| Pages:
1
2
3 |
Polverone
Now celebrating 21 years of madness
Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline
Mood: Waiting for spring
|
|
abuse of member registration
In the last few days usernames dominguez69, asercca, and xamarton1 have been registered. None of the three usernames has been used to post any
comments. All have porn sites for their homepages; two of the three also have postmaster@NAME_OF_PORNSITE.tv e-mail addresses.
When I search Google for the usernames dominguez69 and xamarton1, I find a bunch of user registrations under those names on other XMB message boards.
It looks like someone is using a script to automate fake member registrations on XMB messageboards to promote their porn sites. Goodbye, all three
users. I couldn't find evidence of asercca being an automatically created account, but the timing is suspicious.
If I've deleted anyone's account in error, please register again and this time don't use a porn site for your home page. Madscientist,
Vulture, I'd appreciate it if you'd also look at new member registrations and delete ones that seem to fit this pattern.
EDIT: Oh, one more casualty: yatamous18, who fit the profile perfectly except he had an online gambling site instead of a porn site.
[Edited on 11-22-2003 by Polverone]
|
|
|
BromicAcid
International Hazard
Posts: 3227
Registered: 13-7-2003
Location: Wisconsin
Member Is Offline
Mood: Rock n' Roll
|
|
1freesex joined today, their personal website opens up with three or so pop ups and a "YOU WON!" message and is basically a porno site. You
can guess that the name made me suspicious.
|
|
|
vulture
Forum Gatekeeper
Posts: 3330
Registered: 25-5-2002
Location: France
Member Is Offline
Mood: No Mood
|
|
Taken care of.
Thanks for the warning.
One shouldn't accept or resort to the mutilation of science to appease the mentally impaired.
|
|
|
Quantum
Hazard to Others
Posts: 300
Registered: 2-12-2003
Location: Nowhereville
Member Is Offline
Mood: Interested
|
|
I guess they are trying to increase hits from google by having lots of places where the email addresses are. Can you make a robots.txt file that
prevents google from spidering the place where names are shown so it will make this useless? Or will that create other problems?
What if, what is isn\'t true?
|
|
|
Polverone
Now celebrating 21 years of madness
Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline
Mood: Waiting for spring
|
|
I could make a robots.txt, but that doesn't prevent automated account signups. The person running the script won't know that sciencemadness
is useless and therefore ignore it. We get few enough of these that deleting them manually isn't a problem so far.
PGP Key and corresponding e-mail address
|
|
|
ziqquratu
Hazard to Others
Posts: 385
Registered: 15-11-2002
Member Is Offline
Mood: No Mood
|
|
I dont know much about it, but can't you do what so many places do these days and have a little picture with a code you have to type in when you
sign up, which prevents automated sign-ups (because the automated script can't read the code)?
Or is this too tricky to be worth the effort?
|
|
|
IgnorantlyIntelligent
Moderately Insane
Posts: 280
Registered: 16-10-2003
Member Is Offline
Mood: Unhuman
|
|
LOL porn advertisments here too? Oh Mankind, shame on you!
Isn't the greed of people amazing? Porn has singel handedly ruined AIM, emails, and now is encroching on forums. I feel another complaint about
the stupidity of man thread coming on....
\"People fear from ignorance what they do not have the intelligence to understand\"
\"Religion is the sigh of the oppressed creature, the heart of a heartless world, just as it is the spirit of a spiritless situation.\"
\"A fool would rather not question, a soldier is taught not to question, a slave dares not question.\"
\"To fight for nothing is to love nothing, to die for something is to have lived for something.\"
|
|
|
axehandle
Free Radical
Posts: 1065
Registered: 30-12-2003
Location: Sweden
Member Is Offline
Mood: horny
|
|
What you feel is a reaction to the allowed stupidity of men coming at you.
My PGP key, Fingerprint 5D96 E09E 365D 1867 2DF5 C2FE 4269 9C19 E079 CD35
\"Verbing nouns weirds the language!\"
|
|
|
Blind Angel
National Hazard
Posts: 845
Registered: 24-11-2002
Location: Québec
Member Is Offline
Mood: Meh!
|
|
I think einstein said something like that:
"There are two things that are infinite, universe and stupidity. I just don't have proof about the universe"
/}/_//|//) /-\\/|//¬/=/_
My PGP Key Fingerprint: D4EA A609 55E4 7ADD 8529 359D D6E2 33F6 4C76 78ED |
|
|
axehandle
Free Radical
Posts: 1065
Registered: 30-12-2003
Location: Sweden
Member Is Offline
Mood: horny
|
|
Aaaah, it was Einstein. I thought it was me 
My PGP key, Fingerprint 5D96 E09E 365D 1867 2DF5 C2FE 4269 9C19 E079 CD35
\"Verbing nouns weirds the language!\"
|
|
|
BromicAcid
International Hazard
Posts: 3227
Registered: 13-7-2003
Location: Wisconsin
Member Is Offline
Mood: Rock n' Roll
|
|
New member today
0 Manga X
Links to a German hentai anime porn site. The profile looked messed up on my computer so maybe someone already took down the member?
|
|
|
The_Davster
A pnictogen
Posts: 2861
Registered: 18-11-2003
Member Is Offline
Mood: .
|
|
New member amatlu lists his homepage in his profile as a porn site.
|
|
|
BromicAcid
International Hazard
Posts: 3227
Registered: 13-7-2003
Location: Wisconsin
Member Is Offline
Mood: Rock n' Roll
|
|
Lately there has been a large flux of members using porno sites in their profiles. I was U2U'ing the moderators to tell them but it looks like
they have been keeping a more vigiant outlook lately as they get deleted before most people see them. I've seen about 8 different members
register in the last weeks using porno sites as their hompage URL. Possibly it could be set up that URL's have to be approved ?
|
|
|
Polverone
Now celebrating 21 years of madness
Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline
Mood: Waiting for spring
|
|
8 members in the last few weeks?
Don't I wish! I have been deleting more than 5 a day for the last few days. I wish I knew of a trustworthy, PHP-savvy member that I could task
with making minor improvements to the board code (like setting up a bot-defeating registration page). Any volunteers? I would need you to modify/test
a copy of XMB on your own server, then I would look over your changes, try it out, and update sciencemadness if/when your changes look good.
PGP Key and corresponding e-mail address
|
|
|
axehandle
Free Radical
Posts: 1065
Registered: 30-12-2003
Location: Sweden
Member Is Offline
Mood: horny
|
|
Pity I'm Perl-but-not-php-savvy!
Otherwise I'd been glad to help.
My PGP key, Fingerprint 5D96 E09E 365D 1867 2DF5 C2FE 4269 9C19 E079 CD35
\"Verbing nouns weirds the language!\"
|
|
|
Blind Angel
National Hazard
Posts: 845
Registered: 24-11-2002
Location: Québec
Member Is Offline
Mood: Meh!
|
|
Make a list of the most used word then make a if statement or add something like this
Still looking for something else
[Edited on 11-5-2004 by Blind Angel]
/}/_//|//) /-\\/|//¬/=/_
My PGP Key Fingerprint: D4EA A609 55E4 7ADD 8529 359D D6E2 33F6 4C76 78ED |
|
|
Polverone
Now celebrating 21 years of madness
Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline
Mood: Waiting for spring
|
|
"Wife" is a common component of the pornspam user names. Other than that the names seem pretty random. That XMB hack wouldn't help
because the bot just registers; it never tries to log in and post.
PGP Key and corresponding e-mail address
|
|
|
Blind Angel
National Hazard
Posts: 845
Registered: 24-11-2002
Location: Québec
Member Is Offline
Mood: Meh!
|
|
i'm still looking for one of those hack where you need to fill in a random number for registring. Or maybe you could just change one of the field
name used, like change "login" to "log-in" or something like that, they put all the data in the adresse after the ? (like
/member.php?action=reg&login=xxx&password=zzzz....) so i you change the name of one of the essential field and the forum return an error you
wont get any fake registration since it's mostly automatic bot which do that.
