Freebird Posted December 19, 2008 #1 Posted December 19, 2008 OK folks, it seems that the spam bots have found a way to get past the human verification manager in the registration process. I have implemented a new system which should stop it for now. We had several spammers join up over the past few days and I have caught them all fairly quickly. They have been deleted and banned but it's a never ending battle. The new system should pretty much solve the problem for now but it unfortunately makes it a bit more time consuming to register. I apologize now for making it so difficult for any new members who are joining up. If this doesn't stop the bots...the next step is one that I really don't want to take but it may eventually become necessary. That is to prevent anybody from joining up who is using one of the free email services. Almost 100% of the spammers are using accounts from Yahoo, GMail, etc. If the steps I have taken do not stop the spammers then I will simply have to require that people use a real email address and NOT one of the free services. The good news is that I think I can do it while allowing our existing members to continue using such emails but they will not be allowed for any new members who try to register.
6pak Posted December 19, 2008 #2 Posted December 19, 2008 As long as those of us that are already users are still good, I'm ok with wharever you do. Keep it up Don, you're doing a fine job.
pegscraper Posted December 19, 2008 #3 Posted December 19, 2008 gmail is not a real email address? A lot of people use it, including me. Could you maybe use the device where the person has to type in a code shown in a distorted picture to get registered? I've seen those kinds of things elsewhere.
Freebird Posted December 19, 2008 Author #4 Posted December 19, 2008 Yea, every spammer we have had over the past 6 months has used a gmail address. I'm close to adding gmail to the banned email list. There is no reason for a person to not use their real email address here as the email addresses are NOT made public even to other members unless by members choice. There are several ways to try and thwart the spammers. I had already tried your suggestion and it worked for a while. Then the spammers found a way to program the bots using OCR to crack that. I then went to a question and answer type verification. It worked OK for a while but lately they are getting around it also. Now I've implemented a DOUBLE word image and a random question system. I think it will work for a while but eventually they will find a way to defeat those also. It's just a never ending battle.
Kregerdoodle Posted December 19, 2008 #5 Posted December 19, 2008 Ok, what is " a real " email address ???
Condor Posted December 19, 2008 #6 Posted December 19, 2008 My simpathies Don. I tried implementing a bulletin board classified section to my website and it took about a week and the $%#@%& spammers ruined it. So I just said screw it... Hope you find a big padlock.... Something you might try with one of those recognition things like Craigslist. They have a two word password, but only the first word is needed to post. Maybe with the second it confuses the spammers??? Good Luck
FreezyRider Posted December 19, 2008 #7 Posted December 19, 2008 Don, Gmail IS a "real" email address. For many, it is their ONLY email address. I guess I don't understand what you mean by a "real" email address. I run a corporate email server, and where I am most of our spam comes from Comcast, Embarq, and Verizon email addresses. Guess I never considered people using those services not to have real email addresses just because the bad guys have figured out ways around their systems. Joe
Jerry W Posted December 19, 2008 #9 Posted December 19, 2008 Do what you gotta' do, it is a shame that you have to spend that much time trying to keep the site working. I don't really understand the "real" email issue, but then again $3.00 Wal-Mart calculators still amaze me. In my opinion, spammers are lower than whale manure, and that is on the bottom of the ocean.
Freebird Posted December 19, 2008 Author #10 Posted December 19, 2008 Yes, it is a real email address. It was not me who made that statement. What I said was that gmail, yahoo, etc. are FREE email services. Because they are free, most spammers...at least ALL the spammers that have logged in here have used them. They have no problem signing up for a free email service, spamming the forums with links to cell phones, viagra, etc. and then just canceling or never checking that free account again. MANY forums have stopped allowing registrations from those free services. Their is also no danger of having their primary email addresses shut town by their providers when they use gmail and yahoo for their spam. I don't know what you mean by many people not having any other email address. I would say that there are VERY few who do not. If you have Internet service then you have an email address available to you. The only people I know of who may not have are those who have no service at all and login from a public computer at a library or something. I'm not doubting what you say but only saying that your experience does not parallel what I see here. I've never, so far, been spammed by anybody using a legit email address from their Internet Service Provider. Every single one has come from a free email service with about 95% of those coming from gmail accounts.
