RISC OS Open: Forum: Spam insurgence

Jan 3, 2019 7:58am

Jon Abbott (1421) 2651 posts

What’s with the sudden increase in Spam accounts recently? It’s got so bad on my JASPP forum site, I’ve had to switch to Admin approved accounts for the time being.

They’re managing to bypass both ReCAPTCHA and the Q&A which wasn’t solvable via Google searches, so real people must be involved at some point not just bots.

In my case they’re all coming from IP ranges in Russia and the Ukrain and where there’s a spam bot creating multiple accounts, I’ve blocked the IP allocation range they’re on, as I can’t keep up with manually deleting them.

Over Christmas I must have manually deleted close to 100 accounts, I’d hate to think how many there would be if I wasn’t also blocking Io ranges!

Jan 3, 2019 8:35am

Steve Pampling (1551) 8170 posts

In my case they’re all coming from IP ranges in Russia and the Ukraine

Most of the cyber attacks hitting our exterior systems in recent months have been Russia and Ukraine sourced. According to the geolocation information the Ukrainian sources are located in the area bordering (annexed by) Russia.

Jan 3, 2019 8:46am

Dave Higton (1515) 3526 posts

Spam on this site took a big upsurge a few weeks back. It’s become quite a chore to delete it all. We have a new moderator too, but my work doesn’t seem to have diminished much, so there must have been an even bigger increase.

Jan 3, 2019 10:14am

Rick Murray (539) 13840 posts

I have a little server on my machine and I had noticed usual hack attempts from the famously leaky Great Firewall Of China.
However in recent weeks the attempts from RU and UK based IP addresses has been insane. I have a routine that looks up IP address to country, and I’ve just blocked the entire countries.

Jan 18, 2019 7:05am

Jon Abbott (1421) 2651 posts

Isn’t it about time this site did some kind of spam account filtering? Admin approved account activation worst case, or some kind of anti-bot check? Even reCaptcha would be better than the blanket approval that’s currently in place.

Jan 18, 2019 8:16am

David Feugey (2125) 2709 posts

Even reCaptcha would be better than the blanket approval that’s currently in place.

Could be a problem for RISC OS users.

Jan 18, 2019 8:38am

Rick Murray (539) 13840 posts

Isn’t it about time this site did some kind of spam account filtering?

Do you speak Ruby?

It’s the usual reason – developer time.

Probably why there’s no admin approval (if the forum is smart enough to support that), it would need admins to make fairly quick decisions for the many signups that happen each day.

I think my suggestion of silently dropping messages with URLs in the subject would help a lot…but I don’t speak Ruby so……..

Jan 18, 2019 8:57am

Clive Semmens (2335) 3276 posts

Even URLs in the body of the first post, unless they’re internal to this site, could be blocked. But sadly I don’t speak Ruby either.

Jan 18, 2019 12:10pm

Steve Pampling (1551) 8170 posts

Probably why there’s no admin approval (if the forum is smart enough to support that), it would need admins to make fairly quick decisions for the many signups that happen each day.

It might be more relevant to talk about the number of valid signups over a day, week, or month.
A delay of 24 hours or a day or so for write permissions is hardly the end of the world¹, and probably wouldn’t be that long anyway if the numbers are particularly small.

¹ Certainly not a match for the family history group in Sheffield which took over a year to respond with the approved status message.

Jan 18, 2019 1:07pm

Rick Murray (539) 13840 posts

the number of valid signups over a day, week, or month.

How does one determine what is “valid”? Look what happened with the oddball that believed in the power of ~~wishful~~positive thinking over technical ability…

Quick question for the person that deletes the spam accounts – is there any pattern in the email addresses given? I have heard of places, for example, that used to reject all new user signups from AOL.

Jan 18, 2019 2:25pm

Jon Abbott (1421) 2651 posts

How does one determine what is “valid”?

That’s what reCaptcha and Q&A’s are for. That said, I’m getting so many spam accounts on JASPP I’ve been forced to manually approve new accounts as neither of those were 100% successful, but they did filter out 99% of them.

The approach I’m using is:

Does the eMail address look like a person? ie its not 40 characters long with lots of hyphens in it and bare no relationship to the persons name that’s requesting access, or is a randomly generated @gmail.com or @yahoo.com account
Is the source IP in Russia, Moldova or Ukraine (all the spam accounts are coming from these regions)

I’ve also blocked all IP ranges that have generated more than one spam account – which are all UA, MD or RU domains.

Jan 18, 2019 2:56pm

Kevin (224) 322 posts

The trouble is, is that the forum software is out of date and no longer supported, so getting spam protection updates is a problem.

But I have found Altered Beast a rewrote of Beast which claims to have spam protection

https://github.com/kad3nce/altered_beast

If possible perhaps update the forum to this?

Jan 18, 2019 3:26pm

Jon Abbott (1421) 2651 posts

Perhaps its time to archive this forum and switch to something that’s maintained, such as phpBB. It’s probably worth doing just to get rid of Textile, which is a steep learning curve for new members.

Jan 18, 2019 6:10pm

Steve Pampling (1551) 8170 posts

I have found Altered Beast a rewrote of Beast which claims to have spam protection

https://github.com/kad3nce/altered_beast

If possible perhaps update the forum to this?

Perhaps a query somewhere other than Aldershot might get an answer.

It’s probably worth doing just to get rid of Textile, which is a steep learning curve for new members.

