Mobile app version of vmapp.org
Login or Join
Tiffany637

: Chinese bots in my forum I have a small community forum that doesn't really get posts or any real traffic. The only thing that happens on the regular is bots with Chinese IPs signing up gibberish

@Tiffany637

Posted in: #Captcha #Forum #Hacking #Phpbb #Spam

I have a small community forum that doesn't really get posts or any real traffic. The only thing that happens on the regular is bots with Chinese IPs signing up gibberish usernames. Most bots don't make it past the captcha but some do. I try to stay on top of this by banning IPs and ranges of IPs but it doesn't really seem to help.

The bots never post anything so what are they doing? Should I be worried? Should I keep banning IPs or is it futile?

10.05% popularity Vote Up Vote Down


Login to follow query

More posts by @Tiffany637

5 Comments

Sorted by latest first Latest Oldest Best

 

@Cooney921

The SMF sites I manage use both Project honeypot to prevent the bulk of nasty signups, and the ones that get past that I use a mod to to check against stopforumspam.com very few slip through, and false positives are extremely rare

10% popularity Vote Up Vote Down


 

@Hamm4606531

I would be tempted to email anyone who has signed up and not posted to ask them if they are having trouble - good customer service! - and if their email addresses bounce, or they respond with junk then delete their accounts.

I +1 mikey_w because on a reasonable size discussion forum (1,000+ posts a day) I have worked with, I do indeed find that spam bots sign up as sleepers. Sorry if that ruins the joke ;)

You don't mention what software you use, but keep an eye on how many IPs you ban, as with phpbb I have seen pages run slow because of a massive ip ban list, it gets cached in a good set up, but I have noticed requests where 90% of the build time was checking for banned ip.

I am never entirely comfortable banning by country, especially since learning as much as 40% of dodgy traffic comes from the USA (on the discussion forum I work with, YMMV)

Instead of just checking by country, check out Project Honeypot they have an api you can use to find known spammers by ip, they will return a score and often a comment like "known comment spammer" that way you can ban bad ips rather than black marking entire countries.

Project Honeypot gave birth to CloudFlare which is a CDN that sits in front of your site and provides speed and security upgrades; it is well worth a look at it or similar solutions (I don't work for CF but am a fan). Using either of these methods you can stop them even getting to your site. You don't say if you pay for data transferred but CF's bandwidth is free so it helps with that too.

10% popularity Vote Up Vote Down


 

@Moriarity557

The bots are probably harmless. But I like to think that I'm starring in a Tom Clancy novel and it's a sleeper cell waiting to unleash a tidal wave of spam that could ultimately compromise national security. So I recommend deleting them on a routine basis. ;)

When a user signs up, determine what country they're from. I find that MaxMind's GeoIP web service data is the most accurate and easiest to use - www.maxmind.com/en/web_services. for 200,000 lookups but you can get at least 1,000 lookups for free, if I recall correctly. You can install their DB locally and use it for free but the webservice is easier to manage.

If the user is from a suspicious country (China in your case; most spam on my boards comes from India) put their account into a queue that (1) requires a unique, verified email address; and (2) requires moderator approval before they can participate freely.

You can potentially insert a "challenge question" (either a one word question or a 3-4 sentence "essay") to explain why they want to join at this step and use that in the review process. It's possible to game this question and a determined spammer will figure out what to say here. Therefore, I recommend a review of their first actual contributions to the forum before green lighting the user.

When they make their first post, I think it's best to show an "Account under review. Mod must approve your first post" error message. Add the content to a moderator queue. Check the content for links. (If the content contains links and its the user's first post and they're from a spam happy country, the post is probably spam....) Regardless, if the user has never posted before and they're from a spammy country put that content into a queue that requires moderator approval before the content goes live.

This approach gives some control to the forum operator about what gets posted but it doesn't antagonize legit users.

10% popularity Vote Up Vote Down


 

@Deb1703797

I have this on some of my sites, whilst not a perfect solution I used MaxMInd GeoIP to block countires in Eastern Europe & China. This reduced the number of bad signups by over 90% for me.

GeoIPEnable On
GeoIPDBFile /path/to/GeoIP.dat

SetEnvIf GEOIP_COUNTRY_CODE CN BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE RU BlockCountry
# ... place more countries here

Deny from env=BlockCountry


Take a look at dev.maxmind.com/geoip/legacy/mod_geoip2/ if you think this solution would work for you.

10% popularity Vote Up Vote Down


 

@Correia994

My guess would be that they're crawlers which haven't received a particular order to sign up for your site, just sites in general. I can't imagine why they would sign up and then never post anything; perhaps your post button/form is oddly set up so that they can't use it? If you want to prevent them from registering (the ones which get past the captcha), you can take additional measures such as using a Javascript form or email verification as detailed in this post. In regards to your question about IP banning, it certainly can't hurt, but it might not help much either.

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme