Page Index Toggle Pages: [1] 2 
Topic Tools
Hot Topic (More than 10 Replies) Unerving Messages in Registration Log (Read 4,910 times)
jon666
Junior Member
**
Offline



Posts: 83
Unerving Messages in Registration Log
Jan 26th, 2012 at 3:14pm
Post Tools
I run a private alumnae forum where all member applications must be approved by admin. Naturally that doesn't stop the bots from sniffing around  -  20 or so per day in error log - but there's only one who regularly makes it to the Registration log, tending to disappear for a while then return for several days in a row.

The comment entered in the Registration log is always similar but different. Today there are three attempts all from different ip's. The messages are: "just...looking for talking, reading", "so look for information", "Admin, I'm for talking" They always contain the words so, just, look for, looking for, talk, chat, information.

Today's ips are 67.232.145.91 (usa), 178.73.63.132 (Poland), 195.2.255.48 (Poland), and other days come from a range of countries. Checking at Stop Forum Spam reveals vast numbers of entries often "toxic". This and my error log suggests it's a bot because all my attempts  from any one ip are executed within 60 seconds - events being separated by  several hours.  A number of attempts are made at the Captcha before succeeding. So I assume the message left is written into the spammer's code.

However the persistence of the messages and the wording are eerily unerving and make it seem like it could be a human. If anyone else has experienced this and has any thoughts/ideas would appreciate hearing from them. Haven't added any of the suggested Spam upgrades as have not in three years been breached. If this guy keeps it up though, I will do so.   Huh Angry





 
  
Back to top
 
IP Logged
 
Dandello
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 2,434
Location: Earth

YaBB 2.6.1
Re: Unerving Messages in Registration Log
Reply #1 - Jan 26th, 2012 at 3:30pm
Post Tools
I get them too even with the mods, but it sounds like you're getting a lot.
Add the StopForumSpam mod and one of the puzzles (the antispam quiz or SpamFruits) - that will at least slow them down. If you add the Anti-Spam quiz, be sure to replace the questions with ones of your own - bots can actually answer easy questions.

And GGN's Captcha hack looks VERY promising http://www.yabbforum.com/community/YaBB.pl?num=1324832594

The one that cracks me up: "I am looking to place an order"  Huh

« Last Edit: Jan 26th, 2012 at 3:33pm by Dandello »  

If you only have one solution to a problem you're not trying hard enough!
Back to top
WWW  
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,709
Location: Los Angeles

YaBB 2.4
Re: Unnerving Messages in Registration Log
Reply #2 - Jan 27th, 2012 at 12:38am
Post Tools
Dandello wrote on Jan 26th, 2012 at 3:30pm:
...
The one that cracks me up: "I am looking to place an order"  Huh

I get a laugh out of that one, too. Like that's going to get me to approve their membership.  Roll Eyes

jon666 wrote on Jan 26th, 2012 at 3:14pm:
I run a private alumnae forum where all member applications must be approved by admin.

...

However the persistence of the messages and the wording are eerily unerving and make it seem like it could be a human. If anyone else has experienced this and has any thoughts/ideas would appreciate hearing from them.

First off, it's obviously good that you use admin approval for memberships.

Secondly, and more importantly as Dandello referenced, I can confirm that ggn's method to stop spammers has been, and continues to be 100% effective. To date since I implemeted those simple changes, not a single spammer has been able to successfully register.

On that note, and much to my surprise, it's become evident to me that none of these spammers have been human as I thought they would have been. Or if they are, then they evidently run bots to do the work for them. In any case, again, implementing ggn's instructions will very effectively keep spammers out.

Go to this post for specific instructions (it's a 2-step process that involves 5 files).

Good luck!  Wink


Edited:
Spelling error correction in subject line. Wink


« Last Edit: Jan 27th, 2012 at 2:53am by Bill Myers »  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
JonB
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 3,981
Location: Land of the Blazing Sun!

