eliminating spammers

Non-computer-related chit-chat

Moderators: ChrisThornett, LXF moderators

eliminating spammers

Postby heiowge » Fri Sep 21, 2012 3:50 pm

I want to create a search for the ton of spammers I get on another forum I admin.

We have a ton of people joining with addresses like:

fvwfg.d.g.v.b.dfd.ertg.sdv.sgv@gmail.com

There are a ton of these pillocks with lots of dots in their email address. Problem is that there are a ton of genuine users with gmail.com email addresses.

I can search by date, but I could really do with a search that pulls in people with lots of dots in their email address.

Any ideas?
i5 4440 3.1Ghz, Asus H87M-E motherboard, 8GB DDR3, 2GB DDR5 nVidia card, 2x500GB Seagate hd, Coolermaster 750W PSU running Mint 16 MATE and Win7

eeepc 1015PX, 1.66 Ghz Intel atom processor, 2 GB DDR3, 320 GB hd, Mint 14 MATE. Fan needs fixing.
User avatar
heiowge
LXF regular
 
Posts: 1906
Joined: Wed Feb 27, 2008 8:21 pm
Location: Cheshire, UK

Postby M-Saunders » Fri Sep 21, 2012 4:51 pm

What sort of checks do you perform when users sign up? Do they have to click a validation link in an email? Even with that step, we used to get loads of spammers on this forum. The most powerful defence, I found, was to put a Linux-specific question in the sign-up stage. It was really easy, but weeded out the spammers who had no idea what the forum was for (ie 99% of them).

M
User avatar
M-Saunders
LXF regular
 
Posts: 2893
Joined: Mon Apr 11, 2005 12:14 pm

Postby Dutch_Master » Fri Sep 21, 2012 4:56 pm

I had a similar problem earlier on one of my forums. That one uses a phpBB3 board, that has the option of having user's accounts manually activated by a moderator. I performed a whois on their IP and if it's not a regular western-European ISP, they're out. I did post a notice for any users who were from outside Europe to contact me directly via email. Not many did :P I also have a captcha module and it asks questions, related to the subject of the forum. Plus, and that's a benefit of a non-English target audience, the questions are asked in a different language, one not easily mastered ;)

HTH!

PS: I manually removed all applicants and banned them by IP. It's a royal PITA, but eventually, after the questionnaire was introduced, the flood disappeared. I did get >250 applications for membership in just 10 days or so, of which 3 (at max) were genuine... :roll:
Dutch_Master
LXF regular
 
Posts: 2453
Joined: Tue Mar 27, 2007 1:49 am

Postby heiowge » Fri Sep 21, 2012 6:37 pm

The checks are already in place. The problem is that all the new spam is coming from accounts set up before the advanced screenings came in. Since there are over 30000 accounts, I really don't want to go through them one by one. If I can search for these types I'll eliminate the biggest group of problem.

Oh, and it's not my forum. It's owned by a company. I just moderate and clean up. I have admin Privileges, but it's not my board to put new stuff on. I asked them to let me moderate signups and it was denied. All I can do is moderate posts and wipe out the morons. I can, however, wipe out anyone who I believe is a spammer before they spam.

Only an demi-god, not a full god. :lol:
i5 4440 3.1Ghz, Asus H87M-E motherboard, 8GB DDR3, 2GB DDR5 nVidia card, 2x500GB Seagate hd, Coolermaster 750W PSU running Mint 16 MATE and Win7

eeepc 1015PX, 1.66 Ghz Intel atom processor, 2 GB DDR3, 320 GB hd, Mint 14 MATE. Fan needs fixing.
User avatar
heiowge
LXF regular
 
Posts: 1906
Joined: Wed Feb 27, 2008 8:21 pm
Location: Cheshire, UK

Postby heiowge » Fri Sep 21, 2012 9:02 pm

sysyphus.jones off the Sixgun forum (those Linux Outlaw lads' forum) pointed me here, that's got some sweet email addresses that can be added to the ban list. 10s of thousands of known spammer emails and over 100,000 spammer IPs. :D

http://www.streetsie.com/phpbb-email-banlist/
i5 4440 3.1Ghz, Asus H87M-E motherboard, 8GB DDR3, 2GB DDR5 nVidia card, 2x500GB Seagate hd, Coolermaster 750W PSU running Mint 16 MATE and Win7

eeepc 1015PX, 1.66 Ghz Intel atom processor, 2 GB DDR3, 320 GB hd, Mint 14 MATE. Fan needs fixing.
User avatar
heiowge
LXF regular
 
