Spam User Signups at AGD and elsewhere

Discussion in 'General Casino Affiliate Area' started by Guard Dog, Jan 7, 2011.

  1.  
    Guard Dog

    Guard Dog Guard Dog Staff Member

    Joined:
    Dec 13, 2006
    Messages:
    7,721
    Likes Received:
    1,131
    Jan 7, 2011
    AGD and some of my other forums (vbulletin) are getting hit with tons of user signups lately. Thanks to Jeff, my user moderator, none of the spammers are getting through to us.

    Yesterday he notified me that there were about 300 signups. Today looks like it is going to beat that record. It gives him a little extra work to do! If you are a user who is valid and has been rejected, please send us an email... some WILL fall through the cracks, but it keeps AGD clean.
     
  2.  
    Daera

    Daera Affiliate Guard Dog Member

    Joined:
    Oct 16, 2008
    Messages:
    291
    Likes Received:
    0
    Jan 7, 2011
    We've also been getting them from xrumor I think. It looks like our new spam sign-ups are mostly coming from Russia.

    Spam of any kind is ICK!
     
  3.  
    Perc

    Perc Affiliate Guard Dog Member

    Joined:
    Aug 24, 2010
    Messages:
    195
    Likes Received:
    18
    Jan 7, 2011
    I'm sure you (and Jeff) know about stopforumspam.com? They have a large database of spammers that many people contribute to.

    Here are some mods made for various forums using the db: Stop Forum Spam - Contributions

    I'm using the mod for SMF on my (non gambling) forum and so far it has stopped most without me having to do much at all. I just take a quick look at the list of flagged members awaiting approval, select all (because so far they've all been correctly flagged as spammers), and reject their registration.
     
  4.  
    Bonus Paradise

    Bonus Paradise Affiliate Guard Dog Member

    Joined:
    Mar 30, 2008
    Messages:
    725
    Likes Received:
    88
    Jan 7, 2011
    We have banned many spammers the last few days.
    Never had that many. Was already wondering what is going on now.

    We had them with all kind of IP's, and many using a proxy.
    I am thankfurl for stopforumspam.com!


    If I not find a suspect new member on stopforumspam I google the e-mail and usernames, many times you get results which are enough proof to ban.
     
  5.  
    darmac

    darmac Affiliate Guard Dog Member

    Joined:
    Mar 14, 2008
    Messages:
    59
    Likes Received:
    0
    Jan 7, 2011
    Same here over 400 in spammers alone but only 1 posted?
     
  6.  
    Bonus Paradise

    Bonus Paradise Affiliate Guard Dog Member

    Joined:
    Mar 30, 2008
    Messages:
    725
    Likes Received:
    88
    Jan 7, 2011
    Did you check their profiles, do you have members open to view for guests?
    I notice lately many signature spammers on forums,
    I suggest everyone to either make the member list not public
    (Don't do that if you have all member profile pages already indexed in google, you might loose to many pages at once . but if your start a forum, then you should think about this 1st - want your members public or not? ),
    or find a way to not allow them adding a signature or homepage link to their profile.
    There are Mods to not allow them adding links unless they have xx posts and such.

    I am not allowing them to add links under 15 posts, and guess what..... some are really still doing the job and make their 15 posts, LOL
     
    Last edited: Jan 7, 2011
  7.  
    Simmo!

    Simmo! Affiliate Guard Dog Member

    Joined:
    Sep 16, 2008
    Messages:
    177
    Likes Received:
    5
    Jan 7, 2011
    If its of any use, one thing I did on my old vb forum was to put a bit of PHP code in the header of the registration page to check the referal was from another page on my domain and if not it simply showed a blank page (with no clue as to why it was blank!). It didn't get rid of all the manual spammers but it killed the bot signups and those coming in to the registration page from an outside link overnight.
     
