Seriously hope someone knocks your FUCKING teeth out!
wrong font
Good point.
Missed that during my fit of anger!
Barry,
You must be a pisser in the line up.
LOL
I think that would be Wong font.
My name is Barry, Admitted troublemaker.
BUMP !
Think of this spammer as the illegal alien of the internet. Build a wall. MAKE SWAYLOCK’S GREAT AGAIN !
I agree with the sentiment but, GUARANTEED whoever is posting that garbage will never read this post or any other for that matter.
Its not a person flooding the site with spam, its a spambot - a computer program. A person designed and created the program, and a person may have added the forum to their victims list, but the spamming is done by a computer program.
“It’s all automated. Tools like xrumer are built, and sold, and contain the ability to exploit software with known vulnerabilities. Anyone can buy it and after setting it up it’s more or less fire and forget. It goes to every forum in its list and tries to spam it to the best of its ability. Just due to brute force it is successful and worth it for the spammers. That’s why they never stop. They barely have to lift a finger for it to work.”
One thing I learned long ago is that website ranking is of huge importance to companies that advertise on the internet. If you search “surfboard fin boxes” for example, the guy who’s link shows up on page 5 isn’t going to get much business, but the ad that shows up at the top of page 1 gets loads. Ranking is often done by hits, meaning websites who are already getting the most hits will be ranked higher, since they are viewed as more popular. Google wants you to use them to search, so when you do type in a search term, they want to give you the popular answer, to keep you coming back.
By flooding the internet with links (in spam) there are always a percentage of people who will click the link out of curiosity, anger, or even by accident. Every click helps to make their website to appear more popular and desirable, and increases the likelihood of getting a higher ranking. So dizzying amounts of spam are spread over the internet by programs designed to do just that - no one at the spammer source reads the forum or belongs to the forum or even cares the smallest bit about the forum - other than as a platform to spread spam.
It would be nice if the spam could be filtered out, or the spambot memberships somehow hindered, but as a moderator I have no input in that process. And with the tenacity of the spammers and their tech savvy-ness, they could be counted on to eventually figure a way to bypass the restrictions. So for me, as a moderator, the only recourse I have is to delete the spam and the spammer accounts. And all they do is open a new account and proceed as usual.
While I despise the spammers, my goal isn’t to get back at them, my goal here is to keep this forum usable for those of us who still love the sharing of surfboard information that occurs here daily. So me, and the other moderators, just keep deleting away every time we see the doggone stuff. That’s the best we can do, and we’re doing it the best we can. Suggestions have been offered for screening spammers out, but as a website designer I’m pretty sure the site owner already knows a lot of this. If there is anything more he could do, I really don’t know, and that kind of stuff is above my pay grade.
http://webmasters.stackexchange.com/questions/3588/how-do-spambots-work
How do spambots work?
How do they find the ‘new user registration’ page? (I’m especially surprised because some forums don’t have a dedicated URL for this eg, www.forum.com/register.html , but instead use query strings or even other methods invisible to the URL bar)
They find new sites by:
Crawling and looking for signatures of known software. Usually this is a snippet of text like a copyright or a meta tag but it could be any consistent identifier. This usually applies to blog and forum software.
Manual inclusion. Human beings, whose labor is cheap in many parts of the world, look for known software or forms that are easily exploitable and add them to a database. This usually applies to custom registration and contact forms.
They buy lists. Just like email addresses are sold by spammers, known vulnerable or preferred target site lists are sold as well.
How do they know what to enter into each ‘new user registration’ field?
They know what to enter into each field by using the field names as a guide. 99.99% of the time the email address field is named “email” or something containing the word “email”. You don’t have to be a rocket scientist to know that field probably is for an email address. For things like names, login ID, addresses etc. it works on the same principle.
How do they determine what’s a page they can spam / enter data into and what is not?
They don’t care. The automated tools can try so many forms in such a short period of time at virtually no costs so trying every form possible is a no-brainer to do. When human labor is involved they can be “script kiddies” and try the obvious stuff to see if they get any kind of response that indicates the form is potentially vulnerable. Basically, any form is a potential target to them as is any page that accepts user input.
How do forum spambots work? Do they even ‘view’ this page at all? …If not, then I’d assume they’re communicating with the server directly - how is - this possible? How do they do it?
Where do spambots come from? Is someone sitting behind the computer snickering as they watch their bot destroy site after site? Or are they snickering as they simply ‘release’ it onto the internet somehow? Are spambots ‘run’ by an infected computer somewhere? Do they replicate themselves?
It’s all automated. Tools like xrumer are built, and sold, and contain the ability to exploit software with known vulnerabilities. Anyone can buy it and after setting it up it’s more or less fire and forget. It goes to every forum in its list and tries to spam it to the best of its ability. Just due to brute force it is successful and worth it for the spammers. That’s why they never stop. They barely have to lift a finger for it to work.
Can forum spambots break CAPTCHAs? Can they solve logic questions (how?)? Math questions?
Yes, but not always. Depends on how well it is implemented. But many captchas, including those offered by big companies, have been beaten and are effectively useless. That’s why multiple forms of protection are required to stop them. Even then, humans can usually beat any system.
What techniques are still valid to prevent them?
From a previous answer: You could do several things (and should be doing more then one) including:
- Putting a fake field that only bots will see. Then if that field is submitted with the rest of the form you can ignore it (and ban them if desired). You can also trap bad bots who follow a hidden link.
- Use a CAPATCHA like reCAPTCHA
- Use a field that requires the user to answer a question like what is 5 + 3. Any human can answer it but a bot won’t know what to do since it is auto-populating fields based on field names. So that field will be either incorrect or missing in which case the submission will be rejected.
- Use a token and put it into a session and also add it to the form. If the token is not submitted with the form or doesn’t match then it is automated and can be ignored.
- Look for repeated submissions from the same IP address. If your form shouldn’t get too many requests but suddenly is it probably is being hit by a bot and you should consider temporarily blocking the IP address.
- Use Akismet. It is great at identifying spam.