo@quickheal.com
jennystone0456@yahoo.com
robert01green@yahoo.com
varadarajan2112@yahoo.com
markpetter01@gmail.com
sathya1950@hotmail.com
thebaham4@yahoo.com
aaaa33030@yahoo.com
hcosy@ymail.com
lxz@gamemorning.com
soundtales@hotmail.de
khurshid.maruti@gmail.com
tester20080326@astragate.net
catalin.cata18@gmail.com
qingjan@yeah.net
weiyuping07@gmail.com
ifetchseller@yahoo.com
itmtradings@gmail.com
wujuan198710@hotmail.com
bikerz956@gmail.com
jljacklala10@gmail.com
newnecktie2010@gmail.com
apple522@yeah.net
arielcolin@hotmail.com
cyberschnook@gmail.com
25leeyn@gmail.com
bushra7878@gmail.com
dressmart69211@163.com
www.titlus.com@gmail.com
titlus.com@gmail.com
mlcreno31@gmail.com
51chenxin@gmail.com
linyao422@gmail.com
smilelikesmile1@hotmail.com
postmaster@debtsettlement.vg
usasmith.smith3@gmail.com
yumei31@hotmail.com
ngyihong@hotmail.com
blackfridaydeals98@yahoo.com
ertdfg22@gmail.com
btwgfllrvijt@mailinator.com
clsandalssale@hotmail.com
3amigosseo@gmail.com
elena.lee9@gmail.com
conner061@gmail.com
mumu920506@gmail.com
bellatina@yahoo.cn
cassandradf1@hotmail.com
wh421023@yahoo.com
ledypavlovaalena@yandex.ua
golfcheapclubs@gmail.com
johnbrowse75@yahoo.com
william93u@gmail.com
bushinanjingren@gmail.com
alanew@ymail.com
ryan.ried9051@gmail.com
viviteid@yahoo.com
aleermarke@yahoo.com
freshcrop2010@gmail.com
mafu800@gmail.com
splinkyboo@yahoo.com
qllinhongyu@gmail.com
  

Back to top
IP Logged
 
JonB
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 4,006
Location: Land of the Blazing Sun!

YaBB 2.6.1
Re: My worst spammers -
Reply #4 - Dec 12th, 2011 at 3:48am
Post Tools
Thanks very much Corey -

Cool

  

I find your lack of faith disturbing.
Back to top
IP Logged
 
Corey Chapman
YaBB Administrator
*****
Offline



Posts: 10,038
Location: Rock Hill, South Carolina

None
Re: My worst spammers -
Reply #5 - Dec 12th, 2011 at 3:48am
Post Tools
Blocked email domains:

Quote:
cashdeals.com
s216606257.websitehome.co.uk
herbsmd.com
wigswigs4you.com
12x12instantly.com
clicknearn.net
visa-india.co.uk
totalsecurityforyou.com
compuquotes.com
adverse-mortgage-centre.co.uk
panamoney.net
acai.vg
intellixmedia.com
clicknearn.net
valentina-matvienko.com
debtsettlement.vg
  

Back to top
IP Logged
 
Corey Chapman
YaBB Administrator
*****
Offline



Posts: 10,038
Location: Rock Hill, South Carolina

None
Re: My worst spammers -
Reply #6 - Dec 12th, 2011 at 3:56am
Post Tools
The list on the page linked below is way too long to add to the forum because it would slow down or break registration.  However, this site has a good list of domains known to send spam.  It loads in the middle/top of the page with a scrollbar in the center - it takes a while for the full list to load.  http://www.spacequad.com/staticpages/index.php/KnownSpammerDomains

The best defense is monitoring the forum log and error log in the YaBB Admin Center to see what email addresses, users, and IPs (the key part) are hitting the forum over and over again.  You'll see floods of attempts from the same IP addresses attempting to break through the captcha but failing.  If they start to get through again, then you change the forum's captcha settings.  I both ban these IPs and set them as blocked via .htaccess in the Guardian settings.  I also monitor the usernames being registered.  There have been a lot of random nonsense names here, probably in attempt to see if they can figure out the registration and captcha sequence.  Only a few have actually been spam names, and those are quickly added to the reserved names list.
  

