Forum Rule: Always post complete source code & details to reproduce any issue!
Page 1 of 2 1 2 LastLast
Results 1 to 25 of 34

Thread: Anti-Spam efforts, May 2018

  1. #1
    Senior Member PaulStoffregen's Avatar
    Join Date
    Nov 2012
    Posts
    20,343

    Anti-Spam efforts, May 2018

    Robin & I are working on the spam problem. Turns out most of the recent spam is coming from just a few ISPs in Bangalore, India and also some in Pakistan. Seems the spammers are using low-wage labor in these areas to defeat anti-spam measures.

    I'd like to ask all the "plus" users who are helping with deleting spam to please keep the IP number when deleting a message. In the moderation area (unseen to everyone else... it's where the spams go when you report them) is a sticky thread with the IP number block list. Please edit that message to add any new IP numbers in the section at the top.

    We've been looking up the netblocks and adding them to our banned IP numbers list. Bangalore is particularly complicated, because many of the IP allocations are only small blocks of 1024 numbers, and other "nearby" small allocations are scattered across other Asian-Pacific area countries.

    Robin is also working on banning freshly registered spammer accounts before they post. Earlier this week she deleted a couple thousand of them!

    Eventually we may need to consider more draconian measures, like manual human approval of new registrations. But that day has not arrived. Blocking small IP ranges seems to be enough for now, but it does depend on collecting the IP numbers before deleting the messages. If you're in the "plus" group, please make sure you get those IPs onto the list in the moderation area, so I can look up and ban their netblocks.

  2. #2
    Senior Member
    Join Date
    Dec 2016
    Location
    Montreal, Canada
    Posts
    3,025
    not long after your post it happened again
    was that a test of the PJRC emergency broadcast system?

  3. #3
    Senior Member Wozzy's Avatar
    Join Date
    Jan 2013
    Location
    Philadelphia, Pennsylvania USA
    Posts
    348
    How do the "plus" users determine the spammer's IP address?
    Also where do we find the moderation area to view the sticky thread?

  4. #4
    Member dauntless89's Avatar
    Join Date
    Jun 2017
    Location
    Cedar City, UT
    Posts
    50
    I'm a moderator on another forum, you can view the IP address of each individual post, as well as each that a given user has logged in with and the one they registered the account with. I use IP addresses almost daily to bust people for a wide array of forum-specific rule violations, as well as general spamming, scamming, trolling, etc.

    As regular members, you and I don't get to view the moderation area. It's hidden unless you have moderator status.

  5. #5
    Senior Member+ defragster's Avatar
    Join Date
    Feb 2015
    Posts
    9,092
    Wozzy - indeed as noted the Senior+ group has added UI to see an IP - and when a post is selected for delete the IP is presented. So just a couple of extra steps to copy that and then paste it for PJRC usage.

  6. #6
    Senior Member Wozzy's Avatar
    Join Date
    Jan 2013
    Location
    Philadelphia, Pennsylvania USA
    Posts
    348
    So I have spam delete privilege, but not "Plus" status.
    Should I refrain from deleting spam for the time being?

    Edit:
    I guess what I really have is spam report privilege, But the spam gets placed in an offline folder until an administrator reviews it.

  7. #7
    Senior Member+ defragster's Avatar
    Join Date
    Feb 2015
    Posts
    9,092
    Most users can click the 'Report Post' to have it removed from the normally viewable 'stream' - that is a good thing - keep at it.

    'Plus' viewers still see it and use that as a sign for removal/banning the user.

  8. #8
    Senior Member PaulStoffregen's Avatar
    Join Date
    Nov 2012
    Posts
    20,343
    Quote Originally Posted by Wozzy View Post
    So I have spam delete privilege, but not "Plus" status.
    There's a subtle but important matter of terminology.

    You have the ability to "report" a message. Reported messages are automatically turned to moderated status, so from your point of view the messages disappears. But it isn't actually deleted. It's only been reported as a problem. The message still exists, but it is hidden from normal view.

    Only users who are "Senior Member+" or "Administrator" can see reported messages. They're the only ones who can actually delete it. When deleting, the IP number is shown on the page to confirm the delete. There's also a small "IP" icon on every message, but only for "Senior Member+" or "Administrator" users.

    When you see spam, please do click the "Report Post" icon (small black triangle). It removes the spam from view, which helps everyone right away!

  9. #9
    Senior Member Wozzy's Avatar
    Join Date
    Jan 2013
    Location
    Philadelphia, Pennsylvania USA
    Posts
    348
    Thanks for the clarifications... OK I'm going back to whacking moles!

  10. #10
    Senior Member
    Join Date
    Feb 2015
    Location
    Finland
    Posts
    120
    I've also noticed a recent uptick on ssh attack attempts. I have a relatively stable IP address, and use fail2ban on my Linux laptop machine to completely block IP addresses that try to login to my machine via SSH (which I myself use, to connect to this machine remotely, so cannot just disable). I typically use a 24-hour window and a 24-hour ban.

    Right now, I have 33 IP addresses in my ban list. That is 33 different addresses trying to log in to my laptop within the last 24 hours. I do not recall seeing this many banned addresses in a long time..

