If You See Kay Spam

Report anomolous behavior on the forum here.

Moderator: TMAX

Post Reply
Sharkey
Original Founder
Posts: 1364
Joined: Sat Oct 09, 2004 4:00 am
Contact:

If You See Kay Spam

Post by Sharkey »

Over the course of the last two days, I've instituted a new level of spam and bot control on the web site in the form of a set of scripts that analyses each request and compares the information contained in the "Headers" to normal browser behavior. When anomalous request headers are received, they are subjected to increased scrutiny, and if deemed to be bogus, the scripts return a failure page instead of the requested file.

Things that can trigger a failure are mismatched header values, expression matching for "User_Agent" (the name of a browser, matching a banned IP address as well as a host of other conditions. The tests are very comprehensive, and although I have the system set to "Enhanced", I have yet to see any valid requests for pages trigger a failure. I have, however, seen a number of failures caught by the new system that would have sailed right through the defenses I used up until now.

The whole point is to stop bots from scraping the site, making endless, repeated requests for pages that may or may not exist, stop email address harvesting attempts, reject server exploit tries, prevent the posting of spam into any forms this site contains, and generally keep the lid on a whole slimy trash can full of web bugs that all best ought to be exterminated.

The reason I'm bringing this up here is that so far, I have not applied this new protection to the forum, I wanted to see how it did on the rest of the site first. Over the weekend, I hope to get the protection applied to the forum, and I thought it a good idea to let you know in case it doesn't work out quite as well as expected. If the new rules and regs work out, you will notice nothing. If, for some reason, you get shut out, the failure page gives a new email address that I created to allow you to complain.

For every human spammer who has posted here, there are probably 100,000 or more automated attempts to break in and deface the forum. So far, my efforts have kept the crap away. This will be just one more tool to protect our privacy, while allowing decent folk to participate.

I hope to have a demonstration page created for those of you who can't resist setting off alarms...
dburt
Posts: 811
Joined: Sat Aug 22, 2009 5:53 am
Location: NE Oregon, SW Idaho
Contact:

Post by dburt »

Shareky, I notice something unusual in one of my posting on a thread. When I put the word social in a sentance, it came out on the posting as the word "spam". Do you have some kind of control that shows any posting with the word "social" or "socialized" as spam if it is not contained by " marks?
Sharkey
Original Founder
Posts: 1364
Joined: Sat Oct 09, 2004 4:00 am
Contact:

Post by Sharkey »

OK, that was interesting. I just went and checked the word censors. I had put in about six words I wanted banned, mostly the names of popular pharmaceuticals that spammers like to offer. None of them had names anything like social, and none of them had all of the same letters in them as social, either. For whatever reason, the word censor was grabbing the word social and replacing it with "spam", which is what I had instructed it to do with the censored words. Whatever, I deleted the entire batch, we don't get enough spam here to worry about word censoring.

One forum that I frequent has a word censor that always replaces the word "aroma" with "Iron Maiden". No one has ever figured that one out...
Rudy
Posts: 2762
Joined: Mon Aug 17, 2009 3:01 pm
Location: Strangeweather, Mo.

Post by Rudy »

Maybe the guys in Iron Maiden were smelly. I am glad that you keep a diligent watch on this site. My friend Bob's website became overrun with Spambots. He had to shut it down. Fight on, Sharkey. I know that you will keep your site a holy and wholesome place. Thanks for providing us with this special place. Rudy
Sharkey
Original Founder
Posts: 1364
Joined: Sat Oct 09, 2004 4:00 am
Contact:

Post by Sharkey »

Alright, as of 19:20 hours this date, the new spam protections are functioning on the forum. I'm not done tuning the scripts, but they seem to be working and caught some creepaziods from the Ukraine before I even had a chance to open the logs for the first time. I'm sure their attempt to post via robot would have failed anyway, but this is one more layer of protection from the Nasties.

If anyone here gets caught up in the new traps, use the provided email address on the failure page to let me know and I'll adjust things.
Sharkey
Original Founder
Posts: 1364
Joined: Sat Oct 09, 2004 4:00 am
Contact:

Post by Sharkey »

It's been exactly a year since I instituted the new filters to keep out trash postings (at least those from bots and spammers, the rest of you are still free to post whatever you want), and I'm pleased to be able to report that the system has delivered failure notices to 25,203 spammers on the forum alone. On the rest of the site, the number is 14,433. Actually, the numbers are higher than that because for the first week or two, I didn't let the tally number accumulate when I cleared the log files.

