Open Photography Forums  
HOME FORUMS NEWS FAQ SEARCH

Go Back   Open Photography Forums > OPF Welcome Hall > OPF Look, Feel, and Vibe

OPF Look, Feel, and Vibe Comments & suggestions to the site.

Reply
 
Thread Tools Display Modes
  #1  
Old September 28th, 2012, 01:29 PM
Asher Kelman Asher Kelman is offline
OPF Owner/Editor-in-Chief
 
Join Date: Apr 2006
Posts: 34,576
Default Who knows about IP address allocations and blocking SPAM?

SORBS catalogs sites involved with relaying and sending out spam. It also lists servers with dynamically allocated IP addresses. How does that effect regular internet users if we used SORBS for OPF?

I still do everything by hand!

Thanks,

Asher
__________________
Follow us on Twitter at @opfweb

Our purpose is getting to an impressive photograph. So we encourage browsing and then feedback. Consider a link to your galleries annotated, C&C welcomed. Images posted within OPF are assumed to be for Comment & Critique, unless otherwise designated.
Reply With Quote
  #2  
Old September 28th, 2012, 03:14 PM
Maggie Terlecki Maggie Terlecki is offline
Senior Member
 
Join Date: Jun 2012
Location: Province of Quebec, Canada
Posts: 1,850
Default

Quote:
Originally Posted by Asher Kelman View Post
SORBS catalogs sites involved with relaying and sending out spam. It also lists servers with dynamically allocated IP addresses. How does that effect regular internet users if we used SORBS for OPF?

I still do everything by hand!

Thanks,

Asher
Asher, I assume you are speaking about emails.

I use gmail and I assume you want to have @OPF.com etc., but I have an idea and I think you might find it practical as I know nothing about the SORBS.

I would get a gmail address for OPF for spam-filtering purposes. Forward your emails you receive to whatever name you give it (OPFspamfilter@gmail.com could be a suggestion) and in gmail, in the settings, set it up to forward a copy of your gmail to your real email address. ( I would suggest adding a new account on your real server such as filtered@opf.com or something similar.


Gmails spam filter is actually very good. It will forward you emails back to you but without the spam included. It will also keep a copy of all your emails if you want it to, which would create an automatic backup.

Again, this is just an idea my brain burped up, but I can't see why it wouldn't work. There is surely some way to do it, I'll check online and get back to you. :-D Good luck!
__________________
there's a crack in everything; that's how the light gets in ~Leonard Cohen
my personal website
my website with articles,interviews etc.
Reply With Quote
  #3  
Old September 28th, 2012, 03:22 PM
Maggie Terlecki Maggie Terlecki is offline
Senior Member
 
Join Date: Jun 2012
Location: Province of Quebec, Canada
Posts: 1,850
Default

Here is an article about Thunderbird (Mozilla's email server) that explains how to do this.
http://kb.mozillazine.org/Use_anothe..._a_spam_filter

and another here:

http://mboffin.com/post.aspx?id=1636

You may not want to do this, but I think it seems easy enough to set up. If you are set upon using SORBS, that is fine, I would not be offended if you think my idea foolish. :-)
Maggie
__________________
there's a crack in everything; that's how the light gets in ~Leonard Cohen
my personal website
my website with articles,interviews etc.
Reply With Quote
  #4  
Old September 28th, 2012, 03:26 PM
Asher Kelman Asher Kelman is offline
OPF Owner/Editor-in-Chief
 
Join Date: Apr 2006
Posts: 34,576
Default

Maggie,

Thanks for the ideas. I was not thinking so much of email but of blocking people who are spammers automatically from OPF. I am concerned that dynamically generated email addresses might be used by a lot of our members and block them inadvertently too. I'm just not clear on how dynamically generated addresses are needed in folks everyday work.

Asher
__________________
Follow us on Twitter at @opfweb

Our purpose is getting to an impressive photograph. So we encourage browsing and then feedback. Consider a link to your galleries annotated, C&C welcomed. Images posted within OPF are assumed to be for Comment & Critique, unless otherwise designated.
Reply With Quote
  #5  
Old September 28th, 2012, 03:48 PM
Maggie Terlecki Maggie Terlecki is offline
Senior Member
 
Join Date: Jun 2012
Location: Province of Quebec, Canada
Posts: 1,850
Default

Quote:
Originally Posted by Asher Kelman View Post
Maggie,

Thanks for the ideas. I was not thinking so much of email but of blocking people who are spammers automatically from OPF. I am concerned that dynamically generated email addresses might be used by a lot of our members and block them inadvertently too. I'm just not clear on how dynamically generated addresses are needed in folks everyday work.