Condor Posted December 19, 2008 #11 Posted December 19, 2008 Don, Gmail IS a "real" email address. For many, it is their ONLY email address. I guess I don't understand what you mean by a "real" email address. I run a corporate email server, and where I am most of our spam comes from Comcast, Embarq, and Verizon email addresses. Guess I never considered people using those services not to have real email addresses just because the bad guys have figured out ways around their systems. Joe Joe, I think what Don is refering to is your 'real' address provided by your ISP, or your website host.. Yahoo, Gmail, etal, are available for free if you can think up a name that hasn't been used already.....
Tom Posted December 19, 2008 #12 Posted December 19, 2008 I will be in trouble as I use Sprint aircard for home and road..unless I am missing something?
Guest Shep Posted December 19, 2008 #13 Posted December 19, 2008 Any email address is a "real email address" - and any email address can be run through Gmail or hotmail or any other email address as a "forward". But I certainly understand the frustration. It is a never ending battle. That is why I moved all my servers off-site so that someone else would have to worry about security. Freebird, with all the other safety features in place: one of the things that I have done is to put right in the registration page, "You must use your real First and Lastname or your registration will be denied." When I get ANY registration that does not fit that - they never get admin approval. Most CMS's will allow for a "handle" in addition to their real name. Shep
Freebird Posted December 19, 2008 Author #14 Posted December 19, 2008 Well...nobody is in trouble at this time. Like I said, that is a step that I really don't want to take and I won't unless it comes down to the last choice. If I DO take that step, those of you who are already registered will not be affected, only new registrations. I made a couple of changes this morning that should go a long way in eliminating the problem. We'll see how it works out. There is one other option also but it requires more work on my part. That would be that any new registrations must be manually approved by me before they actually get access to the site. That would me me checking the address, running the IP Address through Whois.org to find out where it originates from and then me making a judgment as to whether or not it is a spammer or not. Most of the spams that I see here are coming from the RIPE network.
FreezyRider Posted December 19, 2008 #15 Posted December 19, 2008 Don, In the past, I have registered on websites where the site generated an automated email to me. I had to respond to that email within 24 hours in order to "activate" my account. When a human response is necessary, the spammers lose. They don't have people monitoring those spamming servers, in fact most of the time if you reply to the address on one of those spam messages you will get a bounce back from their servers. Joe
Missionary Rider Posted December 19, 2008 #16 Posted December 19, 2008 Don, you're doing a great job and providing a valuable service. The site is enjoyed and you are appreciated! For information only, a lot of the missionaries I work with use hotmail, yahoo, or gmail because they move around a lot, using a variety of computers and internet access, and those accounts give them constancy in their email service. Webmail from an overseas ISP is a dicey business. Those accounts also afford them fair to middlin spam protection on their incoming email. None of that probably affects anyone here. Just thought I'd would add my 2 cents to the discussion. I can usually spare a few cents Merry Christmas everybody!! Lynn
abnormalwon Posted December 19, 2008 #17 Posted December 19, 2008 Don, I to want to echo the many "Thank you's" as I am sure few know all that probably goes into what you have to do to stay on top of the stuff. I certainly know that I do not know all that is entailed. Anyway, what has to happen, has to happen. Just darn unfortunate that there are those incompetent ninc-em-poop's who have nothing batter to do than try and screw up a good thing. Stay the course my friend!
