Unsophisticated but surprisingly effective new spam attack

iaresee

iaresee

Active member
Ugh.

Thought I had this Chinese university degree spam problem sorted but it's returned and I'm struggling to fight it.

The pattern is:
  • New user registers
  • Posts a bunch of posts that have a two character title and a two character body
  • Edits those posts to into the usual sea of kanji characters advertising fake university degrees

I'm running a regex that denies all kanji characters.

I up the "Maximum messages to check for spam" setting and they just post one more than that number of the two-character messages to get around it. I'm currently at 100 messages. :/

What I'm failing to find is a way to keep them from posting these two-character subject/message posts in the first place.

I can't see a way to craft an anti-spam filter that just looks at the subject line. A two-character subject line, or even a single word subject line, I could reasonably make it a board rule that subject lines need to be descriptive.

Alternatively, is there a third party spam management plugin or two I should be looking into?
 
I'm also in the process of doing a user group promotion. Though I'd rather not have to have moderation occur on the first few posts to the board. That feels like a bad experience for the mostly legit new users who sign up.

Looking into those plugins now...
 
We moderate all new users; registrations need moderator approval, and we check IP then. The first five posts from new users also require moderator approval, and we explain that this helps prevent spam. We have been doing this for years, and so far no new user has complained about this procedure, and the staff does not mind having a few approvals every day.

Sometimes having human eyes on something is better and more efficient than trying to rely on an automated process.
 
Last edited:
JRobert said:
We moderate all new users; registrations need moderator approval, and we check IP then.
Click to expand...
What's your sign up rate? We're getting 200+ users a week and the moderation team is just a handful of people. That feels like it'd be overwhelming.

Since the site is associated with a business, we'd like to err on the side of not giving potential customers a bad experience.
 
I have heard good things about this add-on preventing Spam.

xenforo.com

Unmaintained - AntiSpam by CleanTalk

No CAPTCHA, no questions, no counting animals, no puzzles, no math. No spambots signups, no spambots posts. Anti-spam features: Stop spambots at registrations. Stop spambots at the orders. Contact form protection (CAPTCHA should be disabled!)...
xenforo.com xenforo.com

Anti-Spam Plugins for WordPress, Joomla, Drupal, and any other websites

Cloud Anti-Spam Service for websites. Protect your website from spam with invisible methods for visitors. No Captcha, no questions, no counting animals, no puzzles, no math. Fight spam!
cleantalk.org cleantalk.org
 
nodle said:
I have heard good things about this add-on preventing Spam.

xenforo.com

Unmaintained - AntiSpam by CleanTalk

No CAPTCHA, no questions, no counting animals, no puzzles, no math. No spambots signups, no spambots posts. Anti-spam features: Stop spambots at registrations. Stop spambots at the orders. Contact form protection (CAPTCHA should be disabled!)...
xenforo.com xenforo.com

Anti-Spam Plugins for WordPress, Joomla, Drupal, and any other websites

Cloud Anti-Spam Service for websites. Protect your website from spam with invisible methods for visitors. No Captcha, no questions, no counting animals, no puzzles, no math. Fight spam!
cleantalk.org cleantalk.org
Click to expand...
I ran into some compatibility issues with that in the past.

Honestly, Signup abuse detection and blocking is covering almost every issue spam I have had, but I have also blocked China, Pakistan and 1-2 other regions (we do not have much legitimate traffic, and people are able to request to be allowed through).
 
  • Like
Reactions: Xon
I did a few things.

I did buy and install the Spaminator add-on by @Ozzy47 -- I'm a little skeptical that bots can't just look for and ignore the elements with type=hidden on them but good reviews so I guess why not for $30, right?

I also put into place a new Verified user group with a promotion at 5 posts from Registered to Verified. I put a bunch of restrictions on Registered and now require Registered users to have their posts moderated. This should help eliminate the existing bot accounts on the site. Once we see moderation drop to just legitimate posts I'll get rid of the moderation requirement on the first 5 posts and just let the built-in spam filter kick bad posts up for moderation.

