DF-21 Forums

[Mattias Welander]

During the last two days, at least two spambots have registered with the board. Fortunately, I have not yet seen any of them posting, but that might just be a matter of time (or the administrators might have removed already posted spam).

I'm curious what about what the administrators are currently doing about this situation, and what they plan to do in the future?

[Matt K]

I quickly checked the last page of the member list and found two more with little effort. Just look at their website URLs.

I don't have the power to ban these guys, but the Phase 2s do.

[Jedi Cheddar]

Are spambots those people that just go around posting aimlessly for no appearent reason?

_________________
It's good to be a little cheesy...

[Mattias Welander]

No, they are those programs that are preparing to take over our nice forum and fill it with advertisments for stupid products.

[Scape Goat]

Never saw any advertisements, but someone else might have cleared them.

[Mattias Welander]

I suspect they're just preparing for that at the moment, by registering as many users as they can... once they think they have enough, they might start spamming the board itself. The idea then would be to register so many users that a manual removal of them will miss a few.

[Scape Goat]

OK, I see what's going on now. I'll keep an eye on things and delete anything that needs to be.

[Nottheking]

I didn't notice any spambots yet... Then again, I rarely look at the whole list of registered memebers... Perhaps a method of security should be implemented to prevent them from registering? (such as a image-reading confirmation such as Yahoo uses, or perhaps a Flash section, which as far as I know, a bot cannot use)

_________________
Wake up, George Lucas... The Matrix has you..

[Mattias Welander]

I think something as simple as a custom email verification process would do the trick. It is highly doubtful the bot authors would write customized software just for spamming DF-21.

[Nottheking]

[Mattias Welander]

The spambots are still flowing in unhindered, about one new every day. I would strongly urge the administrators to put up some kind of defence against them really soon now, before the situation gets out of hand.

[Nottheking]

Apparently, four new ones have just registered today...

_________________
Wake up, George Lucas... The Matrix has you..

[Mattias Welander]

Hm... that's even more than I had noticed... which I think is exactly what they hoped for.

[Nottheking]

Let's see the list of spam-bots:

Obvious Spambots:

• and408
  
• and567
  
• riso12
  
• are546

Likely/potential spambots:

• Aufroy80 (moderately likely)
  
• AXOX (somewhat potential)

The others on the list don't seem to be illegitimate at all, though.

_________________
Wake up, George Lucas... The Matrix has you..

[Mattias Welander]

I believe several I've noticed before have been removed. Also, a possible strategy they might be using is to register both obvious and non-obvious spambots, hoping the administrators will focus their attention on the obvious ones, thus leaving the non-obvious in the system so they're there the day they start to talk.

[Scape Goat]

Yeah, I've deleted a few over the past few days or so. E-mail confirmation is now turned on. We'll see how that works out.

[Mattias Welander]

I fear we must conclude by now that the current implementation of email confirmation does not succeed in stopping the spambots. Unfortunately, without knowing how it is implemented, I don't know where the weak point is.

[Scape Goat]

They can still register, but they shouldn't be able to post unless they activate their account via e-mail.

[japh]

Nice.

I have heard that phpbb is full of holes, though. Beware.

[Mattias Welander]

One of the spambots on another phpBB message board I frequent just activated, and started posting. As I suspect there aren't that many different spambot owners out there, chances are our spybots will activate soon, too. Keep your eyes open!

[Nottheking]

[Jackson]

Don't worry, I'm personally keeping my eyes peeled.
If any spambots activate, I'll either defenestrate them or delete their accounts to control the damage.

[japh]

[Fenwar]

[Guest]

Hi! I'm a spambot. Please force me to die in a fire.

(Matt K approves this fiery death)

[Darth Oosha]

...Did it think we were calling for it?

[The MAZZTer]

I recommend someone go into the phpBB registration system code and tweak it just enough so that automatic registration is no longer possible (IE changing the username input tag name value would be enough).

_________________
http://www.mzzt.net/ | I am a respectable admin with a respectable sig.

[NathanWilson]

Well, somebody has been bringing threads to my attention, and although I no longer remember any of the back-end addresses for admin stuff, I've deleted threads when I have seen them. Not remembering the stuff to ban users doesn't really matter as I'm no longer a Phase 2; likely a good choice given my rather long absence.

(Yes, I'm still around, vaguely).

[Darth Oosha]

Obvious Spambots:

• niketre (already posting)
  
• Brutton
  
• RobDougUS
  
• VIAGRA-
  
• UniMagicum
  
• Ronelder

Likely/potential spambots:

• Cal72521

I'm ignoring accounts with no profile info, based on the assumption that there's no way to tell with them. Also, I should probably stop clicking their "www" links to confirm their botness, since that just tells them that registering on DF-21 will increase their site hits.

[Jackson]

The ones you listed I've taken care of now.
I've been leaving Cal72521 alone because, although he hasn't before, his website seems legitimate enough.