Back to top
IP Logged
 
BloodyRue
Junior Member
**
Offline



Posts: 83

None
Re: My worst spammers -
Reply #7 - Dec 13th, 2011 at 5:24am
Post Tools
Re: the email addresses,

Does the @ need the \ added or copy paste as is?
  

   
Back to top
IP Logged
 
George Maschke
Full Member
***
Offline



Posts: 315
Re: My worst spammers -
Reply #8 - Dec 14th, 2011 at 9:42am
Post Tools
Thank you, JonB & Corey! I've been getting a lot of spam registrations (~100 per day), although in most cases, they don't confirm and end up getting auto-deleted. I've also banned the IPs on the latest daily list from StopForumSpam.com:

http://www.stopforumspam.com/downloads/
  

Back to top
IP Logged
 
George Maschke
Full Member
***
Offline



Posts: 315
Re: My worst spammers -
Reply #9 - Dec 14th, 2011 at 9:51am
Post Tools
E-mail domains blocked for spam registrations on AntiPolygraph.org. Note the high incidence of .pl domains:

Quote:
10g.pl
2008radiochat.info
andasio.com
asewrggerrra.ce.ms
biggestresourcelink.info
bk.ru
ckatalog.pl
daolemi.com
derameil.cz.cc
dobrytata.pl
dreamover.info
dreriagurne-phen375.com
e-vents2009.info
easybuygos.com
fast-prototypes.com
fejm.pl
freemails.ce.ms
go2.pl
h2o.elk.pl
hbccreditcard.net
inbox.lt
iredirect.info
justafou.com
keromail.com
kkredyt.pl
kozacki.pl
mail333.com
mailmix.pl
mailplus.pl
mix-good.com
mixbox.pl
mov55.com
myemailboxy.com
naked-people.net
nedt.com
notowany.pl
o2.pl
oath.com
pregnancymiraclereviewnow.org
prokonto.pl
ro.ru
seawsvall-phen375.com
shenji.info
szeptem.pl
titkinaq.info
tlen.pl
unot.in
uymail.com
wowhackgold.com
zabacavir.co.cc
« Last Edit: Dec 14th, 2011 at 9:53am by George Maschke »  

Back to top
IP Logged
 
FindTopCasino.com
YaBB Newcomer
*
Offline



Posts: 6
Re: My worst spammers -
Reply #10 - Dec 14th, 2011 at 11:58pm
Post Tools
George Maschke wrote on Dec 14th, 2011 at 9:42am:
Thank you, JonB & Corey! I've been getting a lot of spam registrations (~100 per day), although in most cases, they don't confirm and end up getting auto-deleted. I've also banned the IPs on the latest daily list from StopForumSpam.com:

http://www.stopforumspam.com/downloads/

George Maschke wrote on Dec 14th, 2011 at 9:42am:
Thank you, JonB & Corey! I've been getting a lot of spam registrations (~100 per day), although in most cases, they don't confirm and end up getting auto-deleted. I've also banned the IPs on the latest daily list from StopForumSpam.com:

http://www.stopforumspam.com/downloads/

George Maschke wrote on Dec 14th, 2011 at 9:42am:
Thank you, JonB & Corey! I've been getting a lot of spam registrations (~100 per day), although in most cases, they don't confirm and end up getting auto-deleted. I've also banned the IPs on the latest daily list from StopForumSpam.com:

http://www.stopforumspam.com/downloads/


George, are you inputing the whole list of IPAs? 
Are you seeing any performance impact?

Also, if you look at the lists, you will section that they are all from the same IPA block. Once you do a check on one of those IPA's either on ARIN, RIPE, APNIC, or the others (depending who the IPA are handled by), then you might get a clue if the IPA is part of netword dedicated to servers, or hosting.  If so, then that whole subnet can be blocked.  No reason we should be seeing a legit registration originating from a server.

So, this brings me to the next question.  In the 2.3 version of Yabb, can I just indicate the C class of an IPA?  For example, can I just put 31.184.238, instead of 31.184.238.34 and ever other number in that class?
  
Back to top
 
IP Logged
 
FindTopCasinos.com
YaBB Newcomer
*
Offline



Posts: 22
IPAs and emails for las 3 weeks
Reply #11 - Dec 15th, 2011 at 8:58am
Post Tools
Blocking the below based on the last 3 weeks of activity seemed to have helped.