Snarley Bill Posted December 19, 2008 #18 Posted December 19, 2008 don, ain't got a clue what your talking about, but your the man. ya know if the people who use the great intelligeance they have to screw innocent people on these sites would get a real job, they could be millionaires. i guess they think it's a fun game, making peoples life miserable. bill
Freebird Posted December 19, 2008 Author #19 Posted December 19, 2008 Don, In the past, I have registered on websites where the site generated an automated email to me. I had to respond to that email within 24 hours in order to "activate" my account. When a human response is necessary, the spammers lose. They don't have people monitoring those spamming servers, in fact most of the time if you reply to the address on one of those spam messages you will get a bounce back from their servers. Joe Joe, It already works that way. An email is sent out to confirm the email address. The person registering has to click a link to confirm their membership. Believe it or not, the spammers have come up with scripts to do all of that automatically. Don
BuddyRich Posted December 20, 2008 #20 Posted December 20, 2008 Can you program it for the verification code backwards ?
Sunman Posted December 20, 2008 #21 Posted December 20, 2008 Hi Don: Just something to think about for some extra security. On some bb services, during the reg process, they add a few questions that have radio buttons for accepting terms etc. A way of combatting auto reg bots, is to have some that need to be left UNCHECKED, most bots simply auto check all available boxes. So a line like "To complete registration leave this box UNCHECKED" and then put the appropriate code in. Just a suggestion to help in the war against spam bots. Sonny
IH Truck Guy Posted December 20, 2008 #22 Posted December 20, 2008 I AM FROM THE PLANET BALDOR. I COME IN PEACE. Thanks for all you do Don. I don't understand all the computer stuff,but I know it's a big problem.. Thanks..............
kbran Posted December 20, 2008 #23 Posted December 20, 2008 Yes, it is a real email address. It was not me who made that statement. What I said was that gmail, yahoo, etc. are FREE email services. Because they are free, most spammers...at least ALL the spammers that have logged in here have used them. They have no problem signing up for a free email service, spamming the forums with links to cell phones, viagra, etc. and then just canceling or never checking that free account again. MANY forums have stopped allowing registrations from those free services. Their is also no danger of having their primary email addresses shut town by their providers when they use gmail and yahoo for their spam. I don't know what you mean by many people not having any other email address. I would say that there are VERY few who do not. If you have Internet service then you have an email address available to you. The only people I know of who may not have are those who have no service at all and login from a public computer at a library or something. I'm not doubting what you say but only saying that your experience does not parallel what I see here. I've never, so far, been spammed by anybody using a legit email address from their Internet Service Provider. Every single one has come from a free email service with about 95% of those coming from gmail accounts. I had an email add. from hughes.net for the last three years but recently dropped it and went with a sprint mobile broadband card. They have canceled their email service so all I have is gmail now. I can't get dsl or cable were I live so it's satellite or Sprint and the satellite was getting terible.
pegscraper Posted December 20, 2008 #24 Posted December 20, 2008 I have internet access through a plug deal from a cell phone company. It does not have any email addresses that come with it. You have to have one from somewhere else. I have gmail for an email address. It's all I have. I have only one email address. Almost 100% of the spammers are using accounts from Yahoo, GMail, etc. If the steps I have taken do not stop the spammers, then I will simply have to require that people use a real email address and NOT one of the free services. In your opening post here, it was you said that gmail was not a real email address. Not me. Sorry. I won't deny the frustration of the thing. But disallowing free email services will put a certain amount of people out in the cold. I guess I'm already in here, but what about the next guy? I registered on a new board a couple days ago myself, and I'm glad they didn't have that kind of restriction. But you have to do what you have to do.
Freebird Posted December 20, 2008 Author #25 Posted December 20, 2008 OK...you are right. I did say that. Not really what I meant to say and I'm sorry about that. Doesn't change the facts though. I've already said that it would be done as a last resort and not something that want to do. We've been OK so far since the last changes that I made. If it comes down to it though, it will simply have to be done. I am not disputing that it may be the only choice for some people but I also know that it's a very low percentage of folks.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now