Go Back   Christian Guitar Forum > CGR Stuff > Site Issues & Questions
Register FAQ Members List Calendar Arcade Mark Forums Read

Reply
LinkBack Thread Tools Display Modes
Unread 08-01-2017, 03:12 AM   #1
and you were wondering??
Administrator
 
Uptown Thrunk's Avatar
 

Joined: Aug 2004
Location: In the bedrock of Being.
Posts: 14,779
paid
Exclamation IT and Computer people, Help?

Ok, this is concerning spam, but I wanted it to get max attention, so I've started a new thread. I'd love to hear what people with knowledge about this sort of stuff think. I'm thinking of, primarily, Ben or Dwight, though I know there are others who may have some thoughts and ideas about this.


I went to go delete some spam that popped up in someone's journal. I noticed that the spammer had been a member since 2015! What the heck?

I looked on their user profile and saw that they are regularly, every few days, posting in their visitor messages some code, stuff that I am thinking must be a cue for other spammers.

I think this because you can see on someone's user profile thing who else has looked at their user profile. Y'all following me?

Well, they had quite a few visitors who had been looking at their profile. And, all of these users are spammers who have code stuff in their visitor messages section.

So, it is like we have this big string of spammers, people who are 'members' and have been for years, and who are putting, intermittently, messages in their visitor messages section.

Here is a link that shows what I am talking about: Christian Guitar Forum - View Profile: amenzacase

Amenzacase has been a member since March 2015. Over two years! S/he has had 575 visits to her profile. All of the visitors that it shows (except me, or you if you visit) are spammers whose user profile looks the same. S/he has 125 visitor messages, all he/rself with the same sort of spammy messages.


So, what is going on here?

Is this opening us up to be spammed? Does this, like, signal other bots to come here and drop their shite around? A few years ago people talked about taking away the visitor messages section. Should we disable this? Or somehow make it harder to post visitor messages?

__________________
Hello! Come visit my blog! http://taylormweaver.wordpress.com/

Yes... I am the official "Knight Who Will Write Something On Derrida".
Bask in the wonderful glory.

"outside of a dog a book is a man's best friend... inside a dog it is too dark to read."
-groucho marx

Quote:
Originally Posted by Demon_Hunter View Post
Taylor, you just got drive-by theologied.
Uptown Thrunk is offline   Reply With Quote
Sponsored Links
Unread 08-01-2017, 04:48 AM   #2
Deets Go Here
 
bravesfan007's Avatar
 

Joined: Jul 2002
Location: Right Behind You
Posts: 14,163
We have a mole.
__________________
If you are offended by most posts, please do not feel alone. I am an equal opportunity offender. I will offend everyone.

Follow my ramblings.

Quote:
Originally Posted by Rainer.
Your mother appears to have been infected by Kentl.
bravesfan007 is offline   Reply With Quote
Unread 08-01-2017, 06:42 AM   #3
1v1 irl
 
Shift II's Avatar
 

Joined: Dec 2014
Location: In ur heart
Posts: 417
One word: capcha
Shift II is offline   Reply With Quote
Unread 08-01-2017, 07:04 AM   #4
and you were wondering??
Administrator
 
Uptown Thrunk's Avatar
 

Joined: Aug 2004
Location: In the bedrock of Being.
Posts: 14,779
paid
Actually, those are currently used

I know there are different types. Maybe we need a new type?
__________________
Hello! Come visit my blog! http://taylormweaver.wordpress.com/

Yes... I am the official "Knight Who Will Write Something On Derrida".
Bask in the wonderful glory.

"outside of a dog a book is a man's best friend... inside a dog it is too dark to read."
-groucho marx

Quote:
Originally Posted by Demon_Hunter View Post
Taylor, you just got drive-by theologied.
Uptown Thrunk is offline   Reply With Quote
Unread 08-01-2017, 07:50 AM   #5
assistant regional mgr.
 