Notice that the below is attempting to block full C classes in many cases.  Please post and confirm that indicating only the first 3 octaves, without an ending period, in the ban list of yabb on versions 2.2 and 2.3 does in fact have the effect of blocking that whole C class and only that C class.  The reason whole C classes were blocked was due to high amount of spam listed for those subnets and those C classes are dedicated to online servers. Note that each C class is 256 IP addresses (IPAs).

Banned IPAs:
109.230.213
109.230.222
109.230.223
109.230.244
109.230.245
117.27.138.176
188.165.248.134
31.184.238
31.214.133
31.214.169
46.17.100
46.17.101
46.17.102
46.17.103
46.17.96
46.17.96
46.17.97
46.17.98
46.17.99
91.207.8
93.182.137.156

Banned Emails:
merliopesilwersibolrt@yahoo.fr
redikolswersadef@yahoo.fr
mjhgvadsfhbcjhgvhgv@yahoo.fr
smitchjohn49@yahoo.fr
gordonvilensky@yahoo.fr
kaleosmambos@yahoo.fr
galismomps@yahoo.fr
babisforils@yahoo.fr
tedadams80@yahoo.fr
j.usti.nanoropl.o.k.e.rnupater.sso.n@gmail.com
lavelle96477@aol.com
zensnorkzer@gmail.com
quiettiva@gmail.com
sortessergy@gmail.com
pyncshacy@gmail.com
duttotobuhrib@gmail.com
lobsteruop@gmail.com
skl.epikmeblowy@gmail.com
preorderinvigninedy@preorderdiablo3.com
dfkacbcvcvdfvdv12s@tlen.pl
  

Find the game and casino style that you like.&&Get free bonuses.&&Traveling?  Locate a local casino.
Back to top
WWW  
IP Logged
 
BloodyRue
Junior Member
**
Offline



Posts: 83

None
Re: My worst spammers -
Reply #12 - Dec 15th, 2011 at 12:04pm
Post Tools
I have seen a lot of 188 and 46 getting autobanned by SFS.

I have also recently seen a lot of referrals from "Offshore" business sites.
  

   
Back to top
IP Logged
 
Santos Lawrence
YaBB Newcomer
*
Offline



Posts: 1
Re: My worst spammers -
Reply #13 - Oct 12th, 2014 at 3:27pm
Post Tools
Corey Chapman wrote on Dec 12th, 2011 at 3:40am:
Spam Rule Definition:

Quote:
1=;cheapest
0=;online cigarettes
1=;online degree
1=;mortgage rates
1=;online prescriptions
0~;nike888
1=;love online
0~;herbsmd.com
0~;wigswigs4you.com
0=;LETTER OF BUSINESS RELATIONSHIP
0~;Marketnike
0=;We have all brands
0=;House Bill 4176
0=;Thank you for your loan request
0=;High Quality Replica Watches
1=;This special offer
0=;We can produce
0~;explorefashions.net
0~;nike(.?)jordan
1~;max(.?)shoe
0~;nike(.?)shoe
0~;shoe(.?) with top quality
0~;internet(.?)marketing
0~;proms.com
0~;viagra@yandex.com
1~;medical billing software
0~;paris hilton sex
0~;buy tramadol
1~;italy-europe.info
0~;incest
0~;bag1218.com
0~;12x12instantly.com
1~;porn
0~;lolita
0~;s216606257.websitehome.co.uk
0~;clicknearn.net
2=;VoIP
0~;visa-india.co.uk
0=;Visa India
0~;totalsecurityforyou.com
0~;compuquotes.com
0~;adverse-mortgage-centre.co.uk
0~;panamoney.net
0~;acai.vg
0~;intellixmedia.com
0=;destlecare
0=;For Sell 3G Apple Iphone
0~;voipswitch
1~;clicknearn.net
0=;Google are owned by Mafia
0=;online drugs
0=;ugg(?)boot
1=;viagra
1=;louis vuitton

Well there is plenty of spam going out there..It must be controlled and checked properly..
  
Back to top
 
IP Logged
 
Page Index Toggle Pages: 1
Topic Tools
 
  « Board Index ‹ Board  ^Top