  11. #11
    Senior Member
    Join Date
    Dec 2016
    Location
    Montreal, Canada
    Posts
    3,025
    I don’t think “helli” ‘s profile pic is appropriate for this forum...

  12. #12
    Please forgive my ignorance if this is not the place to ask this question.
    I created an account "ComputerKarate" and came back a couple of weeks later to a page that said my account was banned for suspicion of spam.
    As I had only logged in for a few minutes, this must be a case of mistaken identity.
    Can anyone PM me about the specifics?
    I would like to avoid posting my email address publicly.

    If the domain I registered the account with has issues, maybe I can follow up with my hosting company (westhost.com).

  13. #13
    Senior Member+ Theremingenieur's Avatar
    Join Date
    Feb 2014
    Location
    Colmar, France
    Posts
    2,459
    You had been banned as a suspected spammer, not because of the domain, but (I can only guess, I'm not the admin who banned you) based on what had been posted (content or form) from your account. I lifted the ban for the moment. Please take care to write from now on in a factual and informative style.

  14. #14
    Junior Member
    Join Date
    Dec 2018
    Posts
    18
    Consider editing the signup page to check the 'referrer link' to see which page it was called from.
    And renaming it to something else, and setting up a short script with the original filename that autobans anyone trying to run it...

    Those tricks should stop most robots.
    On some forums they require you to write a reply to a specific thread, introducing yourself, before the mods will authorize your profile.

  15. #15
    Member educa's Avatar
    Join Date
    Jan 2017
    Location
    Belgium
    Posts
    21

    Unhappy

    Hi Guys,For months already I seem to be banned from the forum. Well... not me, but my IP.I am from Belgium and that is far from India ;-)Anyway, I am a legit customer using teensy 3.6 , but the only way for me now to access the forum is to go through an anonymous proxy (something spammers can also do by the way).Accessing the forum is a very annoying way of getting access to a support forum for a product you actually bought and are using.I already sent mail to paul@ and robin@ but somehow it looks like these mails don't arrive ? The I tried private messaging Paul, but he has disabled PM for his nickname.So now I try it through this post, because it actually on topic. What should I do to get my IP unbanned? IP 213.118.29.78Kind regards,Bart LibertBelgium

  16. #16
    Senior Member+ Theremingenieur's Avatar
    Join Date
    Feb 2014
    Location
    Colmar, France
    Posts
    2,459
    Hi Bart,

    only Paul and Robin have access to the IP block list. So, you'd have to wait until one of them might look up and do something about your IP, but everybody is actually pretty busy with developing for and beta testing the new Teensy 4. Thus, please be patient and good to know that you found a workaround

  17. #17
    Senior Member
    Join Date
    Nov 2012
    Posts
    1,142
    I've received two spam PMs from different individuals. Both PMs contain a link to a Russian site that I am not, under any circumstances, going to visit. The message was also CC'd to other users.
    Can you clobber these two morons and if possible install something that detects and bans them as soon as they send a PM like this?
    Thanks
    Pete

  18. #18
    Senior Member+ defragster's Avatar
    Join Date
    Feb 2015
    Posts
    9,092
    @Pete - can you give the user names - that leads to IP to block after they get banned. Perhaps forward the PM's to myself or another another Sr+ if not gone.

  19. #19
    Senior Member+ Theremingenieur's Avatar
    Join Date
    Feb 2014
    Location
    Colmar, France
    Posts
    2,459
    The problem is that (AFAIK) we Senior+ can only block users via deleting a spam Post in the forums. Users which only send PMs but never posted in the forums seem unfortunately out of our reach.

  20. #20
    Senior Member PaulStoffregen's Avatar
    Join Date
    Nov 2012
    Posts
    20,343
    If this becomes a bigger problem, we might just completely remove the PM system.

  21. #21
    Senior Member+ defragster's Avatar
    Join Date
    Feb 2015
    Posts
    9,092
    Quote Originally Posted by Theremingenieur View Post
    The problem is that (AFAIK) we Senior+ can only block users via deleting a spam Post in the forums. Users which only send PMs but never posted in the forums seem unfortunately out of our reach.
    Indeed - as posted - PM would have to get to [Robin or] Sr+. But given a username - it can be banned AFAIK and the forum will give IP for user.

    Confirmed: 'Mod' lower right corner allows user lookup and presents a BAN USER button there, and IP search on user shows the IP I registered with top center - and that and 52 others I have logged in with in 4 years.

  22. #22
    Senior Member+ defragster's Avatar
    Join Date
    Feb 2015
    Posts
    9,092
    Got user names from Pete and recorded their registration IP - only one each had - and put on permanent ban list marked "SPAMMER :: PM". Will go add IP's to the block list.

  23. #23
    Senior Member
    Join Date
    Nov 2012
    Posts
    1,142
    Thanks Tim.

    Pete

  24. #24
    Member
    Join Date
    Nov 2012
    Location
    Belgium
    Posts
    20
    Now got a spam as private message, sent by Rubinpeash (with .ru URL). Is this a new way of spamming, or already common practice ?

  25. #25
    Senior Member+ defragster's Avatar
    Join Date
    Feb 2015
    Posts
    9,092
    tochinet - this is newly reported with spam PM's
    HWGUY reported this one too - as if it were a post ?
    - Banned : Rubinpeash

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •