Page Index Toggle Pages: 1 [2] 
Topic Tools
Very Hot Topic (More than 25 Replies) Fake Users Already? (Read 8,012 times)
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,629
Location: Los Angeles

YaBB 2.5
Re: Fake Users Already?
Reply #10 - Mar 24th, 2012 at 2:51am
Post Tools
That's the great thing about YaBB's spam blocking mods, or however else you automatically stop the spam, there's virtually no vetting to do. But unless it's automated, attending to IP addresses takes a lot of vetting, which I prefer not to do.

As for bandwidth, I believe this is dependent on the amount of spam attempts that hit your forum. Whether or not spam is blocked, the bandwidth should roughly be the same. Spammers will still generate bandwidth.

But what do I know?  Roll Eyes

The only thing I know for sure with our forum is that banning IP addresses did virtually nothing to stop spammers from attempting to register.

Sure, banned IP addresses as I once entered them by the dozens each and every day blocked them from registering, but these same spammers simply used other IP addresses, which are virtually limitless for them.

But after we implemented some easy-to-edit anti-spam captcha changes, we no longer had to ban IP addresses, not did we have to clear them from our registration log.
  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
BloodyRue
Junior Member
**
Offline



Posts: 83

None
Re: Fake Users Already?
Reply #9 - Mar 24th, 2012 at 2:28am
Post Tools
Pointless bandwidth and efforts on my part vetting them all.
  

† †
Back to top
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,629
Location: Los Angeles

YaBB 2.5
Re: Fake Users Already?
Reply #8 - Mar 24th, 2012 at 2:25am
Post Tools
Obviously depending on how much legitimate traffic from China you may want to have on your site (& in your forum), even from Russia, you may want to be careful about banning entire blocks of IP addresses.

In the entertainment industry, for instance, China is the fastest growing market out there, and potentially very lucrative.

The irony about banning IP addresses is that they are virtually limitless, so as long as you implement effective spam blocking, what's the real point of banning IP addresses en masse?
  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
BloodyRue
Junior Member
**
Offline



Posts: 83

None
Re: Fake Users Already?
Reply #7 - Mar 23rd, 2012 at 8:48pm
Post Tools
If you make YAMMS a registration requirement it definitely knocks them off your board.

StopForum Spam mod by Derek will nix almost all of them if you don't do the above.

The Xcapban mod I am working on kills a huge pile of xrumer users.

Placing: KKman and Xpymep in the admin guardian harvester ban section works great also.

The most effective thing I found  was adding an entire set of China, and Russia IP blocks to my htaccess file.

I have 8 other spammers that actually registered manually and attempted to spam my board but were stopped by YaBB's speed  posting admin settings.

I have yet to see an actual spam message placed on my boards since installing YaBB, whereas, my wwwboard setups had thousands posted.

I don't need anything else probably, but I know spamfruits and the other anti-spam mods will work also.
  

† †
Back to top
IP Logged
 
Dandello
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 2,292
Location: Earth

YaBB 2.6.1
Re: Fake Users Already?
Reply #6 - Mar 23rd, 2012 at 2:50pm
Post Tools
I should add that the number of spam registration attempts in the 'orphan site' is what shows up in my error log, not the registration log. One gets through to admin approval about once a month - which is about the same for my other sites. Between stopforumspam and the antispam quiz with custom questions, not many get through to need my attention.
  

If you only have one solution to a problem you're not trying hard enough!
Back to top
WWW  
IP Logged
 
BloodyRue
Junior Member
**
Offline



Posts: 83

None
Re: Fake Users Already?
Reply #5 - Mar 23rd, 2012 at 12:32pm
Post Tools
Within a few days of my initial setup I was getting spammers.

Most of  that seemed to be coming from Yandex with people searching for "Powered by YaBB"

  

† †
Back to top
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,629
Location: Los Angeles

YaBB 2.5
Re: Fake Users Already?
Reply #4 - Mar 23rd, 2012 at 6:22am
Post Tools
If you're using YaBB 2.4 as I am, you can easily stop spammers without installing any mods by following these instructions.