During that time, there has been a dramatic drop in the number of spam posts on the forum. Oh, there have been maybe half a dozen actual humans who bothered to run the juggernaut of protections that are in place to discourage throw-away postings, but for the most part, TMAX, our Spam Cop has had nothing to delete all these twelve months (sorry Tom).

Examining the logs files of this "first line of defense" that has been working so well for us shows me that there must be hoards of zombie computers all over the world that are infected with virii and sending out spam over broadband connections without the knowledge of the PC's owners. The patterns of the garbage posts are very consistent, showing that many originate from the same master source and are broadcast worldwide from all countries and IP ranges.

I also see from information contained in the logs that if a spammer bot gets through the first layer, their dark bile would be caught several times over by the secondary protections that I've implemented. There's no way around it, this is one very well protected web site.

I've seen very few false-positive reactions to the protections. On a couple of occasions, regular users here have gotten caught up in the net. In most cases, it involved folks using a computer "at work" where there are more likely proxy-server systems that the scripts on the site interpret as suspicious. Putting these users on a "whitelist" quickly solves this issue.

The bandwidth useage on the site dropped to about half when I instituted the If-You-See-Kay-Spam system, indicating that a lot of my server process time was being wasted catering to damned shysters and scammers. Screw'em all. I'm in favor of a capital punishment program for hackers, script kiddies, and fraudsters of all nationalities. Off with their heads!
Sharkey
Original Founder
Posts: 1364
Joined: Sat Oct 09, 2004 4:00 am
Contact:

Post by Sharkey »

Giving this a bump because I've been spending a LOT of time working in the spam scripts that I use here. I'm actually working with the developer to release a version for phpBB3 forums that can be used to protect any installtion of that software. It's taken a couple of hundered hours to adapt and tune the scripts over the past two months, but it's about ready to blast the sox off the spammers of the world.

As a small tribute, I've put a text link in the footer of each page here noting how many attempts to spam the forum have taken place since I installed the first version back in Nov of 2009.

I affectionately call my adaptation If-You-See-Kay-Spam, so you can tell how much I like the stuff, but the developers name for the program is Bad Behavior, which is, I think, being a little to easy on the greasy weasels.

Roll on, and DIE SPAM!!!!
Rudy
Posts: 2762
Joined: Mon Aug 17, 2009 3:01 pm
Location: Strangeweather, Mo.

Post by Rudy »

Beware all you bots and wannabees, the Spamonator is on guard.
Got love? Give love.
dburt
Posts: 811
Joined: Sat Aug 22, 2009 5:53 am
Location: NE Oregon, SW Idaho
Contact:

Post by dburt »

Sharkey, I wish you could develop a system to keep the troglodytes and bottom feeders from flagging my occasional ads on Craigslist. My ads are for such things as misc farm implements I fix up and sell, or for an occasional car I buy and fix up to sell. I am not a dealer posting in the 'for sale by owner' area, or selling something illegal or animals, etc so sometimes I think I get flagged because someone else is selling something like mine for alot more money and they don't want my competition. And then maby some of them are just random flagging by the aforementioned trogs and scum suckers that enjoy causing trouble for honest folks and have no other life then sending out spam feelers thru Craigslist and flagging random ads- perhaps it gives them a sense of power?

Or better yet- when they flag my ad, I need something that sends a deadly virus to thier computer and kills it deader then a post. :lol:

Anyway, your irritation at spammers matches mine at spammers and trogs and trolls on Craiglist. Sorry, I just had to vent somewhere :x
We need capitol punishment for scammers, trogs, trolls, and other scum suckers and bottom feeders on the internet. :wink:
Stealth Camper
Posts: 824
Joined: Fri Apr 09, 2010 5:17 pm
Location: Oklahoma
Contact:

Post by Stealth Camper »

I second ALL the motions!!

Yay, team!
Sharkey is our "Army of One" Team!!

Keeping us safe, happy, and clean, and just slightly moist behind the ears.
(Don't ask...I have no idea what that means - it just popped into my head as a random moment thought.)
Sharkey
Original Founder
Posts: 1364
Joined: Sat Oct 09, 2004 4:00 am
Contact:

Post by Sharkey »

Congratulations to our 50,000th spammer, some unidentified cretin from Santiago, Chile who was attempting to view this topic thread: http://www.mrsharkey.com/forum/vwtp.php?t=459 , titled This Winter's Project, from December of 2007. Hard to believe that there's any interest in transcribing old cassette tapes to hard disk storage in South America, more likely it was a net bot attempting to scrape content.

I'll let you all know when we pass the 100,000 mark... :D
Post Reply

Who is online

Users browsing this forum: No registered users and 3 guests