Dwight Schrute's Avatar
 

Joined: Apr 2003
Location: Scranton, PA
Posts: 5,536
those appear to be url's back to their spam sites. I'm guessing they have a script on their end that injects that code periodically to VBulletin sites, and reports back that the site is still live, and still allows posting. kind of like a heartbeat. they send out a big script, then groom their logs to see what sites are still vulnerable and allowing their spam.

perhaps upgrading the vbulletin code to a newer rev might help, I don't know what version this site is on now. and there are always new mods and capcha plugins that can help keep ahead of some of the spam. that said, implementing new forms of capcha might prevent NEW users / spammers from joining, but won't necessarily help get rid of old spammers from 2015.

time to weed the garden, mates. I'd recommend starting with nuking users in the database that have zero (0) posts. then perhaps moving on to users with less than 5 posts, after reviewing their actual posts and verifying they are spam. follow that up with "hug an admin" and "hug a super mod" events, and call it a day.
__________________


Awesome Blog
Dwight Schrute is offline   Reply With Quote
Unread 08-01-2017, 07:57 AM   #6
and you were wondering??
Administrator
 
Uptown Thrunk's Avatar
 

Joined: Aug 2004
Location: In the bedrock of Being.
Posts: 14,779
paid
Quote:
Originally Posted by Dwight Schrute View Post
those appear to be url's back to their spam sites. I'm guessing they have a script on their end that injects that code periodically to VBulletin sites, and reports back that the site is still live, and still allows posting. kind of like a heartbeat. they send out a big script, then groom their logs to see what sites are still vulnerable and allowing their spam.

perhaps upgrading the vbulletin code to a newer rev might help, I don't know what version this site is on now. and there are always new mods and capcha plugins that can help keep ahead of some of the spam. that said, implementing new forms of capcha might prevent NEW users / spammers from joining, but won't necessarily help get rid of old spammers from 2015.

time to weed the garden, mates. I'd recommend starting with nuking users in the database that have zero (0) posts. then perhaps moving on to users with less than 5 posts, after reviewing their actual posts and verifying they are spam. follow that up with "hug an admin" and "hug a super mod" events, and call it a day.
Thanks for the informative post!

Really helpful.

Today, because I had time, I went started looking up spam users with the same IP address and banning all that had the same.

I think everyday I am going to look at the 'active user' list that you can see on the bottom of the page on the 'christian guitar forum' portion and use that as a sort of guide for banning. That is where I was finding all of those ones from 2015 and whatnot.

Hopefully there will be some changes soon and things can be upgraded
__________________
Hello! Come visit my blog! http://taylormweaver.wordpress.com/

Yes... I am the official "Knight Who Will Write Something On Derrida".
Bask in the wonderful glory.

"outside of a dog a book is a man's best friend... inside a dog it is too dark to read."
-groucho marx

Quote:
Originally Posted by Demon_Hunter View Post
Taylor, you just got drive-by theologied.
Uptown Thrunk is offline   Reply With Quote
Unread 08-01-2017, 08:06 AM   #7
assistant regional mgr.
 
Dwight Schrute's Avatar
 

Joined: Apr 2003
Location: Scranton, PA
Posts: 5,536
Thrunk is the spam police!
Attached Thumbnails
8ga30.jpg  
__________________


Awesome Blog
Dwight Schrute is offline   Reply With Quote
Unread 08-01-2017, 08:29 AM   #8
and you were wondering??
Administrator
 
Uptown Thrunk's Avatar
 

Joined: Aug 2004
Location: In the bedrock of Being.
Posts: 14,779
paid
That's how it feels! At around 9am my time I start to get waves of spam. Sometimes 80 at a time. Sometimes just like 20-40.

It does make me feel productive, though!
__________________
Hello! Come visit my blog! http://taylormweaver.wordpress.com/

Yes... I am the official "Knight Who Will Write Something On Derrida".
Bask in the wonderful glory.

"outside of a dog a book is a man's best friend... inside a dog it is too dark to read."
-groucho marx

Quote:
Originally Posted by Demon_Hunter View Post
Taylor, you just got drive-by theologied.
Uptown Thrunk is offline   Reply With Quote
Unread 08-01-2017, 10:41 AM   #9
now a spiced muffin.
Administrator
 
beanbag's Avatar
 

Joined: Sep 2003
Location: the wood between the worlds
Posts: 10,794
paid
whatcha gonna do, whatcha gonna do when thrunk comes for you? (spam bots spam bots!)

i mean...sounds like a good plan taylor. =E

i still can't IP ban or i would pitch in. let me know if you want me to hold off on banning individual users for spam so that you can see if they're linked.
__________________
SAR: Girls are quick to think that they're the ugliest of God's creations, but without makeup--we know we are.

dumb statement du jour: a stadium's like a big building, right?

let me entertain you!
beanbag is offline   Reply With Quote
Unread 08-30-2017, 05:02 AM   #10
and you were wondering??
Administrator
 
Uptown Thrunk's Avatar
 

Joined: Aug 2004
Location: In the bedrock of Being.
Posts: 14,779
paid
Nearly a month ago I started this thread mentioning use 'amenzacase'

I banned that person.

They are *still* browsing the site, logged in.

So, what exactly does banning do? The person is still able to operate the account? Just cannot post?
__________________
Hello! Come visit my blog! http://taylormweaver.wordpress.com/

Yes... I am the official "Knight Who Will Write Something On Derrida".
Bask in the wonderful glory.

"outside of a dog a book is a man's best friend... inside a dog it is too dark to read."
-groucho marx

Quote:
Originally Posted by Demon_Hunter View Post
Taylor, you just got drive-by theologied.
Uptown Thrunk is offline   Reply With Quote
Unread 08-30-2017, 08:42 AM   #11
Hipper Than Thou
Administrator
 
Leboman's Avatar
 

Joined: Aug 2003
Location: Geezerville
Posts: 56,184
Quote:
Originally Posted by Uptown Thrunk View Post
Nearly a month ago I started this thread mentioning use 'amenzacase'

I banned that person.

They are *still* browsing the site, logged in.

So, what exactly does banning do? The person is still able to operate the account? Just cannot post?
They shouldn't be able to log in. I honestly don't know.
__________________
Nothing (Without You)
Nothing (Without You) on YouTube
Granville Center Church of Christ Sermons
My German is pre-industrial and mostly religious.
Leboman is offline   Reply With Quote
Unread 08-30-2017, 09:32 AM   #12
\_(ツ)_/
 
Giuseppe's Avatar
 

Joined: Oct 2011
Location: Now look at this net!
Posts: 1,648
Delete all members with no posts. That would do it.

Maybe all that registered earlier than the last month.
__________________
Giuseppe is offline   Reply With Quote
Unread 08-30-2017, 10:13 PM   #13
Basically... run.
 
Giga Hertz's Avatar
 

Joined: Oct 2007
Location: 127.0.0.1
Posts: 4,816
paid
Has any admin actually poked around the console to see about banning zero post users?
__________________
~ Josh

Bass - Yamaha TRBX 505, Yamaha RBX 375
Acoustic Guitars - Ovation Celebrity Deluxe CC48, J. Watson & Co. WD150TB, J&D Luthier
Electric Guitars - Fender Classic '72 Telecaster Thinline (2007), Maton Mastersound, Epiphone Les Paul Studio Chameleon, SX VTG Series Tele copy, Ibanez SA
Guitar Amp - Fender Mustang IV V2
Bass Amp - Behringer Ultrabass BXL1800A
Gear - POD HD500X, Zoom G9.2tt, Zoom B9.1ut, Boss DD-20

Warning: This journal may contain diary

But He was pierced for our transgressions
He was crushed for our iniquities;
The punishment that brought us peace was upon Him,
And by His wounds we are healed.
Giga Hertz is offline   Reply With Quote
Unread 08-30-2017, 10:54 PM   #14
OG Spinning Chinchilla
Administrator
 
Mara's Avatar
 

Joined: Sep 2003
Location: Corn
Posts: 9,503
We are currently looking into a mass purge of older accounts without any posts.
Mara is offline   Reply With Quote
Unread 09-03-2017, 08:56 AM   #15
\_(ツ)_/
 
Giuseppe's Avatar
 

Joined: Oct 2011
Location: Now look at this net!
Posts: 1,648
Maybe also so new members need to get their first post approved. So they can't spam posts until an admin has approved that the first post is legit.
__________________
Giuseppe is offline   Reply With Quote
Reply

Tags
None

Thread Tools
Display Modes

Posting Rules
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -6. The time now is 03:37 AM.


Search Engine Friendly URLs by vBSEO 3.6.0 PL2