A Solution to Topsites Spam?

The latest news can be found here.

Postby marius26 » 2006-12-09 04:47 pm

One thing i don't think was mentioned, when you deny account, rather than delete the info keep the account and url info and put it to a spammers table so next time they try to sign up with the user info or same url of same email they get message that the account have been marked as spammer.
marius26
Member
 
Posts: 27
Joined: 2004-06-13 04:24 am
Location: Great Gritain

Postby jacksplat » 2006-12-09 11:37 pm

I've had problems with spam as many have.
So many sohbet sites trying to get on the lists. I verify/decline each new listing. I do this twice a week at this point (4 topsites). The problem I'm having is they put the button on their site even before i disaprove, as a result my server is overun with hits. Godaddy cancelled one of my accounts on a very popular topsite of mine, then i moved it to my server and it killed mine too, had to shut it down. I then went for the last resort and parked it.. the parking service then banned it. What a mess. I havent visited this forum since late summer and hopefully I can find the time to run through the threads and find the solution I'm looking for to combat this. I don't want to shut down my topsites and dont want to put my coders to work for them either. I may put up the coin for a solution but my guys are bloody pricey. If I find the solution I will pass on the info in appreciation for the free use I've had over the last year.

Nice php topsite, but we gotta fix the spammage.

Jack
jacksplat
Member
 
Posts: 26
Joined: 2006-05-15 07:20 pm

Postby jacksplat » 2006-12-09 11:47 pm

reading a few of the previous posts here.. I've had alot of spam from .ru emails, not just on my topsites but on my forums too. and an article site. also .de.... as well my server is always banning ips from people trying to get the pw to the server. Banning too many ips isnt the solution, i believe your leaving the door open for a bigger problem if you get alot of college/university/gov and other traffic wich use similar or the same ips you may be blocking your visitors. It doesnt take a genious to figure out how to set up an anonymous gateway at any large university to use as a spammer.... you block it and lose a large bulk of your visitors, now do this to several universities and colleges.. poof, bye bye traffic.

And proxy sites (php/cgi/socks) are all over the place. IP blocks are little help unless the culprit has the brain of a worm.
jacksplat
Member
 
Posts: 26
Joined: 2006-05-15 07:20 pm

Postby halloway » 2006-12-10 11:17 am

I have been hammered with spam registration from ru domains and finally gave up using the approve/delete feature. To keep the topsite I decided to try something different, by changing the join page.

Look up: http://www.cascity.com/top20/

To join the top sites, new sites must now contact me to be added manually. But.... guess what happened. Even though the join form is no longer available, spammers are still able to register. I have no idea how they do it. To me, it seems that they are able to access the script through a backdoor somewhere. Could it be that the topsite script is a high security risk. Any thoughts about this is appreciated.
halloway
Newbie
 
Posts: 4
Joined: 2004-11-19 04:08 pm
Location: US

Postby Jeremy » 2006-12-10 08:05 pm

it depends how you modified join.php. did you leave all the registration code there? if so, then it doesn't matter if you don't display the form because the spammers just send a direct http request. they don't actually fill out the form.

something that would probably work is changing the name of the form fields. you can change the name of an important one (like URL) in join_form.html and then in join.php, after this:
$TMPL['header'] = $LNG['join_header'];
put something like this:
$FORM['url'] = $FORM['new_name_for_url'];

i haven't tested it, but that should confuse the bots.
Jeremy
Supreme Diety
 
Posts: 8922
Joined: 2003-05-05 04:41 pm
Location: NJ, USA

Postby maxfiles » 2006-12-17 05:07 pm

after reading this site for over 1 hour and over 100 topics.. I have concluded the following.


the button.php file needs to read if the user is an active user on the site, and if they are also registered... thus not displaying the code at all..

also there needs to be code in the button.php, that says if this button is requested more then X times in an hour stop displaying the button, and secondary if this button is displayed more then xxx times in an hour then ban user for 24 hours..

There should be also a banned script, that also checks the against the domain and ip of the server and if those match anyone else in the list, their signup gets rejected.

a Ban list seems to be importent to everyone. also the domain and ip should also be banned using .htaccess as well, thus preventing them access to the website.

seriously if this spam is to stop the admins of these sites should be allowed to have the best security programmed into the program or make the mods themself for the public..