  8.  
    darmac

    darmac Affiliate Guard Dog Member

    Joined:
    Mar 14, 2008
    Messages:
    59
    Likes Received:
    0
    Jan 7, 2011
    I have a bot for spammers, these are manuel, seems to have started after I was doing SEO with the forum link. BP I will check on that, and thnx for the info Simmo too:)
     
  9.  
    Daera

    Daera Affiliate Guard Dog Member

    Joined:
    Oct 16, 2008
    Messages:
    291
    Likes Received:
    0
    Jan 7, 2011
    I also don't allow guests to view member profile pages. I use that mod that let's you set how many posts members have to have before posting links, and other things. Most spammers don't get posts out with links that don't have to first be moderated by us, but some of the clever ones do.

    I don't need to Google or have to check stopforumspam to know who's bad news. Their profile tells me, since I think they're registered automatically with bots/xrumer. Here's part of one that just registered.

    All of the crap that's causing us headaches look similiar to that. The state and country are usually goofy. They either say the same thing for both state and country, or something goofy like this one did, putting their user name next to country. That line about Attn: Aol Users should have been left alone, but these guys change it to 123456, pretty much everytime. And the last line, sometimes just says "google" but the registrations this last few days have the goofy capital letters. We had a whole slew register just today, that all have the same in their profiles as this one.

    One of the new registrations today made their user name "XRumerTest". So I guess it is xrumer they're using.

    For now, new users need to be moderated because they're coming in to fast to try and just catch them one by one.

    Hey Simmo, I like what you said you did with the PHP code in the header. Unfortunately, I don't know PHP at all. Anything that helps keep them from even registering would be helpful. I don't suppose you have that code at your fingertips and would be willing to share, do you? :)
     
  10.  
    Guard Dog

    Guard Dog Guard Dog Staff Member

    Joined:
    Dec 13, 2006
    Messages:
    7,721
    Likes Received:
    1,131
    Jan 7, 2011
    Just an FYI - check 'visitor messages'. vBulletin seems to have left that part a bit open by default and many register just to post in this little used section of vB to drop links.

    Yes, we use stopforumspam along with a google search for each user registered. takes some time, but it is worth it to stay clean.
     
  11.  
    darmac

    darmac Affiliate Guard Dog Member

    Joined:
    Mar 14, 2008
    Messages:
    59
    Likes Received:
    0
    Jan 7, 2011
    I checked, guests cannot view members profile
     
  12.  
    Simmo!

    Simmo! Affiliate Guard Dog Member

    Joined:
    Sep 16, 2008
    Messages:
    177
    Likes Received:
    5
    Jan 7, 2011
    Here you go. This code goes right at the top of the vBulletin "register.php" script (back up your old one first just in case).

    One change to make first: the number 25 on the first line is the length (number of characters) of http://www.somedomain.com (you will change www.somedomain.com to your domain obviously so the 25 will change too). That HAS to be exactly right:

    PHP:
    php
    //Check its a link from within the site (stop direct bots)
    if (substr($_SERVER['HTTP_REFERER'],0,25) != "http://www.somedomain.com") {
        
    //Now check its not a click from an activation email
        
    if ($_GET['a'] != "act" && $_GET['a'] != "ver") {
            echo 
    "Register";
            exit;
            }
        }
        
    //Check standard fields for "123456" string (spammers use it)
    foreach ($_POST as $p) {
        if (
    strpos($p,"123456") !== false) {
            exit;
            }
        }
        
    //Check userfields for "123456" string (spammers use it)
    foreach ($_POST['userfield'] as $key => $p) {
        if (
    strpos($p,"123456") !== false) {
            exit;
            }
        }
    It's been a couple of years since I used it so someone needs to check it doesn't bomb if you are clicking from an activation email after a registration.

    Note the two "123456" checks too - I found a lot of spammers/bots used this string to fill in fields so if it finds it it shows the blank page too. Up to you if you keep that or not.

    Hope it's useful.

    Cheers

    Simmo!
     