YaBB 2.6.1
Re: Unerving Messages in Registration Log
Reply #3 - Jan 27th, 2012 at 1:15am
Post Tools
from my current registration log -

Piece of crap's IP belongs to a hosting outfit in Germany known for hosting 'bad things'

Registration UserID:      stitletrals
Chosen screen name:      stitletralsRR
Not validated email address:      norsi.paums@aol.com
Chosen language:      English
Coming from IP address:      109.230.220.244
Given reason for registering:      ...need talking

note the screen name: stitletralsRR - has the double letter ending x-rumer often shows. and x-rumer is hosted in Germany so I'm thinking it was a run.

...need talking,  NO ...need the dying now,

F... Them.
Tongue
  

I find your lack of faith disturbing.
Back to top
IP Logged
 
jon666
Junior Member
**
Offline



Posts: 83
Re: Unerving Messages in Registration Log
Reply #4 - Feb 3rd, 2012 at 12:24am
Post Tools
Good detective work JonB. Guess we should all report this character or rather add to the many existing complaints.

Danlello and Bill, I did in fact install the spam quiz on Jan 26 - very easy on Yabb 2.4 - and have had no further intrusions in my Registration log. I also realized it could be a useful first line screener of legitimate applicants if I replaced all the default questions with ones only a former student of the college would be able to answer.
Smiley Cool Wink
  
Back to top
 
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,709
Location: Los Angeles

YaBB 2.4
Re: Unerving Messages in Registration Log
Reply #5 - Feb 3rd, 2012 at 12:57am
Post Tools
jon666 wrote on Feb 3rd, 2012 at 12:24am:
... Danlello and Bill, I did in fact install the spam quiz on Jan 26 - very easy on Yabb 2.4 - and have had no further intrusions in my Registration log ...


Good to know.

Fortunately for me, as I stated here with easy to follow instructions thanks to ggn and George, not a single spammer has been able to register in our forum. Not one! Only normal registrations have been processed.

Edited:
Fixed a grammatical error.

« Last Edit: Feb 3rd, 2012 at 5:11am by Bill Myers »  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
JonB
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 3,981
Location: Land of the Blazing Sun!

YaBB 2.6.1
Re: Unerving Messages in Registration Log
Reply #6 - Feb 3rd, 2012 at 4:51pm
Post Tools
jon666 wrote on Feb 3rd, 2012 at 12:24am:
. I also realized it could be a useful first line screener of legitimate applicants if I replaced all the default questions with ones only a former student of the college would be able to answer.

Heh - I guess that would depend on the attention span and retention of those former students, eh???  Cheesy Grin Wink

Roll Eyes
  

I find your lack of faith disturbing.
Back to top
IP Logged
 
Dandello
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 2,434
Location: Earth

YaBB 2.6.1
Re: Unerving Messages in Registration Log
Reply #7 - Feb 3rd, 2012 at 9:41pm
Post Tools
One would hope that they would remember what the school mascot was  Cheesy
  

If you only have one solution to a problem you're not trying hard enough!
Back to top
WWW  
IP Logged
 
trekwebmaster
Junior Member
**
Offline



Posts: 60
Location: Kent
Re: Unerving Messages in Registration Log
Reply #8 - Feb 12th, 2012 at 10:48am
Post Tools
I get this very same Spam bot almost every day, in fact usually about three times each day with new IP and username on each occasion, all the IP addresses are proxies of course this was today’s host “Host name h176-227-192-146.host.redstation.co.uk”
This particular spammer sails past the “Capcha feature” without making a single error, so he obviously has a bypass program of some sort.

I use Pre-registration with admin approval for our forum, which keeps out most Spam.
“mmm...want contact with admin” was today’s message when registering. Deleting him each time he registers is not a problem, but I would rather he gave up to save me the trouble.
I am going to take a serious look at this annoying Spam.

My old forum asked somewhere in the registration “are you a Spam bot”? Of course being machines they answered yes and were automatically rejected. But I don’t have access to the old forum now and don’t know the code used.
I must try to find it though as it worked great at the time.