I am saying that a good mod, should be programmed into the software with credit given.

these are my thoughts.

Max
maxfiles
Newbie
 
Posts: 3
Joined: 2006-12-17 04:16 pm

Postby WebMasterJorge » 2006-12-25 02:25 pm

Any idea when the new 5.2.0 version with Proxy Voting Blocking will be released?
WebMasterJorge
Advanced Member
 
Posts: 149
Joined: 2005-04-11 02:15 am

Postby Jeremy » 2006-12-26 03:18 pm

next month maybe? but don't count on it.
Jeremy
Supreme Diety
 
Posts: 8922
Joined: 2003-05-05 04:41 pm
Location: NJ, USA

The Aardvark word

Postby portugaldarts » 2007-01-11 10:38 pm

I think the aardvarktopsites word in the copyright bottom of the page, is something to remove too...

you can allways use an image with a commum name like picture.png or simpler than that say... image-pnp that should be too much commun to perform a search for it...

because the word Aardvarktopsites is not very commun and most of the sites with it on, are topsites for sure, so they are targets...
portugaldarts
Newbie
 
Posts: 1
Joined: 2007-01-11 10:30 pm

Postby whitesell » 2007-01-13 03:25 pm

Hi Jeremy,

I know this has been asked several times before -- can you PLEASE change the admin email to include the IP address of the submitter? I understand that won't help when someone uses a proxy, but it will help otherwise.

I'd love to be able to block the spammers from ever submitting. If we can stop or slow down their submissions they won't have a reason to sign up - since they KNOW they won't get a link from us.

I'm currently manually blocking their site's IP using htaccess, and have added the 'bad user' code to button.php and am updating that, too.

Here os one of the sites that signed up this morning:
http://www.evden-eve-nakliyecilik.name/
Look at all the topsites they've signed up for!

Please - PLEASE, can you add their IP address to the email the admin gets on signup?

Thanks
whitesell
Member
 
Posts: 12
Joined: 2004-02-18 08:14 pm

Postby Jeremy » 2007-01-13 07:09 pm

ip tracking will be in the next version.
Jeremy
Supreme Diety
 
Posts: 8922
Joined: 2003-05-05 04:41 pm
Location: NJ, USA

Postby whitesell » 2007-01-14 09:54 am

Great, thanks Jeremy!
whitesell
Member
 
Posts: 12
Joined: 2004-02-18 08:14 pm

.

Postby RT » 2007-01-20 08:30 am

whitesell wrote:Here os one of the sites that signed up this morning:
http://www.evden-eve-nakliyecilik.name/


I'm currently having issues with this website as well, I keep denying their registration but they keep re-signing back up again over and over :roll:

Look forward to the next release so I can ban them once and for all!

Keep up the good work with your Topsites, Jeremy.
RT
Newbie
 
Posts: 4
Joined: 2006-12-14 09:35 am

Postby whitesell » 2007-01-21 08:10 am

topsite wrote: I modified the file join.php and if I find word SOHBET in the title or description, I erase the form and I it empty reference. Thus I do not have any more adhesion turk and gift more Spam.)


Greetings,

Can you share your modified join.php? This would help alot if we could filter for the word(s) that they always use.

Thanks
whitesell
Member
 
Posts: 12
Joined: 2004-02-18 08:14 pm

Postby zeldamqgc » 2007-01-26 03:05 am

to answer portugaldarts's because the word Aardvarktopsites is not very commun and most of the sites with it on, are topsites for sure, so they are targets... answer i think if Jeremy would let us do it is to unlink the Aardvark Topsites PHP in the wapper.html until Version 5.2.0 comes out.

Just my suggestion.Cause i have not been on here in a while myself been to busy with my site projects.And because of that i get those same spammers so i ended up leaving my approve members on.
Image
i will love this year's camp hyrule!!!!
zeldamqgc
Advanced Member
 
Posts: 136
Joined: 2004-07-03 04:32 pm
Location: hyrule castle

PreviousNext

Return to News

Who is online

Users browsing this forum: No registered users and 1 guest

cron