Not as steep as the cliff most of us would lie to drop it off :)

Spam insurgence

Reply

Search forums

Social

ROOL Store

Donate! Why?

RISC OS IPR

Description

Voices

Options

Jan 3, 2019 7:58am Jon Abbott (1421) 2651 posts	What’s with the sudden increase in Spam accounts recently? It’s got so bad on my JASPP forum site, I’ve had to switch to Admin approved accounts for the time being. They’re managing to bypass both ReCAPTCHA and the Q&A which wasn’t solvable via Google searches, so real people must be involved at some point not just bots. In my case they’re all coming from IP ranges in Russia and the Ukrain and where there’s a spam bot creating multiple accounts, I’ve blocked the IP allocation range they’re on, as I can’t keep up with manually deleting them. Over Christmas I must have manually deleted close to 100 accounts, I’d hate to think how many there would be if I wasn’t also blocking Io ranges!

Jan 3, 2019 8:35am Steve Pampling (1551) 8170 posts	In my case they’re all coming from IP ranges in Russia and the Ukraine Most of the cyber attacks hitting our exterior systems in recent months have been Russia and Ukraine sourced. According to the geolocation information the Ukrainian sources are located in the area bordering (annexed by) Russia.

Jan 3, 2019 8:46am Dave Higton (1515) 3526 posts	Spam on this site took a big upsurge a few weeks back. It’s become quite a chore to delete it all. We have a new moderator too, but my work doesn’t seem to have diminished much, so there must have been an even bigger increase.

Jan 3, 2019 10:14am Rick Murray (539) 13840 posts	I have a little server on my machine and I had noticed usual hack attempts from the famously leaky Great Firewall Of China. However in recent weeks the attempts from RU and UK based IP addresses has been insane. I have a routine that looks up IP address to country, and I’ve just blocked the entire countries.

Jan 18, 2019 7:05am Jon Abbott (1421) 2651 posts	Isn’t it about time this site did some kind of spam account filtering? Admin approved account activation worst case, or some kind of anti-bot check? Even reCaptcha would be better than the blanket approval that’s currently in place.

Jan 18, 2019 8:16am David Feugey (2125) 2709 posts	Even reCaptcha would be better than the blanket approval that’s currently in place. Could be a problem for RISC OS users.

Jan 18, 2019 8:38am Rick Murray (539) 13840 posts	Isn’t it about time this site did some kind of spam account filtering? Do you speak Ruby? It’s the usual reason – developer time. Probably why there’s no admin approval (if the forum is smart enough to support that), it would need admins to make fairly quick decisions for the many signups that happen each day. I think my suggestion of silently dropping messages with URLs in the subject would help a lot…but I don’t speak Ruby so……..

Jan 18, 2019 8:57am Clive Semmens (2335) 3276 posts	Even URLs in the body of the first post, unless they’re internal to this site, could be blocked. But sadly I don’t speak Ruby either.

Jan 18, 2019 12:10pm Steve Pampling (1551) 8170 posts	Probably why there’s no admin approval (if the forum is smart enough to support that), it would need admins to make fairly quick decisions for the many signups that happen each day. It might be more relevant to talk about the number of valid signups over a day, week, or month. A delay of 24 hours or a day or so for write permissions is hardly the end of the world¹, and probably wouldn’t be that long anyway if the numbers are particularly small. ¹ Certainly not a match for the family history group in Sheffield which took over a year to respond with the approved status message.

Jan 18, 2019 1:07pm Rick Murray (539) 13840 posts	the number of valid signups over a day, week, or month. How does one determine what is “valid”? Look what happened with the oddball that believed in the power of ~~wishful~~positive thinking over technical ability… Quick question for the person that deletes the spam accounts – is there any pattern in the email addresses given? I have heard of places, for example, that used to reject all new user signups from AOL.

Jan 18, 2019 2:25pm Jon Abbott (1421) 2651 posts	How does one determine what is “valid”? That’s what reCaptcha and Q&A’s are for. That said, I’m getting so many spam accounts on JASPP I’ve been forced to manually approve new accounts as neither of those were 100% successful, but they did filter out 99% of them. The approach I’m using is: Does the eMail address look like a person? ie its not 40 characters long with lots of hyphens in it and bare no relationship to the persons name that’s requesting access, or is a randomly generated @gmail.com or @yahoo.com account Is the source IP in Russia, Moldova or Ukraine (all the spam accounts are coming from these regions) I’ve also blocked all IP ranges that have generated more than one spam account – which are all UA, MD or RU domains.

Jan 18, 2019 2:56pm Kevin (224) 322 posts	The trouble is, is that the forum software is out of date and no longer supported, so getting spam protection updates is a problem. But I have found Altered Beast a rewrote of Beast which claims to have spam protection https://github.com/kad3nce/altered_beast If possible perhaps update the forum to this?

Jan 18, 2019 3:26pm Jon Abbott (1421) 2651 posts	Perhaps its time to archive this forum and switch to something that’s maintained, such as phpBB. It’s probably worth doing just to get rid of Textile, which is a steep learning curve for new members.

Jan 18, 2019 6:10pm Steve Pampling (1551) 8170 posts	I have found Altered Beast a rewrote of Beast which claims to have spam protection https://github.com/kad3nce/altered_beast If possible perhaps update the forum to this? Perhaps a query somewhere other than Aldershot might get an answer. It’s probably worth doing just to get rid of Textile, which is a steep learning curve for new members. Not as steep as the cliff most of us would lie to drop it off :)