Forums

I got this PM supposedly from forum admin...is this genuine or is this a virus/spam false PM?

From: MichaelaBanks
To: sploit
Posted: Wed Apr 07, 2010 9:02 am
Subject: Take measures immediately!!! Quote message
Dear, sploit!

Spam sending from your computer was detected.
We highly recommend you to check your computer and perform online virus check at our site immediately: http://anti-malware.webcindario.com/online-scanner/
If you do not pass this test we will have to delete your account and forward a complaint to your ISP with attached log file (your IP address, etc.).

----------------------------------------------------
Forum Administration www.smspower.org

It's fake. We would never send such notifications.

Notice that this is an email notification of a private message that has been deleted (because we delete these messages when they are reported). The user does not exist and is not one of the administrators.

This is getting quite annoying. We should look for a MOD that disable PM for new users (under what criteria? i often create forums account just to PM a guy) or make them moderated.

There are many PMs happening on this forum involving users who have never posted (8 in the last month). These are all abusing human signups (since they are protected by CAPTCHA). I can't think of a good heuristic to use - number of PMs per user per hour, perhaps? Or requiring a CAPTCHA for PMs from users with no posts?

Spam words seem the best way so long as we can build them up. We are blocking spam PMs all the time with the spam words mod.

I don't think that adding an additional CAPTCHA would solve anything, because those spammers are already able to get through the first one when they register their accounts, so I doubt they're completely bots, they're probably human-driven at least to some extent. Unfortunately it's not possible to deal with human spammers, as they can use proxies to dodge bans, and there are many tricks to let forbidden words to slip into posts such as using useless bbcode between letters, html entities, and many others.
One possible solution would be to require admin approval for all the new accounts, given that they enter obviously stupid information in their profiles (e.g. young sexy russians @ whatever . ru), or just set a rule which prevents new users from sending PMs for 24 (or more) hours after they registered.

Yes i had one of these too - pain in the ass spammers :-/

Their profiles are generally not obviously fake, many use a dictionary of interests, etc. They're not spamming immediately after creating the profiles. They're not even spamming every user - if anything, they're targeting users with low post counts.

Maybe I'll add something to the PM notification template to make it clear that it's not an official email.

Thanks guys for helping clear that up :)

Maybe limit the PMs sent per day, and raise the limit as the user makes more forum posts? (becomes "more human" :)

I kinda like the idea of a CAPTCHA for the first "n" PMs. Even if the spammer is employing people to break it, it is just that much more work for them to do. So possibly still a deterrent?

Now Charles's idea is great. Limit accounts to (postcount+1) Private Messages per day (so people with 0 posts would be able to send at least one PM), and have an additional CAPTCHA for each PM until your postcount is 5 or something...

Private Messages sent to the admins shoudln't be limited, though, so if a real human with 0 posts sends one PM and wonders why he can't send more, he'd be able to contact an admin to ask why.

It's not unusual for people to join to PM someone (e.g. someone who's posted about selling some games) and to have a bit of back-and-forth in one day. Perhaps better would be to limit the number of people you can PM to some small number, but it's a fairly major change to the forums to handle that (would at least need another DB lookup to count PMs).

Here's another, simpler idea: no URLs allowed in PMs if your (public) post count is less than 2. Spam's not much use without URLs...

Maxim wrote

It's not unusual for people to join to PM someone (e.g. someone who's posted about selling some games) and to have a bit of back-and-forth in one day.

Well, worse case it shouldn't be so deal breaker having to wait 24 hours (if people havent exchanged mail addresses already).

I've implemented a restriction on posting URLs for users without any forum posts. Hopefully that will put a stop to this kind of spam.

Author	Message
sploit Joined: 29 Mar 2010 Posts: 3	I got this PM supposedly from forum admin...is this genuine or is this a virus/spam false PM? Posted: Wed Apr 07, 2010 10:32 am
sploit Joined: 29 Mar 2010 Posts: 3	I got this PM supposedly from forum admin...is this genuine or is this a virus/spam false PM? From: MichaelaBanks To: sploit Posted: Wed Apr 07, 2010 9:02 am Subject: Take measures immediately!!! Quote message Dear, sploit! Spam sending from your computer was detected. We highly recommend you to check your computer and perform online virus check at our site immediately: http://anti-malware.webcindario.com/online-scanner/ If you do not pass this test we will have to delete your account and forward a complaint to your ISP with attached log file (your IP address, etc.). ---------------------------------------------------- Forum Administration www.smspower.org

Maxim Site Admin Joined: 19 Oct 1999 Posts: 14740 Location: London	Posted: Wed Apr 07, 2010 11:41 am
	It's fake. We would never send such notifications. Notice that this is an email notification of a private message that has been deleted (because we delete these messages when they are reported). The user does not exist and is not one of the administrators.