Perhaps someone on this forum with programming experience can come up with something similar?
  

Using yabb 2.3.1
Back to top
WWW  
IP Logged
 
depablo
YaBB Moderators
YaBB Next Team
Beta Testers
***
Offline



Posts: 577
Location: UK

None
Re: Unerving Messages in Registration Log
Reply #9 - Feb 12th, 2012 at 11:17am
Post Tools
trekwebmaster

Have you tried to install any of the antispam mods mentioned in the second post?

Spam Fruits is very easy to install.
  

Taking a peek behind the mask Wink
Back to top
 
IP Logged
 
Dandello
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 2,434
Location: Earth

YaBB 2.6.1
Re: Unerving Messages in Registration Log
Reply #10 - Feb 12th, 2012 at 4:11pm
Post Tools
And the code the old forum was using was probably something like Anti-Spam Quiz (Which I use, with custom questions).

Adding ggn's YaBB CAPTCHA hack should also stop the automatic Captcha readers.
  

If you only have one solution to a problem you're not trying hard enough!
Back to top
WWW  
IP Logged
 
trekwebmaster
Junior Member
**
Offline



Posts: 60
Location: Kent
Re: Unerving Messages in Registration Log
Reply #11 - Feb 12th, 2012 at 4:28pm
Post Tools
I tried the edit, but I got this error

Error: An Error Has Occurred! Bareword found where operator expected at ./Sources/Decoder.pl line 161, near ""xx"captcha"

I tried using "aa" instead of xx, with the same result I am using yabb 2.3.1
  

Using yabb 2.3.1
Back to top
WWW  
IP Logged
 
Dandello
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 2,434
Location: Earth

YaBB 2.6.1
Re: Unerving Messages in Registration Log
Reply #12 - Feb 12th, 2012 at 5:11pm
Post Tools
The error means that a piece of essential punctuation went missing during your edit. Check for missing quotes, periods, '$', and end-of-line semicolons.
I'm betting a '$' went missing.


« Last Edit: Feb 12th, 2012 at 5:12pm by Dandello »  

If you only have one solution to a problem you're not trying hard enough!
Back to top
WWW  
IP Logged
 
trekwebmaster
Junior Member
**
Offline



Posts: 60
Location: Kent
Re: Unerving Messages in Registration Log
Reply #13 - Feb 12th, 2012 at 6:22pm
Post Tools
Tried it again with the $.
I still got this error message

Error: An Error Has Occurred! Bareword found where operator expected at ./Sources/Decoder.pl line 161, near "$"xx"  Shocked

Further edit

I seem to have worked it out, and it appears to be working, at least i am not getting any error mesages

I used this whole line &captcha($xxcaptchaxx);

Now I need some spammers to test it Wink

« Last Edit: Feb 12th, 2012 at 7:04pm by trekwebmaster »  

Using yabb 2.3.1
Back to top
WWW  
IP Logged
 
Dandello
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 2,434
Location: Earth

YaBB 2.6.1
Re: Unerving Messages in Registration Log
Reply #14 - Feb 12th, 2012 at 9:05pm
Post Tools
That line should look like this
Code
Select All
&captcha("XX".$captcha."XX"); 



Translation: calling subroutine named captcha and sending "XX".$captcha."XX" to it to be processed.
Broken down: - literal XX concatenated to variable $captcha concatenated to literal XX (those dots mean concatenated or joined and the quotes denote literals (non-changing items.)

What you have is: variable $XXcaptchaXX

It's not throwing an error - but it will since you don't have a defined variable of $XXcaptchaXX

« Last Edit: Feb 12th, 2012 at 9:07pm by Dandello »  

If you only have one solution to a problem you're not trying hard enough!
Back to top
WWW  
IP Logged
 
Page Index Toggle Pages: [1] 2 
Topic Tools
 
  « Board Index ‹ Board  ^Top