• Please use real names.

    Greetings to all who have registered to OPF and those guests taking a look around. Please use real names. Registrations with fictitious names will not be processed. REAL NAMES ONLY will be processed

    Firstname Lastname

    Register

    We are a courteous and supportive community. No need to hide behind an alia. If you have a genuine need for privacy/secrecy then let me know!
  • Welcome to the new site. Here's a thread about the update where you can post your feedback, ask questions or spot those nasty bugs!

Spammers! @#@!!!?

Asher Kelman

Asher Kelman

OPF Owner/Editor-in-Chief
We spend far too much time sifting through folk who manage to get through our clever filters to stop spammers. So the checking is tedious and by hand.

Today we had some 45 new users of which ~ 43 were spammers, most from one source but with different IP addresses.

In the first round of filtering, the registrations are simply deleted. In the next round, after checking, they are banned. However this is tedious and a waste of time!

So I'm thinking of solutions;

  1. Charge say $15 to join and that way spammers will not bulk join. 40 registrations would cost $600!

  2. Have folk post an introduction with pictures, (in a new Section of OPF that only administration can view) with evidence they are genuine photographers. If they are approved, the post would be moved into the forum proper.

Maybe both would be the best way.

Any other ideas!

Asher
 
C

Cody White

Member
Asher,

I know a lot of honest people use Gmail, however Most of the spammers use it just for that reason. Can't you set it so Gmail is auto denied.
 
Asher Kelman

Asher Kelman

OPF Owner/Editor-in-Chief
I estimate that I have to spend an average of 1-2 hours a week with spammers. It may not seem like a huge amount but it's so draining and pointless. I realize that one could say, "That's a small price for keeping OPF free of nuisance". OTOH, it makes me mad to have to throw time away like that! It gets, so much more precious as one gets older! :)

Asher
 
C

Cody White

Member
I also think if you just had a Credit Card Verification it would also cut down on it, no need to charge money,

Or have someone volunteer to check and to activate the accounts for you.
I know I would be willing to do, just to keep the stress off your shoulders.
 
S

Sandrine Bascouert

Member
Model mayhem is doing like this:
They let you fill your profile and your profile has to be complete (address, occupation etc...)
You have to fill at least 1 photo on your book (You can fill up to 10 when you don't pay)
Then you have to wait for the approval, for me it took 5 days. They say it can take up to 1 week. They check the quality of your images, your websites, I'm pretty sure they check you are existing at some point.

That OK for me because it's supposed to be a professional tool. If the customers don't know if you're real, they'll never trust you...
AFAIK there is not so many spammers around (and the mayhemmers are aware that it's good thing to report any to the mods)

I think the "1 week approval" has 2 advantages
You have the time to check and
people can't just come and go, it's like you're planning to get tattooed, everybody is telling you "it will stay all your life". That doesn't prevent you to have one but you have to think about it! :)
Photography, most of the time, requires patience, this first step makes sense to me...


Having to pay is not a problem per se...But I think $15 might be an issue if you're a student from Bangladesh (it's an example). I think something like $5 through Paypal might be better (Unless OPF needs money to run, I have no idea). The fact that you requires Paypal is that is quite tedious to have multiple Paypal accounts with a single card (I experienced it!). So you say let's take $5 and be sure that the Paypal accounts are unique to each member. If money is not the problem you can say that you give back the money after the approval (or after being banned).


Just my 2 cents...
 
Cem_Usakligil

Cem_Usakligil

Well-known member
Hi Asher,

You have my full sympathy, as you know we have had this discussion many times in the past. Yesterday, I myself have banned 4-5 accounts. I don't bother with the two step approach. One look at the registration details and one knows for sure if it is a spammer or a stupid registrant who does not want to use real names. In both cases, I simply ban them and do not bother with niceties. If a genuine person gets accidentally banned, they can always reregister using real names next time. If one cannot determine whether they are spammers by looking at the details they then get the benefit of the doubt.

So having said this, I oppose to the idea of paying in order to register as you well know. If that were the case, I would have never joined OPF. Any other complex checking process is going to take even longer time than the one we have now. So I don't have a suggestion unfortunately. Hang in there :)

Cheers,
 
Asher Kelman

Asher Kelman

OPF Owner/Editor-in-Chief
Cem_Usakligil said:
Hi Asher,

You have my full sympathy, as you know we have had this discussion many times in the past. Yesterday, I myself have banned 4-5 accounts.
Click to expand...

We have banned over 3000 so far!

Cem_Usakligil said:
I don't bother with the two step approach. One look at the registration details and one knows for sure if it is a spammer or a stupid registrant who does not want to use real names. In both cases, I simply ban them and do not bother with niceties. If a genuine person gets accidentally banned, they can always reregister using real names next time.
Click to expand...

I did that tonight and removed a bunch and felt really good about it. I simply deleted them.

Cem_Usakligil said:
If one cannot determine whether they are spammers by looking at the details they then get the benefit of the doubt.
Click to expand...

Checking on http://projecthoneypot.com gives history of spamming, dictionary invasion etc. Folk can seem fine but actually have the highest risk to the forum.


