Hey everyone- I just wanted to say sorry about the recent spam bot issue. I have contacted some friends who run forums of their own about it. What is curious is that before today we have had maybe 3 or 4 bots in the year and a half we've been up. Then today it's 10 and counting. There were no upgrades that were made to the software, no filters that were changed. According to my friends - who are more knowledgeable than I about these things- it sounds like we were put on a list for bots to target. It's a little concerning, seeing as there was an event with a disgruntled previous user last night/this morning. I'm hoping it's a coincidence, that no one would stoop to that level.

Either way, we're doing what we can. I just want to thank everyone for using the Report Post button so the admins can be notified, and the post and bot disposed of. Please be patient with us as we deal with this issue. If anyone can help with this matter, email the Admins at mernetwork@gmail.com. Thank you!





http://mernetwork.com/index/image.php?u=2&type=sigpic&dateline=1310510451

Maybe setting up some sort of captcha? I really dont know much about setting it up but I know a lot of the forums I visit use them.

The captcha is up. We're using all the tools the forum software comes with. Right now they are registering faster than I can delete them. If this continues, we might have to shut down the forum (or at least the registration for new users) until we can find/install some new ways of blocking them.

I strongly suspect that there were many bots registered over time; by humans (paid en masse) in a slow trickle to be 'switched on' after an initial registration period elapses. That is the normal way to circumnavigate the captcha's. So check who registered in last 6 months and has yet to make any posts and I suspect you will find a lot of hidden ones.

Also check which IP domains the registrations are coming from. The 'bots' or humans probably are using a typical kiddie script for these things; possibly using an SQL injection tool to get direct into the database.. so unlikely to be highly advanced DoS attacks. Patience and not responding is best way. I was surprised though there is no obvious 'report post' functionality. On another forum the spambots last about 2-3 hours because everyone reports it so quickly.

Most of the bots have not posted. There have been over 60 registered JUST TODAY. I'm still clearing them out of the database. Nearly all of them are from over seas- mostly the Ukraine, Russia, Sweden, Palestine, ect. When I check IPs they are mostly from well known spam sources. I keep track of every email and IP so I can ban, and block ban if I can (obviously can't block ban ones like gmail or ymail though).

After I'm done with today's onslaught I'll go through and look for hidden ones. Thanks for the tip.

There is a report function. It's at the bottom of each post, and is a little triangle with a exclamation mark in it.

Doh. That small little diddly icon... now I see it. I knew it was there somewhere. Need to have my underwater eyes tested.
Good luck with the winter cleaning.

we might have to shut down the forum (or at least the registration for new users) until we can find/install some new ways of blocking them.

A doll forum I know does this. You can't join unless a member gives you an invitation code and you have to put in when you join. Every so often they have open registration when they open it up to every one for a few weeks I think, then close it again.

No problem RoamingMer. It's not terribly obvious so we try and point it out to people :)

I actually feel better having deleted all those bots! Cheered me up :) I guess it helped get out some aggression or something ;)

Sorry guys, it was getting absolutely ridiculous (no matter what I did) so we had to shut down registration. Hopefully we can figure something out soon and reopen it ASAP.

Wait a few days with closed registration. Hopefully it wont hurt the true wannabe's but will show whether the acts are from a robot captcha coding or human coding or SQL type injection. A few days where the robot's cant access might be enough to make it stop - or you might need the help of some Anonymous Mermaids. If any exist.

http://en.wikipedia.org/wiki/Spambot#Forum_spambots. XRumer seems to be the old favorite.
http://www.blackhatworld.com/blackhat-seo/black-hat-seo-tools/327-forum-spam-bot.html - old from 2007 but still interesting read.

And some interesting tips
http://www.frihost.com/forums/vt-61516.html

Suggestion for registration that I've used and seen on other forums:

Users can create a profile, but in order for it to be unlocked so they may post, they are sent a validation email. The validation email can also include where to post the introductions, the rules etc, and links they may want to read first ;)

I strongly suspect, especially with the timing, that there is a certain individual behind it, and really, they just need to grow up. Its beyond trying to prove a point, just plain ol harassment.

Raina I think you may have a good point there that somebody may be behing the spam bots. It's not like they can get on this site without help with all the things that are there to block them. So I think Raina you may be correct.

I thought that was already running (register and validate). Anyhow the modern spam bots use many multiple accounts which are also automatically harvested to allow the validation to work (the email contains username and validation code). Still im sure if an individual is behind this they are laughing at how their petty stupidity creates so many posts. As I learned a long time ago; ignorance can be bliss. Although to be fair I also refuse to use FB or equivalent; there can be better ways to market onself without them.

perhaps take the validation one step further in that their account only allows them to PM an admin, to say theyve read everything etc. then the admin can approve them to post? I know it sounds like extra work but it helps a lot with spam, and also make sure members have read the rules etc

On another forum I frequent, there are new member restrictions for a week. The first day you can't post at all. The second you have five posts and unlimited in private threads. Something like this could *maybe* work? I'm not sure.

I really like Rainas idea about having to validate through an admin PM. also...what about one of ghose alphanumeric passcodes at registration? Those " please type the above code in the area provided" ones , like you see

Hey guys, didn't know where else to post this but I wanted to give you a heads up. Please don't send a whole bunch of PMs with the same text and/or same links. The anti spam/security software will crack down on your account because it's a spammy behavior.

Also keep in mind if your first post as a user has a link in it it will put you on a watch list. If you post a link in your fist 5 posts it will be auto moderated and be put in a que to await approval. Also the reviews still require moderator approval, but that's part of the review system not a anti spam measure- just thought I'd mention it. I try and check the moderation ques whenever I can but if it doesn't go up right away that's why :)

Is all of this here have to do with why it says I have an unread PM in my inbox, but I do not?

It's very possible if it was from a user that triggered the anti-spam software on their PMs. I let a user that triggered it last night know of the issue, and asked them what restrictions they were experiencing from it, but they said they were having no problems. I'm not sure exactly how many of the exact same message &/or link needs to be sent in what time frame to trigger it. I'm not sure what all it does so if someone runs into issues please let me know. Just like with the auto-modding we ran into before, I can't fix it if I don't know what's going on. As far as I know all effects should be reversible if I can just find out where to look for the issue :)

Sorry again, guys. As I said before, it's not that the program has kinks, it's just overzealous with the settings it came with :P I was having so many people email me saying they couldn't register (denied and told they were spammers) for weeks before I figured out how to change those particular settings. But I'm willing to put in the work to figure it out- since the other option is to have the sever crash and forum get spammed from the bot load :P

Oh geez, I'm glad I got registered when I did! That definitely sounds like suspicious behavior; having so few bots per year and then suddenly 60+ in one day. Hopefully everything can get cleared up as soon as possible. :(