|
ForumsSega Master System / Mark III / Game GearSG-1000 / SC-3000 / SF-7000 / OMV |
Home - Forums - Games - Scans - Maps - Cheats - Credits Music - Videos - Development - Hacks - Translations - Homebrew |
Author | Message |
---|---|
|
I got this PM supposedly from forum admin...is this genuine or is this a virus/spam false PM?
Posted: Wed Apr 07, 2010 10:32 am
|
I got this PM supposedly from forum admin...is this genuine or is this a virus/spam false PM?
From: MichaelaBanks To: sploit Posted: Wed Apr 07, 2010 9:02 am Subject: Take measures immediately!!! Quote message Dear, sploit! Spam sending from your computer was detected. We highly recommend you to check your computer and perform online virus check at our site immediately: http://anti-malware.webcindario.com/online-scanner/ If you do not pass this test we will have to delete your account and forward a complaint to your ISP with attached log file (your IP address, etc.). ---------------------------------------------------- Forum Administration www.smspower.org |
|
|
Posted: Wed Apr 07, 2010 11:41 am |
It's fake. We would never send such notifications.
Notice that this is an email notification of a private message that has been deleted (because we delete these messages when they are reported). The user does not exist and is not one of the administrators. |
|
|
Posted: Wed Apr 07, 2010 12:44 pm |
This is getting quite annoying. We should look for a MOD that disable PM for new users (under what criteria? i often create forums account just to PM a guy) or make them moderated. | |
|
Posted: Wed Apr 07, 2010 12:57 pm |
There are many PMs happening on this forum involving users who have never posted (8 in the last month). These are all abusing human signups (since they are protected by CAPTCHA). I can't think of a good heuristic to use - number of PMs per user per hour, perhaps? Or requiring a CAPTCHA for PMs from users with no posts?
Spam words seem the best way so long as we can build them up. We are blocking spam PMs all the time with the spam words mod. |
|
|
Posted: Wed Apr 07, 2010 2:00 pm |
I don't think that adding an additional CAPTCHA would solve anything, because those spammers are already able to get through the first one when they register their accounts, so I doubt they're completely bots, they're probably human-driven at least to some extent. Unfortunately it's not possible to deal with human spammers, as they can use proxies to dodge bans, and there are many tricks to let forbidden words to slip into posts such as using useless bbcode between letters, html entities, and many others.
One possible solution would be to require admin approval for all the new accounts, given that they enter obviously stupid information in their profiles (e.g. young sexy russians @ whatever . ru), or just set a rule which prevents new users from sending PMs for 24 (or more) hours after they registered. |
|
|
Posted: Wed Apr 07, 2010 2:45 pm |
Yes i had one of these too - pain in the ass spammers :-/ | |
|
Posted: Wed Apr 07, 2010 4:37 pm |
Their profiles are generally not obviously fake, many use a dictionary of interests, etc. They're not spamming immediately after creating the profiles. They're not even spamming every user - if anything, they're targeting users with low post counts.
Maybe I'll add something to the PM notification template to make it clear that it's not an official email. |
|
|
Posted: Wed Apr 07, 2010 8:17 pm |
Thanks guys for helping clear that up :) | |
|
Posted: Sat Apr 10, 2010 1:41 am |
Maybe limit the PMs sent per day, and raise the limit as the user makes more forum posts? (becomes "more human" :)
I kinda like the idea of a CAPTCHA for the first "n" PMs. Even if the spammer is employing people to break it, it is just that much more work for them to do. So possibly still a deterrent? |
|
|
Posted: Sat Apr 10, 2010 7:47 am |
Now Charles's idea is great. Limit accounts to (postcount+1) Private Messages per day (so people with 0 posts would be able to send at least one PM), and have an additional CAPTCHA for each PM until your postcount is 5 or something...
Private Messages sent to the admins shoudln't be limited, though, so if a real human with 0 posts sends one PM and wonders why he can't send more, he'd be able to contact an admin to ask why. |
|
|
Posted: Sun Apr 11, 2010 8:59 am |
It's not unusual for people to join to PM someone (e.g. someone who's posted about selling some games) and to have a bit of back-and-forth in one day. Perhaps better would be to limit the number of people you can PM to some small number, but it's a fairly major change to the forums to handle that (would at least need another DB lookup to count PMs).
Here's another, simpler idea: no URLs allowed in PMs if your (public) post count is less than 2. Spam's not much use without URLs... |
|
|
Posted: Sun Apr 11, 2010 11:24 am |
Well, worse case it shouldn't be so deal breaker having to wait 24 hours (if people havent exchanged mail addresses already). |
|
|
Posted: Fri Apr 23, 2010 7:15 am |
I've implemented a restriction on posting URLs for users without any forum posts. Hopefully that will put a stop to this kind of spam. | |