• Please use real names.

    Greetings to all who have registered to OPF and those guests taking a look around. Please use real names. Registrations with fictitious names will not be processed. REAL NAMES ONLY will be processed

    Firstname Lastname

    Register

    We are a courteous and supportive community. No need to hide behind an alia. If you have a genuine need for privacy/secrecy then let me know!
  • Welcome to the new site. Here's a thread about the update where you can post your feedback, ask questions or spot those nasty bugs!

Who knows about IP address allocations and blocking SPAM?

Asher Kelman

OPF Owner/Editor-in-Chief
SORBS catalogs sites involved with relaying and sending out spam. It also lists servers with dynamically allocated IP addresses. How does that effect regular internet users if we used SORBS for OPF?

I still do everything by hand!

Thanks,

Asher
 
SORBS catalogs sites involved with relaying and sending out spam. It also lists servers with dynamically allocated IP addresses. How does that effect regular internet users if we used SORBS for OPF?

I still do everything by hand!

Thanks,

Asher

Asher, I assume you are speaking about emails.

I use gmail and I assume you want to have @OPF.com etc., but I have an idea and I think you might find it practical as I know nothing about the SORBS.

I would get a gmail address for OPF for spam-filtering purposes. Forward your emails you receive to whatever name you give it (OPFspamfilter@gmail.com could be a suggestion) and in gmail, in the settings, set it up to forward a copy of your gmail to your real email address. ( I would suggest adding a new account on your real server such as filtered@opf.com or something similar.


Gmails spam filter is actually very good. It will forward you emails back to you but without the spam included. It will also keep a copy of all your emails if you want it to, which would create an automatic backup.

Again, this is just an idea my brain burped up, but I can't see why it wouldn't work. There is surely some way to do it, I'll check online and get back to you. :-D Good luck!
 

Asher Kelman

OPF Owner/Editor-in-Chief
Maggie,

Thanks for the ideas. I was not thinking so much of email but of blocking people who are spammers automatically from OPF. I am concerned that dynamically generated email addresses might be used by a lot of our members and block them inadvertently too. I'm just not clear on how dynamically generated addresses are needed in folks everyday work.

Asher
 
Maggie,

Thanks for the ideas. I was not thinking so much of email but of blocking people who are spammers automatically from OPF. I am concerned that dynamically generated email addresses might be used by a lot of our members and block them inadvertently too. I'm just not clear on how dynamically generated addresses are needed in folks everyday work.

Asher

Asher, ah, I see. :-\ Would using CAPTCHA's help? Bots would not be able to register without filling it out, if they can't the email wouldn't go through at all.

Obviously, I'm probably simplifying a much more complicated problem, but it is well-meant.
Best of luck
Maggie
 

Asher Kelman

OPF Owner/Editor-in-Chief
Wish it were so. More savvy BOTS now can bypass kaptcha faster then you can do it with your eyes and brain. We get rid of most, but the smartest and those are the worst!

Asher
 

Jerome Marot

Well-known member
I am concerned that dynamically generated email addresses might be used by a lot of our members and block them inadvertently too.

Do you mean dynamically generated email addresses (as yahoo and google can create for their users) or email from servers using dynamically associated i.p. addresses (what would happen if someone were using an own email server at home)?
 

Asher Kelman

OPF Owner/Editor-in-Chief
Do you mean dynamically generated email addresses (as yahoo and google can create for their users) or email from servers using dynamically associated i.p. addresses (what would happen if someone were using an own email server at home)?

Jerome,

That's what concerns me!! If it was blocking servers like Yahoo and Google, then such a service would be rendering itself pretty pointless as an internet tool. So I'm puzzled by the service they offer!
 

Robert Watcher

Well-known member
I guess that you must have tried the suggestion I gave you a while back Asher - of asking a question like "popular brand of camera starting with C"- - - and it didn't work?

Asher, ah, I see. :-\ Would using CAPTCHA's help? Bots would not be able to register without filling it out,


As Asher has suggested, it isn't that hard for modern Bots to scan a captcha and enter the results. Just think of how accurate current OCR results are on even a cheapo printer/scanner. That is the reason that most who use Captcha, have the settings so high that it is almost impossible for most legitimate people to figure out what to type. They get frustrated or they leave.

As well, it turns out that bots aren't always used. Many of those spammers are hiring "real people" for very low hourly wages in impoverished countries. Captcha will stop some so is better than not having it - but it doesn't resolve the issue.



Rob
 

Asher Kelman

OPF Owner/Editor-in-Chief
We use the captcha and also a question which some BOTS are able to answer! I was wondering whether or not blocking servers with dynamic email addresses would block out folk from Yahoo or google accounts?

Asher
 

Robert Watcher

Well-known member
We use the captcha and also a question which some BOTS are able to answer! I was wondering whether or not blocking servers with dynamic email addresses would block out folk from Yahoo or google accounts?

Asher

I just logged out and went through your Registration process. What I found is that you are using a mathematical question of what is "7 plus two". Unfortunately those type of questions do not work. They are too easy to figure out - - - especially with popular software where it is easy to know what is expected from any type of security plugin.

So even though instead of using 2 physical numbers, you have used a physical number along with a written number to try and fool say an OCR (wouldn't fool a real person spammer though) - - - - the spammer is already one step ahead by simply entering into the field, every number starting at one. Using addition questions is the most popular used and the answers to almost all equations are low values. The difference of using a question such as I suggested (and had almost 100% success with) - is that a simple entry of say numbers from 0 to 30, on subsequent tries - isn't going to gain them access.

Using specific questions related to the website, like "What is the name of this forum?" and "What color is the logo?" - might be a better option than using general questions. The one downside of verification questions though, is that they are specific to a language - - - most commonly English. That keeps out a lot of people that you may want to be a part of the forum.