[Edited on 11-5-2004 by Blind Angel]
/}/_//|//) /-\\/|//¬/=/_
My PGP Key Fingerprint: D4EA A609 55E4 7ADD 8529 359D D6E2 33F6 4C76 78ED |
|
|
Organikum
resurrected
Posts: 2329
Registered: 12-10-2002
Location: Europe
Member Is Offline
Mood: busy and in love
|
|
Change the settings in a way that the "www" is not shown on every post, same for E-Mail and perhaps also the instant messenger.
Then block the members profile pages unaccessible for robots.
This should solve the problem as not every registered pornpage-user automatically generates hits at Google. Also automated mail collectors have it not
so easy anymore. (I really dont need a bigger penis by now...)
Somebody interested to contact a member may go to the profile, on the board U2U suffices. (+ messenger maybe) Who wants his homepage visible may
integrate it into his signature.
No information for the users is lost, a jump to the profile is the minimum I expect from somebody who wants to contact me by mail. (+ a certificate of
mental health which suffices my definition of the matter)
Blind Angels suggestions are wellthought although as it is probably a robot made for generating searchengine/Google hits by abuse of XMB boards.
Changing some small parameters should fool the robot.
|
|
|
Polverone
Now celebrating 21 years of madness
Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline
Mood: Waiting for spring
|
|
I have considered doing exactly what Blind Angel suggests, just changing a few variable names on the registration page. Then I have to make sure that
doesn't interfere with the rest of the board; who knows what dependencies that page might have? That is one reason it would be nice to delegate
the task to someone who really knows PHP. Perhaps I must take it on myself, though.
I don't think setting a robots directive will help. Spammer address-harvesters can just ignore the robots directive. I could keep the members
page hidden from Google, and that would ensure that it doesn't boost someone's porn or gambling or cigarette site, but the bots
wouldn't know that and would still flood the members page with crap.
PGP Key and corresponding e-mail address
|
|
|
axehandle
Free Radical
Posts: 1065
Registered: 30-12-2003
Location: Sweden
Member Is Offline
Mood: horny
|
|
One old trick
is to replace the email addresses, the "Login" text etcetera with auto-generated JPEGs or GIFs et al of the text. There are several open
source tools that do just that.
I think most spambots lack image-to-text capabilities...
[Edited on 2004-5-11 by axehandle]
My PGP key, Fingerprint 5D96 E09E 365D 1867 2DF5 C2FE 4269 9C19 E079 CD35
\"Verbing nouns weirds the language!\"
|
|
|
Polverone
Now celebrating 21 years of madness
Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline
Mood: Waiting for spring
|
|
sure
But who's going to integrate it with the existing board software? I'm not. A good administrator is motivated to efficiency by laziness.
I'm not yet good/lazy enough to think it's worth investing hours in modifying/testing the board code to defeat spambots or signup-bots.
I tried editing the signup thing this morning, but apparently the XMB templates file also needs to be edited and then somehow re-loaded (editing it in
place didn't work).
PGP Key and corresponding e-mail address
|
|
|
Organikum
resurrected
Posts: 2329
Registered: 12-10-2002
Location: Europe
Member Is Offline
Mood: busy and in love
|
|
Blind Angel of course
He is obviously jeavily interested in the boards software, bugs, flaws and glitches that I can think of nobiody better for the job.
|
|
|
axehandle
Free Radical
Posts: 1065
Registered: 30-12-2003
Location: Sweden
Member Is Offline
Mood: horny
|
|
Don't look at me, I'm not very keen on modifying a non-open source product.... ok ok ok, I admit it, I'm just too lazy to do it 
My PGP key, Fingerprint 5D96 E09E 365D 1867 2DF5 C2FE 4269 9C19 E079 CD35
\"Verbing nouns weirds the language!\"
|
|
|
Polverone
Now celebrating 21 years of madness
Posts: 3186
Registered: 19-5-2002
Location: The Sunny Pacific Northwest
Member Is Offline
Mood: Waiting for spring
|
|
I will be online only a little bit for a few days. Madscientist, please take a look at the members list and clean out the spambot accounts if you have
time (Vulture, can you do this or do your powers not permit user deletion?)
PGP Key and corresponding e-mail address
|
|
|
| Pages:
1
2
3 |
![[*]](images/xpblue/default_icon.gif){kind=icon}