We're now averaging around 500 attempted spam registrations about every hour or so, and not a single spammer has been able to successfully register.
Edited:
The same here. The number of spam registration attempts that show up in my error log do not show up in the registration log.
Dandello wrote on Mar 23rd, 2012 at 2:50pm:
I should add that the number of spam registration attempts in the 'orphan site' is what shows up in my error log, not the registration log.
...

Sweet!Smiley

To those of you who are working on the next version of YaBB, I'm hoping you'll incorporate the anti-spam mods that seem to be working for YaBB 2.5; you know; provide us with those options in the Admin Center.

Edited:
More accurately, the approximately 500 spam registration attempts made each hour of the day or so are repeated attempts by much fewer spam-bots, i.e., each respective spam-bot makes repeated attempts that fail each time.

Human bots, or "hu-bots" as I think JonB coined the term in this post (the first time I've known anybody to use that terminology), are easily stopped by implementing admin approval for registrations.

« Last Edit: Mar 23rd, 2012 at 4:24pm by Bill Myers »  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
westwegoman
Ex Member
**




None
Re: Fake Users Already?
Reply #3 - Mar 23rd, 2012 at 6:11am
Post Tools
I would strongly recommend the spam fruits mod or the Anti-Spam Question V0.2 for YaBB 2.5.

Since Iíve installed the Anti-Spam question mod with a question on my local area, it has stopped them in their tracks. Before that, I was ready to give up. They were driving me nuts.
  
Back to top
 
IP Logged
 
Dandello
YaBB Administrator
YaBB Next Team
Operations Team
Beta Testers
Support Team
*****
Offline



Posts: 2,292
Location: Earth

YaBB 2.6.1
Re: Fake Users Already?
Reply #2 - Mar 23rd, 2012 at 3:06am
Post Tools
There aren't that many forum software packages - so all they have to do is look for the main file name associated with that forum.
I have one site that has only two inbound links and the moment those links went up my forum got hit with 200+spam registration attempts a day. (I have all the anti-spam stuff already in place so that takes care of a lot of it, but I'm still looking at 200+ attempts to register with bad info every day.)

I was getting 50 attempts a day before the site even got those links. (what mystifies me is technically it was an 'orphan directory'- unattached to anything else on the internet and they still found it.
« Last Edit: Mar 23rd, 2012 at 3:09am by Dandello »  

If you only have one solution to a problem you're not trying hard enough!
Back to top
WWW  
IP Logged
 
Bill Myers
God Member
Beta Testers
*****
Offline



Posts: 1,629
Location: Los Angeles

YaBB 2.5
Re: Fake Users Already?
Reply #1 - Mar 23rd, 2012 at 1:09am
Post Tools
I don't believe this is a security flaw in YaBB. Instead, I'm pretty sure that spammers look for standard forum names, and the YaBB.pl file is easy to find.

Thankfully, it's pretty easy to keep spammers from registering. †Smiley

Edited:
By the way, your forum looks very nice.  Wink
« Last Edit: Mar 23rd, 2012 at 1:14am by Bill Myers »  

Morning, noon, or night, have a great one!

Note: This forum doesn't allow for us to freely edit our posts or topics to make corrections as needed, so please remember to look for subsequent posts if you see any mistakes or outdated information. Sorry for the inconvenience.
Back to top
IP Logged
 
UVT
YaBB Newcomer
*
Offline



Posts: 11
Location: USA
Fake Users Already?
Mar 22nd, 2012 at 9:25pm
Post Tools
Hi, we have not yet exposed the board to the public, nor to the search engines and our board it is only accessable via our member-only area of a new community just started this weekend.

Yet we are already getting people trying to fake us into approving them as a member.

Does anyone know how and why this might be? is there a security flaw in yabb?

Thank you.
  
Back to top
 
IP Logged
 
Page Index Toggle Pages: 1 [2] 
Topic Tools
 
  « Board Index ‹ Board  ^Top