----

As far as blocking IP addresses, I have always figured that to be a dangerous approach - as it can easily restrict legitimate people who use the same IP address from registering. As well, I do not believe that IP addresses are always accurate as many use Proxys and other schemes to mask or cloak an IP address so they can't be tracked.


Targeting email addresses, is a losing battle when it comes to stopping spammers - - - the same one is seldom used twice - - - and if blocked, is easily circumvented.


----------


Other than the things you are already doing (which a forum owner pretty well has to do them all) - - - about the only other thing that can be done is to alter the source code in some way. Realizing that spambots follow a set of instructions based on a specific forum software registration structure. They are expecting the order of the fields and fill them in. By playing with the source code so that they are in a different order or so there are extra hidden fields to fill in that would trigger a spam attack - logically may help out. In fact it was figuring this out 4 or 5 years ago, that helped stop spam emails being sent through my photography website Contact Page. I added an extra hidden field (not input type "hidden", but physically hidden with a CSS style of display:none) - and so when the form is submitted, it only gets sent to me if that hidden field is empty. I wrote the logic that checks for that field, in my php form processing script. It cut down hugely on the crap I was getting each day. Neither of these will stop a human spammer though.



Rob
 

Robert Watcher

Well-known member
Maggie,

I am concerned that dynamically generated email addresses might be used by a lot of our members and block them inadvertently too. I'm just not clear on how dynamically generated addresses are needed in folks everyday work.

Asher

While I have never used dynamically generated email addresses - doing a quick search shows there are reasons that legitimate forum users might use them, such as this (at least I think this is what you are referring to) - http://lifehacker.com/144397/instant-disposable-gmail-addresses?tag=softwaretop

The effect of blocking of IP's related to these dynamic emails - I have no idea - - - but now I am curious and will follow this thread and keep on searching for my own knowledge. What would be the result if this is true - "most bots are actually zombie computers hijacked by a botnet" - blocking those may block legitimate IP's. http://en.wikipedia.org/wiki/Zombie_(computer_science)

EDIT - something interesting I found:

Here is an example of a zombie botnet operator using many IP's at one time to access the forum. This bot network consists of hijacked zombie computers and their respective IP's that have been taken over by spyware or viruses.

11:38 PM Guest Creating Thread
68-118-225-72.dhcp.oxfr.ma.charter.com
Mozilla/5.0 (Windows; U; Windows NT 5.0; de-DE; rv:1.7) Gecko/20040707 Firefox/0.9.2

11:37 PM Guest Viewing Forum
ppp-69-152-162-120.dsl.okcyok.swbell.net
Mozilla/5.0 (Windows; U; Windows NT 5.0; de-DE; rv:1.7) Gecko/20040707 Firefox/0.9.2

11:37 PM Guest Registering
c-67-172-241-177.hsd1.ut.comcast.net
Mozilla/5.0 (Windows; U; Windows NT 5.0; de-DE; rv:1.7) Gecko/20040707 Firefox/0.9.2

11:36 PM Guest Viewing Index
adsl-76-202-223-171.dsl.emhril.sbcglobal.net
Mozilla/5.0 (Windows; U; Windows NT 5.0; de-DE; rv:1.7) Gecko/20040707 Firefox/0.9.2

11:36 PM Guest Viewing Index
cpe-66-68-16-146.austin.res.rr.com
Mozilla/5.0 (Windows; U; Windows NT 5.0; de-DE; rv:1.7) Gecko/20040707 Firefox/0.9.2



===========

Seriously though - - - I firmly believe that one of the best options is the "Verification Question" (a non-mathematical one). Not only have I had success with it, going from almost 1,000 spammers a day to virtually none (I also used Sorbs, Captcha, etc, etc along with it) - but others such as an author writing on SMF forum software states - "enable the Questions Verification as this feature is often one of the best lines of defense on an SMF community". I have used SMF forum software but a customer support manager for vBulletin also stated - "Question and Answer Verification - This allows you to set up a Question and Answer verification during registration. If done correctly it will be almost impossible for bots to enter the correct answer.".



Rob
 
I was just talking to someone about this, this morning and he also uses the mixed up fields, like email is website and website is email and it helps cut down on bots, but as you say, if spammers are using humans, then the humans will get through.

I've also wondered about having fields to fill out that are only written in javascript but not visibly viewable to humans, so if it is answered, means it is a bot, but again, can't beat humans treating them the way humans do.

I also learned, that there are many sites, that give you things, ebooks, background images etc, but make you enter a captcha. The captcha is a mirrored image, that when you enter it, a bot enters it elsewhere, gaining access where it shouldn't. So unwittingly, people around the world wanting something for free, are helping spammers do their thing.

I did find something that won't defeat human spammers, but is less annoying for the rest of us than hard to read captchas. It's called play thru and it is a a small game that takes a moment but is something a bot would have trouble to do as the objects are always moving.

Take a look here:
http://areyouahuman.com/

conclusion:
Spammers = cockroaches!
 

Robert Watcher

Well-known member
I did find something that won't defeat human spammers, but is less annoying for the rest of us than hard to read captchas. It's called play thru and it is a a small game that takes a moment but is something a bot would have trouble to do as the objects are always moving.

Take a look here:
http://areyouahuman.com/


I had never heard of that Maggie. That is a really smart concept - - - fun too (I sat for a few minutes just pushing the reset button to try out a bunch of different games). I appreciate the link.


Rob
 

Jerome Marot

Well-known member
And what about asking questions about photography? Not only only a human can respond, but that human should have an interest for photography.
 
Top