    Last edited: Jan 7, 2011
  13.  
    Webzcas

    Webzcas Affiliate Guard Dog Member

    Joined:
    Nov 13, 2008
    Messages:
    386
    Likes Received:
    161
    Jan 8, 2011
    Andy, do a search for the isbot modification on vbulletin.org. I use this on my politics forum and Bryan also uses something similar on Casinomeister.

    It allows you set a designated time for users to complete the registration process at a forum. If for example the registration is completed in 10 seconds or under, the registration gets denied.

    If like on Casinomeister there is a lot of info that has to be completed on signing up, you could easily set it to 30 seconds.

    This modification stops 95% of the bots signing up. The majority take less than 2 seconds to complete the signup process.

    If you can't find the exact modification, let me know and I'll check my politics forum to see what it is actually called.
     
  14.  
    lots0

    lots0 Affiliate Guard Dog Member

    Joined:
    Sep 17, 2009
    Messages:
    595
    Likes Received:
    2
    Jan 8, 2011
    I don't use vb and I havent seen any increase in spam sign-ups.
    So it makes me think that someone may have found a new exploit in vb.

    Along with a capcha I use a hidden bate field in the registration page. People can't see it, but the bots can and the bots think they need to fill it out, an easy way to spot the spammer.
     
  15.  
    Daera

    Daera Affiliate Guard Dog Member

    Joined:
    Oct 16, 2008
    Messages:
    291
    Likes Received:
    0
    Jan 9, 2011
    Thank you VERY VERY much Simmo and Webzcas!! Your info. is very helpful.

    I installed isbot first, because it looked a bit simpler for an idiot like me to get to work. And almost immediately I got 2 emails like this:

    Looks like isbot is working!

    Now I'm going to add your code Simmo.

    I can't tell you how happy it made me to see a couple of them blocked from registering right away.. yeah! :)

    Thank you very much you two!
     
  16.  
    Bonus Paradise

    Bonus Paradise Affiliate Guard Dog Member

    Joined:
    Mar 30, 2008
    Messages:
    725
    Likes Received:
    88
    Jan 9, 2011
    I not have spam bots, the spammers I get are human.
    Have 3 to 10 a day, last days. Before I had this amount in a week.

    It does not cost me to much time to check these few out daily,
    still it bothers me.

    Using Enhanced Image Captcha - Vbulletin.org, think it stops many bots
     
    Last edited: Jan 9, 2011
  17.  
    Simmo!

    Simmo! Affiliate Guard Dog Member

    Joined:
    Sep 16, 2008
    Messages:
    177
    Likes Received:
    5
    Jan 9, 2011
    Make sure you test the registration process afterwards and the confirmation link in the email Daera - its been a while since I used it :)

    @Bonus Paradise: you may still find many of them are coming in from a link in some black-hat software or list or something, in which case the referal checking code can't do any harm to try :)
     
  18.  
    Guard Dog

    Guard Dog Guard Dog Staff Member

    Joined:
    Dec 13, 2006
    Messages:
    7,721
    Likes Received:
    1,131
    Jan 9, 2011
    Obviously we are not the only ones hit lately :) There is a big (getting bigger) thread at vBulletin about this:

    vBulletin Community Forum

    I have already set up something that will hopefully stop the trend of spam registrations. :) I'm sure Jeff will be happy for that!
     
  19.  
    Guard Dog

    Guard Dog Guard Dog Staff Member

    Joined:
    Dec 13, 2006
    Messages:
    7,721
    Likes Received:
    1,131
    Jan 9, 2011
    Looks like it is working. No spammer registrations since install and over 50 blocked. Nice.
     
  20.  
    Daera

    Daera Affiliate Guard Dog Member

    Joined:
    Oct 16, 2008
    Messages:
    291
    Likes Received:
    0
    Jan 10, 2011
    Looks like what is working? I'm confused. What are you using? Isbot?
     
    Last edited: Jan 10, 2011

Share This Page