Bock Site Admin Joined: 08 Jul 2001 Posts: 8649 Location: Paris, France	Posted: Wed Apr 07, 2010 12:44 pm
	This is getting quite annoying. We should look for a MOD that disable PM for new users (under what criteria? i often create forums account just to PM a guy) or make them moderated.

Maxim Site Admin Joined: 19 Oct 1999 Posts: 14740 Location: London	Posted: Wed Apr 07, 2010 12:57 pm
	There are many PMs happening on this forum involving users who have never posted (8 in the last month). These are all abusing human signups (since they are protected by CAPTCHA). I can't think of a good heuristic to use - number of PMs per user per hour, perhaps? Or requiring a CAPTCHA for PMs from users with no posts? Spam words seem the best way so long as we can build them up. We are blocking spam PMs all the time with the spam words mod.

Tom Joined: 16 May 2002 Posts: 1356 Location: italy	Posted: Wed Apr 07, 2010 2:00 pm
Tom Joined: 16 May 2002 Posts: 1356 Location: italy	I don't think that adding an additional CAPTCHA would solve anything, because those spammers are already able to get through the first one when they register their accounts, so I doubt they're completely bots, they're probably human-driven at least to some extent. Unfortunately it's not possible to deal with human spammers, as they can use proxies to dodge bans, and there are many tricks to let forbidden words to slip into posts such as using useless bbcode between letters, html entities, and many others. One possible solution would be to require admin approval for all the new accounts, given that they enter obviously stupid information in their profiles (e.g. young sexy russians @ whatever . ru), or just set a rule which prevents new users from sending PMs for 24 (or more) hours after they registered.

Chaos Joined: 06 Sep 2009 Posts: 10	Posted: Wed Apr 07, 2010 2:45 pm
Chaos Joined: 06 Sep 2009 Posts: 10	Yes i had one of these too - pain in the ass spammers :-/

Maxim Site Admin Joined: 19 Oct 1999 Posts: 14740 Location: London	Posted: Wed Apr 07, 2010 4:37 pm
	Their profiles are generally not obviously fake, many use a dictionary of interests, etc. They're not spamming immediately after creating the profiles. They're not even spamming every user - if anything, they're targeting users with low post counts. Maybe I'll add something to the PM notification template to make it clear that it's not an official email.

sploit Joined: 29 Mar 2010 Posts: 3	Posted: Wed Apr 07, 2010 8:17 pm
sploit Joined: 29 Mar 2010 Posts: 3	Thanks guys for helping clear that up :)

Charles MacDonald Joined: 28 Sep 1999 Posts: 1197	Posted: Sat Apr 10, 2010 1:41 am
Charles MacDonald Joined: 28 Sep 1999 Posts: 1197	Maybe limit the PMs sent per day, and raise the limit as the user makes more forum posts? (becomes "more human" :) I kinda like the idea of a CAPTCHA for the first "n" PMs. Even if the spammer is employing people to break it, it is just that much more work for them to do. So possibly still a deterrent?

Tom Joined: 16 May 2002 Posts: 1356 Location: italy	Posted: Sat Apr 10, 2010 7:47 am
Tom Joined: 16 May 2002 Posts: 1356 Location: italy	Now Charles's idea is great. Limit accounts to (postcount+1) Private Messages per day (so people with 0 posts would be able to send at least one PM), and have an additional CAPTCHA for each PM until your postcount is 5 or something... Private Messages sent to the admins shoudln't be limited, though, so if a real human with 0 posts sends one PM and wonders why he can't send more, he'd be able to contact an admin to ask why.

Maxim Site Admin Joined: 19 Oct 1999 Posts: 14740 Location: London	Posted: Sun Apr 11, 2010 8:59 am
	It's not unusual for people to join to PM someone (e.g. someone who's posted about selling some games) and to have a bit of back-and-forth in one day. Perhaps better would be to limit the number of people you can PM to some small number, but it's a fairly major change to the forums to handle that (would at least need another DB lookup to count PMs). Here's another, simpler idea: no URLs allowed in PMs if your (public) post count is less than 2. Spam's not much use without URLs...

Bock Site Admin Joined: 08 Jul 2001 Posts: 8649 Location: Paris, France	Posted: Sun Apr 11, 2010 11:24 am
	Maxim wrote It's not unusual for people to join to PM someone (e.g. someone who's posted about selling some games) and to have a bit of back-and-forth in one day. Well, worse case it shouldn't be so deal breaker having to wait 24 hours (if people havent exchanged mail addresses already).

Maxim Site Admin Joined: 19 Oct 1999 Posts: 14740 Location: London	Posted: Fri Apr 23, 2010 7:15 am
	I've implemented a restriction on posting URLs for users without any forum posts. Hopefully that will put a stop to this kind of spam.

Forums

View topic - I got this PM supposedly from forum admin...is this genuine or is this a virus/spam false PM?