Personal Messages with SPAM

[Peter van Es]

Dear all,

Some of you will have received personal messages (from RazzorrMan (today's message, below), XanderrMann (yesterday) and ManninBlackk (on Jan 28)) with the following content:

Date: 2010/2/7
Subject: New Personal Message: Please, take into account..
To: <name deleted>


You have just been sent a personal message by RazzorrMan on Pagoda SL Group.

IMPORTANT: Remember, this is just a notification. Please do not reply to this email.

The message they sent you was:

Hello, friend. There are viruses' activities from your computer in last few days. Strongly recommend you to check your computer. You can find a report about your computer's security and solve every problem with it here: <<link deleted>>
Thank you. Forum member.

Reply to this Personal Message here: <<link deleted>>

If you receive such a message, do not click on the link. Report it to me (so that I can ban the user) and just delete it.

Only about 10 people will receive such PM's as the system limits the number of PM's anyone can send to 10 per hour. However, it's typically the same people that will receive these messages (I've never received any).

The messages are typically not entered by human beings, but by programs written to exploit the forum software. Because our registration procedure is non-standard, I had hoped that we would avoid such spammers. I've changed our procedure again, so that hopefully spammers will need to take an extra step to join.

I could add a visual verification step before posting a PM or indeed a message, but that would inconvenience all of us all the time. So please bear with us, and just ignore such spam messages, and report them to me.

Peter

[Peter van Es]

Dear all,

I told you that I'd modified some software on our system? I built a honey-trap... some code that normal users will never see, but which catches out programs trying to register on our board. I noticed that spammers had found a way to get round the Captcha (the visual verification system), probably by getting humans to handle these, and were actually setting up e-mail addresses to be able to log in afterwards,

However, I did notice that these programs worked by skipping one tiny step that normal users go through. And that's where I built my honeytrap. I now detect if someone registering has gone through that step, and if not, I just deny their registration. And I log these in the forum error log. That's now been operational for a couple of days. The number of registrations per day over these days has halved...

The number of honey-trapped registrations (which were on the increase over the last period) in the last 24 hours was 60! These came from a small, but again increasing number of IP addresses (meaning that the bot-network, the network of PC's used to perform these attacks, is increasing).

For your information, once people have spammed the forum, I place their username, e-mail address and IP address on a ban list. Then I delete their account, all their posts and all their messages. We still have an increasing number of attempts per day attempting to send spam PM's, but they are now stopped at the gate.

The net result: I hope there will be less spam now. But do use the Report to Moderator function if you receive spam.

Peter

[Bernd]

Peter,

I just want to let you know all your efforts to maintain this website are greatly appreciated. I can only imagine how much work it is to get all this working properly. Thanks for all your hard work!
Most of us who just browse and enjoy all the site have to offer surely have no idea of the PITA effect of trying to keep this up and still enjoy it.
Bernd

[Peter van Es]

Thanks Bernd!

Peter