Asher
Asher, ah, I see. :-\ Would using CAPTCHA's help? Bots would not be able to register without filling it out, if they can't the email wouldn't go through at all.

Obviously, I'm probably simplifying a much more complicated problem, but it is well-meant.
Best of luck
Maggie
__________________
there's a crack in everything; that's how the light gets in ~Leonard Cohen
my personal website
my website with articles,interviews etc.
Reply With Quote
  #6  
Old September 28th, 2012, 03:54 PM
Asher Kelman Asher Kelman is offline
OPF Owner/Editor-in-Chief
 
Join Date: Apr 2006
Posts: 34,576
Default

Wish it were so. More savvy BOTS now can bypass kaptcha faster then you can do it with your eyes and brain. We get rid of most, but the smartest and those are the worst!

Asher
__________________
Follow us on Twitter at @opfweb

Our purpose is getting to an impressive photograph. So we encourage browsing and then feedback. Consider a link to your galleries annotated, C&C welcomed. Images posted within OPF are assumed to be for Comment & Critique, unless otherwise designated.
Reply With Quote
  #7  
Old September 28th, 2012, 11:46 PM
Jerome Marot Jerome Marot is offline
Senior Member
 
Join Date: Jan 2011
Location: Munich, Germany.
Posts: 3,753
Default

Quote:
Originally Posted by Asher Kelman View Post
I am concerned that dynamically generated email addresses might be used by a lot of our members and block them inadvertently too.
Do you mean dynamically generated email addresses (as yahoo and google can create for their users) or email from servers using dynamically associated i.p. addresses (what would happen if someone were using an own email server at home)?
Reply With Quote
  #8  
Old September 29th, 2012, 01:13 AM
Asher Kelman Asher Kelman is offline
OPF Owner/Editor-in-Chief
 
Join Date: Apr 2006
Posts: 34,576
Default

Quote:
Originally Posted by Jerome Marot View Post
Do you mean dynamically generated email addresses (as yahoo and google can create for their users) or email from servers using dynamically associated i.p. addresses (what would happen if someone were using an own email server at home)?
Jerome,

That's what concerns me!! If it was blocking servers like Yahoo and Google, then such a service would be rendering itself pretty pointless as an internet tool. So I'm puzzled by the service they offer!
__________________
Follow us on Twitter at @opfweb

Our purpose is getting to an impressive photograph. So we encourage browsing and then feedback. Consider a link to your galleries annotated, C&C welcomed. Images posted within OPF are assumed to be for Comment & Critique, unless otherwise designated.
Reply With Quote
  #9  
Old September 29th, 2012, 06:13 AM
Robert Watcher Robert Watcher is offline
Senior Member
 
Join Date: Feb 2008
Location: Xela, Guatemala / Ontario, Canada
Posts: 2,161
Default

I guess that you must have tried the suggestion I gave you a while back Asher - of asking a question like "popular brand of camera starting with C"- - - and it didn't work?

Quote:
Asher, ah, I see. :-\ Would using CAPTCHA's help? Bots would not be able to register without filling it out,

As Asher has suggested, it isn't that hard for modern Bots to scan a captcha and enter the results. Just think of how accurate current OCR results are on even a cheapo printer/scanner. That is the reason that most who use Captcha, have the settings so high that it is almost impossible for most legitimate people to figure out what to type. They get frustrated or they leave.

As well, it turns out that bots aren't always used. Many of those spammers are hiring "real people" for very low hourly wages in impoverished countries. Captcha will stop some so is better than not having it - but it doesn't resolve the issue.



Rob
Reply With Quote
  #10  
Old September 29th, 2012, 10:15 AM
Asher Kelman Asher Kelman is offline
OPF Owner/Editor-in-Chief
 
Join Date: Apr 2006
Posts: 34,576
Default

We use the captcha and also a question which some BOTS are able to answer! I was wondering whether or not blocking servers with dynamic email addresses would block out folk from Yahoo or google accounts?