Cem_Usakligil said:
So having said this, I oppose to the idea of paying in order to register as you well know. If that were the case, I would have never joined OPF.
Click to expand...

But you are already here, LOL!

Asher
 
Asher Kelman

Asher Kelman

OPF Owner/Editor-in-Chief
Sandrine Bascouert said:
Model mayhem is doing like this:
They let you fill your profile and your profile has to be complete (address, occupation etc...)
You have to fill at least 1 photo on your book (You can fill up to 10 when you don't pay)
Then you have to wait for the approval, for me it took 5 days. They say it can take up to 1 week. They check the quality of your images, your websites, I'm pretty sure they check you are existing at some point.
Click to expand...
Sandrine,

We've had a good record for no shouting, rudeness or flaming. Maybe one or two at the most who didn't survive.

Sounds great. When I was approved, I felt good! So maybe it's like earning one's place in OPF. It's open, but one has to show evidence of commitment!

Thanks for the idea.

Asher
 
Asher Kelman

Asher Kelman

OPF Owner/Editor-in-Chief
Cody White said:
Asher,

I know a lot of honest people use Gmail, however Most of the spammers use it just for that reason. Can't you set it so Gmail is auto denied.
Click to expand...
Actually, Cody, gmail forms a small percentage of the email addresses. These guys use everything.

Also, if we ban gmail we can, perhaps, get marked for a denial of service offense by google.

Asher
 
Cem_Usakligil

Cem_Usakligil

Well-known member
Bart_van_der_Wolf said:
Indeed, that's what I was thinking of myself. It's not perfect, there are successful ways of automatically unscrambling the pictures, but it should allow to reduce automated registration to some extent.

Cheers,
Bart
Click to expand...
Well, as Asher wrote above we already have Captcha for new registrations. This is effective in deterring spammer bots but not the real people who are spammers. Which is what we are mostly dealing with here, as the bots are mostly prevented registering by Captcha anyway :).

Cheers,
 
Asher Kelman

Asher Kelman

OPF Owner/Editor-in-Chief
We start with a simple but secret filter I learned from a manufacturer of camera gear. That simply sheds 90% of all the spammers. We are left with about 55-65% of the remaining registrations being false. In the last 72 hours I've banned over 40 I think, I just lost count and then, at Cem's suggestion, simply deleted like one's on impulse and got a rush of salvation and empowerment.

Still, we'd not have some valuable members here had I done this for everyone with a pseudonym. Right? You know who you are guys!!

There's another issue in that a few good members here have had their IP address hijacked and they might not know it. You can check your IP address out on http://Projecthoneypot, for example.

Then you have to clean your computer and get a new IP address from your provider.

I'm no expert, but I am learning by trial and error.

Asher
 
S

Sandrine Bascouert

Member
If I may ask, for my information and unless it's kinda classified
How many registrations (in total, false or true) have you got per day? I don't see thousands of members participating (maybe there are in areas where I don't risk such as Forensics or that kind of stuffs :) )
 
Asher Kelman

Asher Kelman

OPF Owner/Editor-in-Chief
Sandrine Bascouert said:
If I may ask, for my information and unless it's kinda classified
How many registrations (in total, false or true) have you got per day? I don't see thousands of members participating (maybe there are in areas where I don't risk such as Forensics or that kind of stuffs :) )
Click to expand...

It's hard to say, Sandrine. Overall it could be 50 to 250, most of them spammers. Then after my deleting filter is down to 4-40. Then 20 to 85% are spammers.

Over all spammers that get through the Captcha pictures and are banned are about 35% of the total. But in the past few days I have been just deleting. I am not willing to wade through 40 registrations with single weird names. I look out for ethnic names from foreign countries where names might be put together as one. I'm pretty sensitive to that.

Right now, the table listing new registrations has emails and IP addresses but other fields are missing. If I could view the registrations as a table with the data I want going across, then it would be simpler. I may get to have that programmed by a vBulletin expert developer.

It's not allowed to simply use data from Projecthoneypot to fast ban everyone on it, as that constitutes "denial of service" and then they will exclude OPF from their data pool!

I notice that there are also simple BOT testing features like a picture of a car and one is asked to choose the title: lamp, honeybee, bread or car. Also a simple sum written in Captcha machine proof writing where one has to give the answer to say 7 plus 16 -2.

I'd say,

  • Describe losing your keys

  • What is your experience with water and toilets when you travel?

  • Describe your happiest moment

But then we''d have to read it!

Gradually we'll balance this out. Solving problems is not always a great idea as the consequences are often a new problem one didn't imagine. Better is balancing out. That's how trees survive oat root fungus.

Asher
 
S

Sandrine Bascouert

Member
It's hard to say, Sandrine. Overall it could be 50 to 250, most of them spammers. Then after my deleting filter is down to 4-40. Then 20 to 85% are spammers.
Click to expand...

That's what I call a job from hell!

I'll ask my husband for some info as he had to face that things (not with that amount) I remember the capcha stuff on his site... Now he asks the people to send him an email and to send him videos of what the guys are capable. But it's not a forum, it's just a site with some restricted resources. The members are the ones allowed to see the resources. The rest of the people can just see his articles.
 
