This is the new home of the egghelp.org community forum.
All data has been migrated (including user logins/passwords) to a new phpBB version.


For more information, see this announcement post. Click the X in the top right-corner of this box to dismiss this message.

Yet another spambot...

Website and forum-related announcements and discussion, and anything else that doesn't fit in the above forums.
User avatar
slennox
Owner
Posts: 593
Joined: Sat Sep 22, 2001 8:00 pm
Contact:

Post by slennox »

Have there been any more spambots in the past week? The current captcha isn't the default phpbb one and is quite strong - I've had a look and can barely read most of them - it's a miracle we get any signups at all :lol:
User avatar
Domin
Halfop
Posts: 72
Joined: Sat Jun 10, 2006 9:10 am

Post by Domin »

slennox wrote:Have there been any more spambots in the past week? The current captcha isn't the default phpbb one and is quite strong - I've had a look and can barely read most of them - it's a miracle we get any signups at all :lol:
Haha ye i actualy dont understand how they get bots to read them, since i also find them hard to read :wink:

One approach i heard about i to put a link from here on a xxx page and then make real people enter numbers there for seeing pictures, so if you got some sort of stats page you might be able to see if there are some suspect pages linking to the captcha images.
Regards
Domin @ efnet
n
nml375
Revered One
Posts: 2860
Joined: Fri Aug 04, 2006 2:09 pm

Post by nml375 »

It's rather a "simple" process of signal processing.. Or, atleast the theory of it is...

Step one is to remove the "noice" from the signal (backgrounds, shades, etc), so that we get a decent representation of the actual letters.

Step two would be some shaping and anti-aliasing, just to smooth things out.

Step three is to isolate each letter "object" from the image, and arrange these.

And the final step would be to match these objects to shapes of real letters using heuristic algorithms...

Of course, coding these steps might not be as trivial :p


Back on track however, just checking the last two pages of the members list reveals maybe 30-50 possible spambot candidates. However, these seem yet unable to actually create posts (suspicion based on Handle, website, IM, email, etc. available in their profile-page).
Also, these Captchas only prevent automated registration; which can easily be circumvented like Domin suggested by having manual labor entering this info upon request. They don't offer any protection once the registration is done however. An evil spammer would simply register a bunch of accounts, then use them one at a time until banned, causing a virtually seamless flood of spam.

And yes, as an old serveradmin, webmaster, etc. I am paranoid!
NML_375
n
nml375
Revered One
Posts: 2860
Joined: Fri Aug 04, 2006 2:09 pm

Post by nml375 »

Old thread, I know...

Just got a bit bored and scanned through the userlist..
Seems we've got some 800+ users registered with 0 posts. Of course not all of those are spammers, but a quick look at the profile would suggest some 50% of these may very well be the result of some (semi)automated process (aka spambots). Considering the low number of posts that do slip through the net, I'd say the spam protection works fairly well.

As for new accounts, I've noticed atleast 2 accounts related to a Chinese spamhub/web registrar known as jingke, created within the last two weeks. I would say the captcha does limit the number of automated accounts, but they're still coming through.
NML_375
User avatar
slennox
Owner
Posts: 593
Joined: Sat Sep 22, 2001 8:00 pm
Contact:

Post by slennox »

Been a long time since I pruned the user list. Always been the case that many users register but never activate or post. Haven't been keen on running the user pruning tool recently as it's old and unsupported - I'd rather have inactive users than risk messing up the database.

There are 4 users that have jingke as their website, but none have activated, so perhaps they're just spamming for the profile link.
User avatar
Dedan
Master
Posts: 260
Joined: Wed Jul 09, 2003 10:50 pm
Location: Memphis

Post by Dedan »

please don't take my nick off, i am just sick, not dead 8)
I once was an intelligent young man, now i am old and i can not remember who i was.
User avatar
Sir_Fz
Revered One
Posts: 3794
Joined: Sun Apr 27, 2003 3:10 pm
Location: Lebanon
Contact:

Post by Sir_Fz »

sellwowgold2 have been bumping old threads with advertisements to several sites (I guess that's new style? :P)...
n
nml375
Revered One
Posts: 2860
Joined: Fri Aug 04, 2006 2:09 pm

Post by nml375 »

Yup, 'tis the new school :/
I guess slennox is buzy with IRL during the holidays, so we'll just have to hunt down the posts meanwhile. ;)
Atleast it's not an avalanche-spammer, but I could imagine better things to do with all the snow outside.

A thought though; I've seen many forums requiring new members to introduce themselves in a public area before being allowed to post in the rest of the forum. Still means they can spam, but it keeps the crap to a limited area of the forum...
NML_375
Post Reply