Page 1 of 1

eliminating spammers

PostPosted: Fri Sep 21, 2012 3:50 pm
by heiowge
I want to create a search for the ton of spammers I get on another forum I admin.

We have a ton of people joining with addresses like:

fvwfg.d.g.v.b.dfd.ertg.sdv.sgv@gmail.com

There are a ton of these pillocks with lots of dots in their email address. Problem is that there are a ton of genuine users with gmail.com email addresses.

I can search by date, but I could really do with a search that pulls in people with lots of dots in their email address.

Any ideas?

PostPosted: Fri Sep 21, 2012 4:51 pm
by M-Saunders
What sort of checks do you perform when users sign up? Do they have to click a validation link in an email? Even with that step, we used to get loads of spammers on this forum. The most powerful defence, I found, was to put a Linux-specific question in the sign-up stage. It was really easy, but weeded out the spammers who had no idea what the forum was for (ie 99% of them).

M

PostPosted: Fri Sep 21, 2012 4:56 pm
by Dutch_Master
I had a similar problem earlier on one of my forums. That one uses a phpBB3 board, that has the option of having user's accounts manually activated by a moderator. I performed a whois on their IP and if it's not a regular western-European ISP, they're out. I did post a notice for any users who were from outside Europe to contact me directly via email. Not many did :P I also have a captcha module and it asks questions, related to the subject of the forum. Plus, and that's a benefit of a non-English target audience, the questions are asked in a different language, one not easily mastered ;)

HTH!

PS: I manually removed all applicants and banned them by IP. It's a royal PITA, but eventually, after the questionnaire was introduced, the flood disappeared. I did get >250 applications for membership in just 10 days or so, of which 3 (at max) were genuine... :roll:

PostPosted: Fri Sep 21, 2012 6:37 pm
by heiowge
The checks are already in place. The problem is that all the new spam is coming from accounts set up before the advanced screenings came in. Since there are over 30000 accounts, I really don't want to go through them one by one. If I can search for these types I'll eliminate the biggest group of problem.

Oh, and it's not my forum. It's owned by a company. I just moderate and clean up. I have admin Privileges, but it's not my board to put new stuff on. I asked them to let me moderate signups and it was denied. All I can do is moderate posts and wipe out the morons. I can, however, wipe out anyone who I believe is a spammer before they spam.

Only an demi-god, not a full god. :lol:

PostPosted: Fri Sep 21, 2012 9:02 pm
by heiowge
sysyphus.jones off the Sixgun forum (those Linux Outlaw lads' forum) pointed me here, that's got some sweet email addresses that can be added to the ban list. 10s of thousands of known spammer emails and over 100,000 spammer IPs. :D

http://www.streetsie.com/phpbb-email-banlist/

PostPosted: Fri Sep 21, 2012 11:14 pm
by Dutch_Master
Ah yes, the sleepy spammer accounts. Most of those have 0 posts to begin with (or a small amount) so selecting those will weed out genuine users who actively take part. I don't know much about databases, so can't tell you how wildcards are handled, but if you can use them, issue search strings like *.*.*.*.*.@gmail and reduce by a single wildcard at a time to find the "excessively dotted" addresses.

PostPosted: Sat Sep 22, 2012 8:57 am
by heiowge
Dutch_Master wrote:, issue search strings like *.*.*.*.*.@gmail


I tried that exact search with a small window of time (so as not to overload things) and got tons of false positives. I need a search with no false positives. :?

PostPosted: Sat Sep 22, 2012 10:12 am
by nelz
That's probably because in some regexp flavours . matches any character, so you'd need to escape the dots and search for *\.*\.*\.*@gmail

PostPosted: Sat Sep 22, 2012 12:31 pm
by heiowge
Tried that. I got this:


Information

No users fit the selected criteria.

PostPosted: Sat Sep 22, 2012 6:54 pm
by nelz
What are you using to search? Grep, sed, SQL? They all have different regex rules.

PostPosted: Sat Sep 22, 2012 8:34 pm
by heiowge
I'm just using the admin panel in the board (phpbb)