Welcome, Guest!!
follow us on... rss

Author Topic: Bot report  (Read 14246 times)

purplepomegranite

  • Newbie
  • *
  • Posts: 14
    • View Profile
    • CEDIT
Bot report
« on: December 01, 2009, 10:30:42 AM »
Email: nsdlijxcsdsfrfd@mail.ru
IP: 95.55.106.238
Username: Nexiumikus

purplepomegranite

  • Newbie
  • *
  • Posts: 14
    • View Profile
    • CEDIT
Re: Bot report
« Reply #1 on: December 01, 2009, 10:31:44 AM »
And damn it, that's two bots through in two days - after months of lovely spam-free existence!

Looks like I'll be upgrading my plugin again.  >:(

MysteryFCM

  • Moderator
  • Full Member
  • *****
  • Posts: 200
    • View Profile
    • I.T. Mate
Re: Bot report
« Reply #2 on: December 01, 2009, 10:46:45 AM »
Regards
Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

Mike

  • Administrator
  • Sr. Member
  • *****
  • Posts: 300
    • View Profile
Re: Bot report
« Reply #3 on: December 01, 2009, 10:47:15 AM »
We'll never be able to keep ahead of them, too many are spawned each day or hour. The best we can hope to do is keep a tight leash on them. Personally, I simply disallow all *.ru domains from all of my sites. I'm not sure if I've ever seen one that wasn't a spammer or a bot.


And damn it, that's two bots through in two days - after months of lovely spam-free existence!

Looks like I'll be upgrading my plugin again.  >:(
Please don't PM me for assistance- post your questions in the forum where others can see them.

purplepomegranite

  • Newbie
  • *
  • Posts: 14
    • View Profile
    • CEDIT
Re: Bot report
« Reply #4 on: December 01, 2009, 10:48:28 AM »
http://support.it-mate.co.uk/?mode=Products&p=spambotsearchtool

;)

lol, I've seen that before.  There are a couple of crucial checks missing still ;)

MysteryFCM

  • Moderator
  • Full Member
  • *****
  • Posts: 200
    • View Profile
    • I.T. Mate
Re: Bot report
« Reply #5 on: December 01, 2009, 10:53:29 AM »
Which checks are missing? (should be able to add them :))

@Mike,
hehe you read my mind ;)
Regards
Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

purplepomegranite

  • Newbie
  • *
  • Posts: 14
    • View Profile
    • CEDIT
Re: Bot report
« Reply #6 on: December 01, 2009, 11:26:52 AM »
I have many legitimate users from .ru domains, so a blanket ban is not an option.

My thoughts on extending my plugin next is with SURBL analysis.  The problem with simply adding lots of bot lists is the time taken for the registration to complete - especially if one of the services is down (which happened to Botscout earlier, according to my logs).  I would like to think that using Botscout and StopForumSpam should cover most - though may add ProjectHoneyPot too.

SURBL is DNS based, which should be much quicker.  The only problem is that the message needs to be analysed and broken down before submission.  However, I have just successfully implemented this in email antispam software and the results are impressive - my inbox is clear of spam (and I deliberately have a couple of accounts that collect spam).

Another service I may look into is Akismet - but that one is mainly aimed at comments, not sure if it applies to forums as well.

My rewritten plugin is now object based, and I have moved all the antispam stuff into one class - and also internationalised it (it will support any language now, so long as someone provides a translation!).  The main advantage of this is that it can very easily be plugged into any environment.  It is also very easy to manage and update, and in the case of updates only the antispam class itself should need updating.

PopSmith

  • Newbie
  • *
  • Posts: 3
    • View Profile
Re: Bot report
« Reply #7 on: December 01, 2009, 07:23:36 PM »
In my opinion, the more "Bot-Checking" services you use the more likely you are to get a false positive. It also could result in unnecessary waiting time for those that use your forums.

Mike

  • Administrator
  • Sr. Member
  • *****
  • Posts: 300
    • View Profile
Re: Bot report
« Reply #8 on: December 01, 2009, 07:59:44 PM »
I think it's a double-edged sword...yes, the more sources you check the more likely you are to get a false positive, but the more likely you are to get a valid detection hit, too. I think the false positive rate here is actually very low due to the way we collect our bot signatures.


In my opinion, the more "Bot-Checking" services you use the more likely you are to get a false positive. It also could result in unnecessary waiting time for those that use your forums.
Please don't PM me for assistance- post your questions in the forum where others can see them.

purplepomegranite

  • Newbie
  • *
  • Posts: 14
    • View Profile
    • CEDIT
Re: Bot report
« Reply #9 on: December 02, 2009, 05:43:49 AM »
It also could result in unnecessary waiting time for those that use your forums.

The waiting time is the issue I want to minimise.  Currently, my checks will generally complete within a second.  However, if a site is unavailable there will be a five second delay per site (so maximum of fifteen seconds currently).

DNS based blocklists are generally quicker, so I prefer them.  False positives I am not concerned about - I ensure that the users are told why they were blocked and where they are listed (with a link to check if appropriate).  It is then up to them to either contact me to enable access, or sort out the reason that they are blocked in the first place.

purplepomegranite

  • Newbie
  • *
  • Posts: 14
    • View Profile
    • CEDIT
Re: Bot report
« Reply #10 on: December 02, 2009, 05:46:29 AM »
Incidentally, I've now implemented SURBL support in my plugin, so it will be interesting to see how that goes.  Only problem is that I've got to wait for a spammer to manage to get through all the other checks...  ;D

i_like_1981

  • Newbie
  • *
  • Posts: 5
  • I Like 1981.
    • View Profile
Re: Bot report
« Reply #11 on: December 19, 2009, 12:05:55 PM »
^Don't worry, a spammer will get through sometime. You'll be able to see how effective the support is then. As we upgrade our methods of defence, the spammers also improve their methods of attack. It's very much like a war, an invasion of our territory, but these enemies are feeble and although they get through, they get grilled by angry forum members and then lose their posts and accounts (which drives them out of our proverbial land) and we can conduct an IP ban (which basically forces their "army" to surrender) and that should take care of that spammer. However the spammers also will upgrade their code writing to get through improved security procedures and let's not forget, some of these are going to be actual people who have either got a) far too much time on their hands or b) an incessant urge to pi$$ people off. But they're not going to win. They're fighting a losing battle. Besides, isn't shoving your stuff in other people's faces against their wills only less likely to get you any customers? If people want your stuff, they'll find it somehow. But if you have to resort to spamming, you should just shut down your crappy site now.

Best regards,
i_like_1981
i_like_1981 hates two things in life.

Modern music, and...

SPAM!

PAIN

  • Newbie
  • *
  • Posts: 13
    • View Profile
    • Eastern Ky Paintball
Re: Bot report
« Reply #12 on: December 27, 2009, 08:24:16 AM »
any company that relies on these techniques should have to pay a fine for hiring low life's to wage electronic warfare to further their business goals.Maybe someone should list companies that hire these idiots,then ensure that ALL of their companies corporate email addresses and internet services fall under attack by the monsters they created. It would seem this electronic frontier is a lawless land,only policed by people like you guys.Lop off the monster's head and watch the body DIE!!!
All that is required for evil to flourish is that good men do nothing