Will report back in a week on how effective it was.
 
On one of our forums, we manually approve the first post. For now, this seems to work fine, have more control and we catch almost all human spammers. But the majority of the hard work is done by the Spaminator add-on from @Ozzy47. Squashing those bots like bugs.
 
BassMan said:
On one of our forums, we manually approve the first post. For now, this seems to work fine, have more control and we catch almost all human spammers. But the majority of the hard work is done by the Spaminator add-on from @Ozzy47. Squashing those bots like bugs.
Click to expand...
Yea, I might dial it back from 5 to 1 for post approvals. Will see what the workload is like.
 
iaresee said:
I also put into place a new Verified user group with a promotion at 5 posts from Registered to Verified. I put a bunch of restrictions on Registered and now require Registered users to have their posts moderated. This should help eliminate the existing bot accounts on the site.
Click to expand...
Do you know that @Ozzy47 is so far ahead that if he looks back he sees the future? 😅

Also use the Login Spaminator and you solved that too.
 
iaresee said:
The pattern is:
  • New user registers
  • Posts a bunch of posts that have a two character title and a two character body
  • Edits those posts to into the usual sea of kanji characters advertising fake university degrees
Click to expand...
One idea I have is that they edit posts, so I guess that they do this so first version of posts looks legit enough?

If so, then you can create two usergroups, first doesn't have ability to edit posts at all, and promotion gives them ability to edit after criteria that would work for you, like being registered long enough, have more than x posts, etc.

Or I didn't understand why they create first posts that need editing. Anyway, if editing is the key to them, remove editing for first usergroup, and see how most safely you can give back editing to legit users.
 
Yep, if they're going back and editing older posts, I'd remove editing (beyond a grace period for post corrections) from the standard usergroups.

I had a spate of long term spammers who were happy to build up a semi-normal looking account over many months using obviously human spammers to include some niche-specific comments to evade detection, plus use a VPN into my country to appear local. Then go back and edit older posts to stuff links in.

I'd agree with the above, both manual approval of a new account, and moderator approval of first posts singularly kills new user enthusiasm, so use with care. Sometimes it's better to accept a few spammers getting through, than enforce strict restrictions on all new members.

Depending on your niche you can usually safely block whole countries that don't offer anything than spam :)
 
So the combination of the add on and the two user groups with the promotion occuring after the first post has brought it back to zero.

Had to moderate about 10 users/day for a week and then it all fell to nothing.

I'll leave the requirement for moderating the first post in place for another week and then I'll drop the need for moderation and see if they come back.
 
Even with a bunch of anti-spam stuff in place, these chinese spammers are still getting through. They'll even post 10 "legit" looking messages (coming in through a VPN) to get past our filters, and then start posting a bunch of Chinese spam.

iaresee said:
I'm running a regex that denies all kanji characters.
Click to expand...
Curious how you set this up. Do you have a screenshot?

Any other ideas on how to slow these guys down without having a negative impact on legit users?
 
ProCom said:
Even with a bunch of anti-spam stuff in place, these chinese spammers are still getting through. They'll even post 10 "legit" looking messages (coming in through a VPN) to get past our filters, and then start posting a bunch of Chinese spam.


Curious how you set this up. Do you have a screenshot?
Click to expand...
/[一-龠]+|[ぁ-ゔ]+|[ァ-ヴー]+|[々〆〤ヶ]+/u

We haven't fully stopped the problem. But moving to having to get moderator approval for you first post for a couple of months seems to have taken our site off the top of the hit list for spammers for now.
 
You must log in or register to reply here.

Similar threads

radenmas
  • Question Question
XF 1.5 Uploaded file not shown while posting, but surprisingly it is uploaded
Replies
3
Views
1K
radenmas
radenmas
Back
Top Bottom