London Fixed-gear and Single-speed

Yesterday around 20 accounts were opened with mail.ru or yandex.com addresses. All appear to be accounts set up to spam the site.

Thankfully things like the nursery period prevented the site from becoming awash with spam. Anyone curious as to how LFGSS might look if these defences were not in place need only look at the test forum where they are in fact not enabled: . The place is awash with spam, not that it bothers me as I'll delete it once I'm done.

Anyhow... to preclude the possibility of those accounts being used to get past the defences that I've put in place, I'm simply going to ban mail.ru and yandex.com accounts across the entire site. I feel that this is OK as being a London, UK focused site I can have a reasonable level of certainty that a majority of our users aren't from Russia.

However, if you happen to be someone who legitimately has an email address from one of those providers, you will need to let me know your username and the email address for that username... at which point if you also give me a new email address I can change it for you (you won't be able to change your own email address due to being banned).

The easiest way to do this is to email me at david@lfgss.com from your existing mail.ru account and to let me know of the new email address I should use. This would verify that you have access to the mail.ru account, so I will happily update your LFGSS account.

Cheers

David

Oh, and since it appears there were also some fake gmail accounts registered yesterday... please be on the ball about reporting any spam that does get through so that I can nuke it swiftly.

It will be my pleasure :-)

To the nursery!

Just added ukr.net to the ban list.

The amount of spammers who are registering at the moment may lead me to temporarily disable registration.

Currently 1 in 10 new members is a real person, the other 9 are spam accounts.

What is the normal ratio of span to good?

Does this have anything to do with the Bot attack type thing just before christmas?

Normally on LFGSS it's more like 50 people to 1 spammer.

There was a bot attack?

I think it's unrelated... I just think Russian spammers have started the new year with a new found vigour and have changed their targets slightly, which now includes us.

I don't understand these things so it could have been you computer literate types being funny?

Well, at least the forum servers survived ;) Not much of an attack I guess.

Wow. Does the sign up process not involve some kind of captcha test? It's been a while.

It does. But they're actually using real people to register accounts. The IP addresses are all from Russia, Ukraine and Belize. I'm half considering bocking those country ip addresses since as we are a localised website this shouldn't impact any of our reals users. Seems a bit drastic though.

Not drastic at all.

Ban the Ruskies!

there's scorch though, he's from Ukraine.
I'm sure he'd be a bit miffed.

YES the day has finally come! Can we kick a few other herberts that slipped through the net off, too?

Poll?

1. Multi Grooves

The test site looks shite....

I'm going to block:
Belize
Kazakstan
Russian Federation
Ukraine

If scorch is blocked and contacts anyone... get him to visit www.whatismyip.com and have that emailed to me, I will exclude his ISP from the block.

you (or someone) should PM Scorch at least VB - his only contact with most people on here is through the forum - which if he can't get to anymore..

Will do... I'll email him now.

Cheers

His last IP was a USA one ;)

Emailed and PM'd... the block is now in place.

IP addresses for country blocks are being supplied by: http://www.countryipblocks.net/

And anyone interested in my block script, I've attached the Varnish VCL ACL.

Now I really fancy one of those .ru suffixes.

More anti-spam than racist.

It's these last few days... every minute on average another spam attack occurs, every 10 to 15 minutes another spammer registers. It's incredible.

I'll probably unblock the countries in time, but to stem the current attack I can't see what else to do.

Something on pm in a min about spam levels have dropped recently!?! Maybe this is part of a coordinated backlash, or maybe it is only in referencing to email spam.

I'm seeing 2 types of spam:
1) Fake profiles being registered by real people in the countries mentioned above.
2) Those profiles being user by botnets to try and post spam on the site.

The profiles were just about under control manually, but the botnet attacks were evolving. They hadn't figured out the nursery fully, and we are using Akismet too... but most were trying to start new threads which obviously was failing.

I've never seen such a high level of spam, but this is targeted at a website and not email stuff.

scorch is taken care of, his ISP has been unblocked.

This country block thing appears to be working... sure it's only 30 minutes, but alerts about the bot net, and spam registrations have all ceased.

Here's hoping it does actually work and this isn't just some strange silence.

wow, that test LFGSS site is like a petri dish for the internet

now that this forum is a target for masses of spambots, does that mean we've arrived on the internet?

It means the bubble is about to burst...

//Showing threads 1 to 25 of 6723//

Some threads on the first page a have 3+ pages of posts as well..

How long has that one been going VB?

I feel safe and warm and protected, Well Done VB!

LFGSS: It's all about the ride

after dipping into the general pool i feel a bit stained.

Oh, since just before the Bike Show... so, September?

so over 1,000 new threads per month just from spammers?

some pretty good avatar action going on there though.

yeah, it's like they expect you to look at the avatar and think "a computer can't have done this, it must be a genuine post" then read through 50 lines of random words.

I"m wrong, blocking countries hasn't worked.

They're now using proxies in Belarus, Luxeumbourg and Denmark, and I'm pretty certain if I blocked those that they would switch to proxies in the USA.

So country banning helped, but hasn't solved it.

I have discovered from several admin forums that this is a very large problem that only appeared in the last 48/72 hours. So it's nice to know it's not just us. They've also shared that there are some solutions that are working better than others, and one of them is a system that spots spammers across multiple sites during registration and blocks registration if identified.

Basically it's a system in which all forum admins bang their heads together to try and stop the spammers and it apparently works pretty well.

So... as of tomorrow morning I'm going to try adding code to do that. It will be a change in the T&C's of the site, in that during registration *ONLY* your IP address and some other metadata about you will be looked up in a database held elsewhere to determine whether you are on a spam blacklist. After registration, this never happens, so it's a one-off thing for new members that we check whether they look like an obvious spammer.

For kicks I'll install this on the test forum too to see just how effective it is.

to go to such lengths to do it, spamming must be an enormously profitable endeavour.

They're free to implement (well, VB's time). They can be got around but it should slow them down a bit. Like bike locks..

spammers just employ people to sit there doing captchas, not that they are useless but as Hippy says easy to get round with cheap / slave labour.

Velocio what extra feature do you have on this site to the test site such that the test site is receiving more spam? Do you have a function turned off on the B.B forum or is it an extra bolt on you have on the main forum?

Just stop letting people register, delete anyone with a user id above 1000. Make the whole thing private. Job done.

+1