Posts: 1906
Joined: Wed Feb 27, 2008 8:21 pm
Location: Cheshire, UK

Postby Dutch_Master » Fri Sep 21, 2012 11:14 pm

Ah yes, the sleepy spammer accounts. Most of those have 0 posts to begin with (or a small amount) so selecting those will weed out genuine users who actively take part. I don't know much about databases, so can't tell you how wildcards are handled, but if you can use them, issue search strings like *.*.*.*.*.@gmail and reduce by a single wildcard at a time to find the "excessively dotted" addresses.
Dutch_Master
LXF regular
 
Posts: 2453
Joined: Tue Mar 27, 2007 1:49 am

Postby heiowge » Sat Sep 22, 2012 8:57 am

Dutch_Master wrote:, issue search strings like *.*.*.*.*.@gmail


I tried that exact search with a small window of time (so as not to overload things) and got tons of false positives. I need a search with no false positives. :?
i5 4440 3.1Ghz, Asus H87M-E motherboard, 8GB DDR3, 2GB DDR5 nVidia card, 2x500GB Seagate hd, Coolermaster 750W PSU running Mint 16 MATE and Win7

eeepc 1015PX, 1.66 Ghz Intel atom processor, 2 GB DDR3, 320 GB hd, Mint 14 MATE. Fan needs fixing.
User avatar
heiowge
LXF regular
 
Posts: 1906
Joined: Wed Feb 27, 2008 8:21 pm
Location: Cheshire, UK

Postby nelz » Sat Sep 22, 2012 10:12 am

That's probably because in some regexp flavours . matches any character, so you'd need to escape the dots and search for *\.*\.*\.*@gmail
"Insanity: doing the same thing over and over again and expecting different results." (Albert Einstein)
User avatar
nelz
Site admin
 
Posts: 8525
Joined: Mon Apr 04, 2005 11:52 am
Location: Warrington, UK

Postby heiowge » Sat Sep 22, 2012 12:31 pm

Tried that. I got this:


Information

No users fit the selected criteria.
i5 4440 3.1Ghz, Asus H87M-E motherboard, 8GB DDR3, 2GB DDR5 nVidia card, 2x500GB Seagate hd, Coolermaster 750W PSU running Mint 16 MATE and Win7

eeepc 1015PX, 1.66 Ghz Intel atom processor, 2 GB DDR3, 320 GB hd, Mint 14 MATE. Fan needs fixing.
User avatar
heiowge
LXF regular
 
Posts: 1906
Joined: Wed Feb 27, 2008 8:21 pm
Location: Cheshire, UK

Postby nelz » Sat Sep 22, 2012 6:54 pm

What are you using to search? Grep, sed, SQL? They all have different regex rules.
"Insanity: doing the same thing over and over again and expecting different results." (Albert Einstein)
User avatar
nelz
Site admin
 
Posts: 8525
Joined: Mon Apr 04, 2005 11:52 am
Location: Warrington, UK

Postby heiowge » Sat Sep 22, 2012 8:34 pm

I'm just using the admin panel in the board (phpbb)
i5 4440 3.1Ghz, Asus H87M-E motherboard, 8GB DDR3, 2GB DDR5 nVidia card, 2x500GB Seagate hd, Coolermaster 750W PSU running Mint 16 MATE and Win7

eeepc 1015PX, 1.66 Ghz Intel atom processor, 2 GB DDR3, 320 GB hd, Mint 14 MATE. Fan needs fixing.
User avatar
heiowge
LXF regular
 
Posts: 1906
Joined: Wed Feb 27, 2008 8:21 pm
Location: Cheshire, UK


Return to Off Topic

Who is online

Users browsing this forum: No registered users and 1 guest

cron