Asher
__________________
Follow us on Twitter at @opfweb

Our purpose is getting to an impressive photograph. So we encourage browsing and then feedback. Consider a link to your galleries annotated, C&C welcomed. Images posted within OPF are assumed to be for Comment & Critique, unless otherwise designated.
Reply With Quote
  #11  
Old September 29th, 2012, 11:04 AM
Robert Watcher Robert Watcher is offline
Senior Member
 
Join Date: Feb 2008
Location: Xela, Guatemala / Ontario, Canada
Posts: 2,161
Default

Quote:
Originally Posted by Asher Kelman View Post
We use the captcha and also a question which some BOTS are able to answer! I was wondering whether or not blocking servers with dynamic email addresses would block out folk from Yahoo or google accounts?

Asher
I just logged out and went through your Registration process. What I found is that you are using a mathematical question of what is "7 plus two". Unfortunately those type of questions do not work. They are too easy to figure out - - - especially with popular software where it is easy to know what is expected from any type of security plugin.

So even though instead of using 2 physical numbers, you have used a physical number along with a written number to try and fool say an OCR (wouldn't fool a real person spammer though) - - - - the spammer is already one step ahead by simply entering into the field, every number starting at one. Using addition questions is the most popular used and the answers to almost all equations are low values. The difference of using a question such as I suggested (and had almost 100% success with) - is that a simple entry of say numbers from 0 to 30, on subsequent tries - isn't going to gain them access.

Using specific questions related to the website, like "What is the name of this forum?" and "What color is the logo?" - might be a better option than using general questions. The one downside of verification questions though, is that they are specific to a language - - - most commonly English. That keeps out a lot of people that you may want to be a part of the forum.


----

As far as blocking IP addresses, I have always figured that to be a dangerous approach - as it can easily restrict legitimate people who use the same IP address from registering. As well, I do not believe that IP addresses are always accurate as many use Proxys and other schemes to mask or cloak an IP address so they can't be tracked.


Targeting email addresses, is a losing battle when it comes to stopping spammers - - - the same one is seldom used twice - - - and if blocked, is easily circumvented.


----------


Other than the things you are already doing (which a forum owner pretty well has to do them all) - - - about the only other thing that can be done is to alter the source code in some way. Realizing that spambots follow a set of instructions based on a specific forum software registration structure. They are expecting the order of the fields and fill them in. By playing with the source code so that they are in a different order or so there are extra hidden fields to fill in that would trigger a spam attack - logically may help out. In fact it was figuring this out 4 or 5 years ago, that helped stop spam emails being sent through my photography website Contact Page. I added an extra hidden field (not input type "hidden", but physically hidden with a CSS style of display:none) - and so when the form is submitted, it only gets sent to me if that hidden field is empty. I wrote the logic that checks for that field, in my php form processing script. It cut down hugely on the crap I was getting each day. Neither of these will stop a human spammer though.



Rob
Reply With Quote
  #12  
Old September 29th, 2012, 12:17 PM
Robert Watcher Robert Watcher is offline
Senior Member
 
Join Date: Feb 2008
Location: Xela, Guatemala / Ontario, Canada
Posts: 2,161
Default

Quote:
Originally Posted by Asher Kelman View Post
Maggie,

I am concerned that dynamically generated email addresses might be used by a lot of our members and block them inadvertently too. I'm just not clear on how dynamically generated addresses are needed in folks everyday work.

Asher
While I have never used dynamically generated email addresses - doing a quick search shows there are reasons that legitimate forum users might use them, such as this (at least I think this is what you are referring to) - http://lifehacker.com/144397/instant...ag=softwaretop

The effect of blocking of IP's related to these dynamic emails - I have no idea - - - but now I am curious and will follow this thread and keep on searching for my own knowledge. What would be the result if this is true - "most bots are actually zombie computers hijacked by a botnet" - blocking those may block legitimate IP's. http://en.wikipedia.org/wiki/Zombie_(computer_science)

EDIT - something interesting I found:

Quote:
Here is an example of a zombie botnet operator using many IP's at one time to access the forum. This bot network consists of hijacked zombie computers and their respective IP's that have been taken over by spyware or viruses.

