Anti-Spam efforts, May 2018

Status
Not open for further replies.

PaulStoffregen

Well-known member
Robin & I are working on the spam problem. Turns out most of the recent spam is coming from just a few ISPs in Bangalore, India and also some in Pakistan. Seems the spammers are using low-wage labor in these areas to defeat anti-spam measures.

I'd like to ask all the "plus" users who are helping with deleting spam to please keep the IP number when deleting a message. In the moderation area (unseen to everyone else... it's where the spams go when you report them) is a sticky thread with the IP number block list. Please edit that message to add any new IP numbers in the section at the top.

We've been looking up the netblocks and adding them to our banned IP numbers list. Bangalore is particularly complicated, because many of the IP allocations are only small blocks of 1024 numbers, and other "nearby" small allocations are scattered across other Asian-Pacific area countries.

Robin is also working on banning freshly registered spammer accounts before they post. Earlier this week she deleted a couple thousand of them!

Eventually we may need to consider more draconian measures, like manual human approval of new registrations. But that day has not arrived. Blocking small IP ranges seems to be enough for now, but it does depend on collecting the IP numbers before deleting the messages. If you're in the "plus" group, please make sure you get those IPs onto the list in the moderation area, so I can look up and ban their netblocks.
 
How do the "plus" users determine the spammer's IP address?
Also where do we find the moderation area to view the sticky thread?
 
I'm a moderator on another forum, you can view the IP address of each individual post, as well as each that a given user has logged in with and the one they registered the account with. I use IP addresses almost daily to bust people for a wide array of forum-specific rule violations, as well as general spamming, scamming, trolling, etc.

As regular members, you and I don't get to view the moderation area. It's hidden unless you have moderator status.
 
Wozzy - indeed as noted the Senior+ group has added UI to see an IP - and when a post is selected for delete the IP is presented. So just a couple of extra steps to copy that and then paste it for PJRC usage.
 
So I have spam delete privilege, but not "Plus" status.
Should I refrain from deleting spam for the time being?

Edit:
I guess what I really have is spam report privilege, But the spam gets placed in an offline folder until an administrator reviews it.
 
Most users can click the 'Report Post' to have it removed from the normally viewable 'stream' - that is a good thing - keep at it.

'Plus' viewers still see it and use that as a sign for removal/banning the user.
 
So I have spam delete privilege, but not "Plus" status.

There's a subtle but important matter of terminology.

You have the ability to "report" a message. Reported messages are automatically turned to moderated status, so from your point of view the messages disappears. But it isn't actually deleted. It's only been reported as a problem. The message still exists, but it is hidden from normal view.

Only users who are "Senior Member+" or "Administrator" can see reported messages. They're the only ones who can actually delete it. When deleting, the IP number is shown on the page to confirm the delete. There's also a small "IP" icon on every message, but only for "Senior Member+" or "Administrator" users.

When you see spam, please do click the "Report Post" icon (small black triangle). It removes the spam from view, which helps everyone right away! :)
 
I've also noticed a recent uptick on ssh attack attempts. I have a relatively stable IP address, and use fail2ban on my Linux laptop machine to completely block IP addresses that try to login to my machine via SSH (which I myself use, to connect to this machine remotely, so cannot just disable). I typically use a 24-hour window and a 24-hour ban.

Right now, I have 33 IP addresses in my ban list. That is 33 different addresses trying to log in to my laptop within the last 24 hours. I do not recall seeing this many banned addresses in a long time..
 
Please forgive my ignorance if this is not the place to ask this question.
I created an account "ComputerKarate" and came back a couple of weeks later to a page that said my account was banned for suspicion of spam.
As I had only logged in for a few minutes, this must be a case of mistaken identity.
Can anyone PM me about the specifics?
I would like to avoid posting my email address publicly.

If the domain I registered the account with has issues, maybe I can follow up with my hosting company (westhost.com).
 
You had been banned as a suspected spammer, not because of the domain, but (I can only guess, I'm not the admin who banned you) based on what had been posted (content or form) from your account. I lifted the ban for the moment. Please take care to write from now on in a factual and informative style.
 
Consider editing the signup page to check the 'referrer link' to see which page it was called from.
And renaming it to something else, and setting up a short script with the original filename that autobans anyone trying to run it...

Those tricks should stop most robots.
On some forums they require you to write a reply to a specific thread, introducing yourself, before the mods will authorize your profile.
 
Hi Guys,For months already I seem to be banned from the forum. Well... not me, but my IP.I am from Belgium and that is far from India ;-)Anyway, I am a legit customer using teensy 3.6 , but the only way for me now to access the forum is to go through an anonymous proxy (something spammers can also do by the way).Accessing the forum is a very annoying way of getting access to a support forum for a product you actually bought and are using.I already sent mail to paul@ and robin@ but somehow it looks like these mails don't arrive ? The I tried private messaging Paul, but he has disabled PM for his nickname.So now I try it through this post, because it actually on topic. What should I do to get my IP unbanned? IP 213.118.29.78Kind regards,Bart LibertBelgium
 
Hi Bart,

only Paul and Robin have access to the IP block list. So, you'd have to wait until one of them might look up and do something about your IP, but everybody is actually pretty busy with developing for and beta testing the new Teensy 4. Thus, please be patient and good to know that you found a workaround ;)
 
I've received two spam PMs from different individuals. Both PMs contain a link to a Russian site that I am not, under any circumstances, going to visit. The message was also CC'd to other users.
Can you clobber these two morons and if possible install something that detects and bans them as soon as they send a PM like this?
Thanks
Pete
 
@Pete - can you give the user names - that leads to IP to block after they get banned. Perhaps forward the PM's to myself or another another Sr+ if not gone.
 
The problem is that (AFAIK) we Senior+ can only block users via deleting a spam Post in the forums. Users which only send PMs but never posted in the forums seem unfortunately out of our reach.
 
The problem is that (AFAIK) we Senior+ can only block users via deleting a spam Post in the forums. Users which only send PMs but never posted in the forums seem unfortunately out of our reach.

Indeed - as posted - PM would have to get to [Robin or] Sr+. But given a username - it can be banned AFAIK and the forum will give IP for user.

Confirmed: 'Mod' lower right corner allows user lookup and presents a BAN USER button there, and IP search on user shows the IP I registered with top center - and that and 52 others I have logged in with in 4 years.
 
Got user names from Pete and recorded their registration IP - only one each had - and put on permanent ban list marked "SPAMMER :: PM". Will go add IP's to the block list.
 
Now got a spam as private message, sent by Rubinpeash (with .ru URL). Is this a new way of spamming, or already common practice ?
 
tochinet - this is newly reported with spam PM's
HWGUY reported this one too - as if it were a post ?
- Banned : Rubinpeash
 
Status
Not open for further replies.
Back
Top