A

Andrew Stannard

pro member
Hi,

I can't remember how the registration goes now, but I presume it was some sort of online form to fill in.

What about the registration page asking people to send an email to a particular address, requesting that they join, and a brief description of their photographic interest in the forum? No online form to fill in as such

Questions with this approach would be:

1. Would this cut down on spammers applying (because it wasn't just a form to fill in)? It strikes me that spammers might just move onto a different site where it was easier to apply (but I'm no expect by any means)

2. What would the effort then be on your part in:
a) Reading the emails
b) Generating accounts for the genuine applicants.


Just some thoughts,
 
Asher Kelman

Asher Kelman

OPF Owner/Editor-in-Chief
Andrew Stannard said:
What about the registration page asking people to send an email to a particular address, requesting that they join, and a brief description of their photographic interest in the forum? No online form to fill in as such

Questions with this approach would be:

1. Would this cut down on spammers applying (because it wasn't just a form to fill in)? It strikes me that spammers might just move onto a different site where it was easier to apply (but I'm no expect by any means)

2. What would the effort then be on your part in:
a) Reading the emails
b) Generating accounts for the genuine applicants.
Click to expand...



The practical thing might be simply to have them post an introduction, name their cameras and post recent unaltered pictures and reference to their online gallery if they have one.

Asher
 
Cem_Usakligil

Cem_Usakligil

Well-known member
Hi Asher,

Only today I must have banned perhaps some 10 of those. They all have the same "signature", i.e. exactly the same way the registration fields are filled in. The data varies but the pattern is the same. So I now think that a bot/script is being used. Which means that they have a script which can automatically bypass the version of the captcha we are using (yes, those scripts do exist). We have to find some other way to prevent this from happening. I think something along the lines of what Andrew has suggested would not be a bad idea. Yes, you'd have to read a lot of incoming mails, but it is easy to just glance at one to see if it is genuine or not, especially if they have to answer a specific request/question in the mail. Then the 99% of the mail can be immediately deleted. For the real applicants, you'd then have to generate the user accounts manually but I bet that this is still less effort than tracking down all those registrations and deleting them after they have registered. Just thinking aloud :)

Cheers,
 
S

Sandrine Bascouert

Member
when register, an obvious question is asked, only a human can type YES. No radio button, no list, you have to type it properly... But I guess this one have been made as well...
 
Cem_Usakligil

Cem_Usakligil

Well-known member
Sandrine Bascouert said:
when register, an obvious question is asked, only a human can type YES. No radio button, no list, you have to type it properly... But I guess this one have been made as well...
Click to expand...
I now see what you mean, thanks for the explanation. And yes indeed this and some variations of this theme (such as the arithmetic captcha) have been in use.

Cheers,
 
J

John Angulat

pro member
We've all come up with some pretty good suggestions.
Unfortunately they screen the "automatic" registrant, not the human who desires to join solely to spam.
The "joining, probation, must have at least 1 posted image" (or variation thereof) is a good concept but it doesn't make the subsequent review/screening process any easier for Asher, Cem and the other Mods.
We've got to find a way to streamline that process.
I'm stumped. :(
 
fahim mohammed

fahim mohammed

Well-known member
May I suggest a very ' in ' method.

Some people are very ' experienced ' at it. Asher is well aware of it.

Profiling, they call it.

Random they say. I get profiled every time. Anyone need my address, if you are beautiful, I shall give it willingly. My phone number. Anytime.

But thats the price to pay for safety and security of OPF.

' OPF Security '. After all its our home. so to speak.
 
Asher Kelman

Asher Kelman

OPF Owner/Editor-in-Chief
fahim mohammed said:
May I suggest a very ' in ' method.

Some people are very ' experienced ' at it. Asher is well aware of it.

Profiling, they call it.

Random they say. I get profiled every time. Anyone need my address, if you are beautiful, I shall give it willingly. My phone number. Anytime.

But thats the price to pay for safety and security of OPF.

' OPF Security '. After all its our home. so to speak.
Click to expand...


Fahim,

Deleted another 10 of the same BOT series. I have less qualms now that I understand the patterns. But maybe we should change things to "no notification" when they're killed off. Maybe we're triggering more attacks by our built in well-mannered notification system!? I think we'll now try deleting them in silence.

I guess they rely on us making mistakes and accidentally accepting them. I did that for two of them but then went back through all visits for the past 24 hours and cleaned them out. None of this fighting is really personal. I'd like to discover what makes them give up or even do a revers attack!

Asher
 
S

Sandrine Bascouert

Member
Have you any ideas what's purpose of these? Pure spamming (I mean Natural viagra-Phoenix university online degree-Rolex replica stuffs) or a more harmful purpose such as stealing emails address or informations? Because In the last they can get pretty stubborn, In the first,they can have weaker forums to choose from....There is a real "market" for the last and some "head hunters" scans security forums in search for the desperate hacker (the guy who is talented but still on dole or too young to prove experience for a company, or too poor to have a proper degree). They make propositions (That you can't refuse :) )

Let's say that most of the time it's coming from Russia.
 
You must log in or register to reply here.
Top