11:38 PM Guest Creating Thread
68-118-225-72.dhcp.oxfr.ma.charter.com
Mozilla/5.0 (Windows; U; Windows NT 5.0; de-DE; rv:1.7) Gecko/20040707 Firefox/0.9.2

11:37 PM Guest Viewing Forum
ppp-69-152-162-120.dsl.okcyok.swbell.net
Mozilla/5.0 (Windows; U; Windows NT 5.0; de-DE; rv:1.7) Gecko/20040707 Firefox/0.9.2

11:37 PM Guest Registering
c-67-172-241-177.hsd1.ut.comcast.net
Mozilla/5.0 (Windows; U; Windows NT 5.0; de-DE; rv:1.7) Gecko/20040707 Firefox/0.9.2

11:36 PM Guest Viewing Index
adsl-76-202-223-171.dsl.emhril.sbcglobal.net
Mozilla/5.0 (Windows; U; Windows NT 5.0; de-DE; rv:1.7) Gecko/20040707 Firefox/0.9.2

11:36 PM Guest Viewing Index
cpe-66-68-16-146.austin.res.rr.com
Mozilla/5.0 (Windows; U; Windows NT 5.0; de-DE; rv:1.7) Gecko/20040707 Firefox/0.9.2


===========

Seriously though - - - I firmly believe that one of the best options is the "Verification Question" (a non-mathematical one). Not only have I had success with it, going from almost 1,000 spammers a day to virtually none (I also used Sorbs, Captcha, etc, etc along with it) - but others such as an author writing on SMF forum software states - "enable the Questions Verification as this feature is often one of the best lines of defense on an SMF community". I have used SMF forum software but a customer support manager for vBulletin also stated - "Question and Answer Verification - This allows you to set up a Question and Answer verification during registration. If done correctly it will be almost impossible for bots to enter the correct answer.".



Rob
Reply With Quote
  #13  
Old September 29th, 2012, 12:25 PM
Maggie Terlecki Maggie Terlecki is offline
Senior Member
 
Join Date: Jun 2012
Location: Province of Quebec, Canada
Posts: 1,850
Default

I was just talking to someone about this, this morning and he also uses the mixed up fields, like email is website and website is email and it helps cut down on bots, but as you say, if spammers are using humans, then the humans will get through.

I've also wondered about having fields to fill out that are only written in javascript but not visibly viewable to humans, so if it is answered, means it is a bot, but again, can't beat humans treating them the way humans do.

I also learned, that there are many sites, that give you things, ebooks, background images etc, but make you enter a captcha. The captcha is a mirrored image, that when you enter it, a bot enters it elsewhere, gaining access where it shouldn't. So unwittingly, people around the world wanting something for free, are helping spammers do their thing.

I did find something that won't defeat human spammers, but is less annoying for the rest of us than hard to read captchas. It's called play thru and it is a a small game that takes a moment but is something a bot would have trouble to do as the objects are always moving.

Take a look here:
http://areyouahuman.com/

conclusion:
Spammers = cockroaches!
__________________
there's a crack in everything; that's how the light gets in ~Leonard Cohen
my personal website
my website with articles,interviews etc.
Reply With Quote
  #14  
Old September 30th, 2012, 01:41 PM
Robert Watcher Robert Watcher is offline
Senior Member
 
Join Date: Feb 2008
Location: Xela, Guatemala / Ontario, Canada
Posts: 2,161
Default

Quote:
Originally Posted by Maggie Terlecki View Post

I did find something that won't defeat human spammers, but is less annoying for the rest of us than hard to read captchas. It's called play thru and it is a a small game that takes a moment but is something a bot would have trouble to do as the objects are always moving.

Take a look here:
http://areyouahuman.com/

I had never heard of that Maggie. That is a really smart concept - - - fun too (I sat for a few minutes just pushing the reset button to try out a bunch of different games). I appreciate the link.


Rob
Reply With Quote
  #15  
Old September 30th, 2012, 01:51 PM
Jerome Marot Jerome Marot is offline
Senior Member
 
Join Date: Jan 2011
Location: Munich, Germany.
Posts: 3,753
Default

And what about asking questions about photography? Not only only a human can respond, but that human should have an interest for photography.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -7. The time now is 01:20 PM.


Posting images or text grants license to OPF, yet of such remain with its creator. Still, all assembled discussion 2006-2017 Asher Kelman (all rights reserved) Posts with new theme or unusual image might be moved/copied to a new thread!