The user "GooDFriend" sent me a spam PM, the contents as follow:
[quote]Hello friend, recommend you check your computer for viruses: http: //antivirus.effectmeds.com/JJ
Most likely a bot.
Definitely a bot.
*Terminator voice* He won't be back.
Still using his "Using Personal Messenger"
I did get 2 PM from this bot
Me too. Disposed of its PMs sent to me.
offtopic: I still get ads even as a user (is it just me, or is it already activated to all users?).
Ads, wat.
Got them aswell, auto-deleted by Common Sense v1.0
It sent me 2 PMs as well. Deleted them a few minutes ago.
Bots are getting better these days are they not? He even has an avatar.
Can you just set it up for email verification, usually stops them.
i thought email verification was already set up...
maybe im just thinking some other forum :S
Yeah, it send me 2 yesterday. Put it on my ignore list.
New spambot: luckkyman
Good thing he is already banned.
This must stop
Damn, there's another one. Looks like the bots are getting more clever and learning lessons after their failed attempts. I hope the security here is not compromised though.
yep got another one this morning!!!!
This is a virus invasion. Do not click on any link. Links and attachments should no longer be allowed on PMs. To much trojans. Be prepared for a email wave.
ARGGGG!!!! TOOO MUCH BOTS!!!!! >=O
Umm, guys, you might want to switch to an Admin account approval system because we've had major amounts of bots come up to FS and it seems to have found its way to SWR now.
Last I checked, it's always been admin approval here.
we have that and i usualy search google with the emails use it mostly filters out alot of them altho the latest ones seem to be able to bypass most spam registration sites.
This gets quite bothersome is is not? Afaik the system here to be allowed to use the forum consists of admin approval. Other sites use the eMail approval. Why not use both? It might help.
Well the forum has been operating publically for ~230 days, and there's 557 members. 557/230 is around 2.5/day which isn't that much of a hassle.
Now it took the name Pandut and is sending the same thing again.
I'd rather say Troll alarm.
- E.V.E.
Don't worry
Moderator S.W.A.T is on alert.
EMP the damn to submission :xD
That'll just make our motherboards sizzle.
Also, is it possbile to make the sender to type in a set of random letters just to send the message? Like the ones used in online shopping sites? It'll may remove those pesky messages.
A lot of good bots can bypass CAPTCHAs.
http://en.wikipedia.org/wiki/CAPTCHA#Circumvention on the Achilles' heels of CAPTCHAs
I'm sure hackers and evil programmers out there will keep on making better spambots to breach more and more secure systems, like breaking Enigma Machine codes or superpowers having an arms race. Unless this has been resolved, a large part of banned members here would be bots .
As the Hacker says in Gens, "There's always a way in..."
Yep, always. There is a Russian prog one could buy which can bypass almost any captcha code.
I remember when i had a virus. it is still floating around. it is called AVR or advanced virus remover scam. a virus that tells you that ALL windows programs are a trojan. they tell you to buy it then when you buy it, they tell you to buy the advanced version. It is from russia. Had to reformat my whole computer. PLEASE be careful.
if i was careful i wouldent have to create a new network every 1 - 6 months
Or perhaps we can use image based captcha's like the ones used by Rapidshare briefly...True its difficult to understand the picture, but if only a few users are affected daily, perhaps thats a better option
OR
A small questionnaire about SWR projects to make sure the registering person is genuinely interested about the forums.
The questionnaire is a stupid idea. What about someone who wants to join to actually find out about the mods to begin with?
Just as you would not know as much about SWR's history as I do, a new user would typically not know as much as you. The questionnaire is a flawed concept.
how about ask new users to type a special word? like "Shockwavemod", or "RussiaECA". this never changes, so if someone type other than that, it's a bot.
example question on user registration (the underscores are the text box):
A bot can just read that. If they can decode CAPTCHAs there's no doubting they can read a simple string of text.
I found this
Let's face it the bot are becoming more and more smart ... and eeeeeevil xD
BTW
I just did see we have already CAPTCHA running
You have a hidden form that ask for mail address.
The normal user will not see this but the bot will fill in (as far as i did understood).
That would be handy, maybe, but what if the bot can decode/read it?
How much security do you want? I think image-based CAPTCHA will thwart most of the bots. Those that DO get through can be disposed of easily anyway.
Sounds good, but like a text captcha, it can be decoded by bots by recognition, although it may be hard for them. Through the use of audio support to help the user read the words in the captcha (e.g. uppercase: A; lowercase d; space; uppercase F...), could it be used by bots to exploit it and use it to their advantage?
I think Wi-ta's form is the best thus far, as it completely discriminates between a bot and the user so there is practically no chance for an authentic user to be denied, even though some bots may still come through.
My question is do these bots target the SWR site deliberately or is it just a small part of a larger attack against forums using the specific forum software? If it is specific case questionnaire is not a good solution....but if it is not, then the questionnaire might be a good idea. Wi-Ta's suggestion is also good IMO.
I don't think there's anything personal against SWR - just some bastards that think they gain something by filling the internet forums with spam
Or they feel good and find it fun, like "Boom! Hahaha, you've been rickrolled, sucka'!" when they're wreaking havoc.
If possible and practical, why not use both security features?
Powered by Invision Power Board (http://www.invisionboard.com)
© Invision Power Services (http://www.invisionpower.com)