mmm4444bot
Super Moderator
- Joined
- Oct 6, 2005
- Messages
- 10,962
For the past few hours, we've broken the record each hour for most users online.
The latest info:
There are currently 8794 users online. 37 members and 8757 guests
Most users ever online was 8,794, Today at 03:22 PM.
How many of those 8,757 "guests" are SPAMMING bots? Maybe half?
A few months ago, I smelled a rat. I went down to the sub-basement and started sniffing IP addresses. One thing led to another, and I soon discovered the following facts.
Current membership: 32,455
23.31% of current members have posted only once.
45.34% of current members have never posted.
4,000+ non-posting members over the past 12 months have inserted SPAM into their profile page (eg: links to other web sites, business contact info, images).
Obviously, it makes little sense to advertise within profile pages. Who comes here searching membership data because they want a Russian **** DVD or Chinese counterfeit jeans? There must be a reason for all of these fake members.
I researched some security forums, and I discovered that bots are registering at forums only for the purpose of returning later to insert links to outside web sites. Why? Apparently, search engines capture these profile pages and increment their count for that URL; the more instances of that URL found on the web, the higher the placement of that URL on subsequent search-engine results for people entering specific keywords.
In other words, this practice gives SPAMMERs more exposure.
Before I learned this, I had identified roughly 190 such SPAMMING profile pages containing **** and other objectionable content. So, I banned them all, but it took me nearly 11 hours because the process of locating, verifying, and banning has to be done case-by-case.
Now, I think that was wasted effort. These registrations went back over a year, so the search-engine spiders had already counted them.
Two days ago, I began a new approach. I'm not certain, but I'm thinking that there must be at least a 24-hour delay between the time a bot inserts an URL and the time it's captured by Google et al. (Does anybody know anything about this time interval?) Hence, I've begun daily monitoring of new registrations, and I'm deleting registrations within 24-hours of an URL being placed.
Could it be that I have angered the bots? Are they coming back today in droves?
I already know that they will likely never stop, but I'm hoping that maybe word gets out that freemathhelp is no longer a good site for this.
My reasoning? I discovered clear evidence that seems to suggest that some SPAMMERs are following instructions from somewhere on how to get their URL on the web. Dozens of those deleted SPAMMING profile pages showed a consistent pattern of format and of identical character strings in corresponding fields, despite the registrations originating from nearly 15 different countries (including the USA) and URLs leading to unrelated products or services.
Perhaps, it's time to reconsider the registration process (again). The vBulletin support forums contain a lot of information on how other administrators deal with these issues. I'm not allowed to post in that forum, but something as simple as a verification question (something a bot could not answer) would prevent automated registrations. The manual registrations would need to be identified separately.
Maybe if a new user does not post anything within 48 hrs, they should be dropped? 14,700+ "members" have never posted here.
Ugh.
The latest info:
There are currently 8794 users online. 37 members and 8757 guests
Most users ever online was 8,794, Today at 03:22 PM.
How many of those 8,757 "guests" are SPAMMING bots? Maybe half?
A few months ago, I smelled a rat. I went down to the sub-basement and started sniffing IP addresses. One thing led to another, and I soon discovered the following facts.
Current membership: 32,455
23.31% of current members have posted only once.
45.34% of current members have never posted.
4,000+ non-posting members over the past 12 months have inserted SPAM into their profile page (eg: links to other web sites, business contact info, images).
Obviously, it makes little sense to advertise within profile pages. Who comes here searching membership data because they want a Russian **** DVD or Chinese counterfeit jeans? There must be a reason for all of these fake members.
I researched some security forums, and I discovered that bots are registering at forums only for the purpose of returning later to insert links to outside web sites. Why? Apparently, search engines capture these profile pages and increment their count for that URL; the more instances of that URL found on the web, the higher the placement of that URL on subsequent search-engine results for people entering specific keywords.
In other words, this practice gives SPAMMERs more exposure.
Before I learned this, I had identified roughly 190 such SPAMMING profile pages containing **** and other objectionable content. So, I banned them all, but it took me nearly 11 hours because the process of locating, verifying, and banning has to be done case-by-case.
Now, I think that was wasted effort. These registrations went back over a year, so the search-engine spiders had already counted them.
Two days ago, I began a new approach. I'm not certain, but I'm thinking that there must be at least a 24-hour delay between the time a bot inserts an URL and the time it's captured by Google et al. (Does anybody know anything about this time interval?) Hence, I've begun daily monitoring of new registrations, and I'm deleting registrations within 24-hours of an URL being placed.
Could it be that I have angered the bots? Are they coming back today in droves?
I already know that they will likely never stop, but I'm hoping that maybe word gets out that freemathhelp is no longer a good site for this.
My reasoning? I discovered clear evidence that seems to suggest that some SPAMMERs are following instructions from somewhere on how to get their URL on the web. Dozens of those deleted SPAMMING profile pages showed a consistent pattern of format and of identical character strings in corresponding fields, despite the registrations originating from nearly 15 different countries (including the USA) and URLs leading to unrelated products or services.
Perhaps, it's time to reconsider the registration process (again). The vBulletin support forums contain a lot of information on how other administrators deal with these issues. I'm not allowed to post in that forum, but something as simple as a verification question (something a bot could not answer) would prevent automated registrations. The manual registrations would need to be identified separately.
Maybe if a new user does not post anything within 48 hrs, they should be dropped? 14,700+ "members" have never posted here.
Ugh.
Last edited:
