21
BDW
Re: To Admin - Spammer Targeting Xoops sites
  • 2007/5/31 9:31

  • BDW

  • Quite a regular

  • Posts: 280

  • Since: 2002/9/28


Did you set anti-SPAM: URLs for normal users to 5 within preferences?

22
giba
Re: To Admin - Spammer Targeting Xoops sites
  • 2007/5/31 9:49

  • giba

  • Just can't stay away

  • Posts: 638

  • Since: 2003/4/26


Quote:

incama wrote:
Well I use the protector module (although not the latest version) and it seems that it passes the protection. Another weird thing is that my stats program (non Xoops) doesn't detect any hits of the bots (I have checked the registered user ip address and searched it in my stats program, but couldn't find any entry)

Second, all of fake users run on different ip adresses (according to xoops)


Equal incama here :(

My registry is suspended for spam now, users send e-mail for all users.

23
sato-san
Re: To Admin - Spammer Targeting Xoops sites
  • 2007/5/31 10:02

  • sato-san

  • Quite a regular

  • Posts: 224

  • Since: 2005/7/1 1


A new SPAM User with name "quqayo" is on the way! This User have a other pattern!

He wrote for ex.:

Quote:

http://1117.thegrandwazoo.it/
http://80.sopracultura.it/
http://420.ninsole.it/
http://707.sveverona.it/
http://229.sofismusica.it/
http://316.sofismusica.it/
http://362.misterhyde.it/
http://245.misterhyde.it/
http://1125.singlenet.it/
http://87.poseidonbeach.it/
http://1302.orienteeringweek.it/
http://828.misterhyde.it/
http://1157.misterhyde.it/
http://153.orienteeringweek.it/
http://952.vbgallery.it/
http://1060.spegnilatv.it/
http://104.thegrandwazoo.it/
http://1313.vbgallery.it/
http://199.ninsole.it/
http://943.sopracultura.it/
http://1316.singlenet.it/
http://1107.orienteeringweek.it/
http://462.nefroar.it/
http://1246.orienteeringweek.it/
http://855.ninsole.it/
http://250.vhr.it/
http://328.sopracultura.it/
http://147.thegrandwazoo.it/
http://552.poseidonbeach.it/
http://1212.thegrandwazoo.it/
http://151.vhr.it/
http://293.sofismusica.it/
http://1140.thegrandwazoo.it/
http://618.vbgallery.it/

24
Anonymous
Re: To Admin - Spammer Targeting Xoops sites
  • 2007/5/31 10:11

  • Anonymous

  • Posts: 0

  • Since:


Can we non-Italian users add *.it$ to our banned lists?

25
BDW
Re: To Admin - Spammer Targeting Xoops sites
  • 2007/5/31 10:11

  • BDW

  • Quite a regular

  • Posts: 280

  • Since: 2002/9/28


right, its taken a new twist, this spammer is not only posting links, but is splurting anti gay messages also.

The best thing to do is get a hold of its/his list of websites and ban any email address from those sites.

1. Admin Control Panel
2. System Admin >> Preferences
3. User Info Settings
4. Enter emails that should not be used in user profile
5. Now Enter in each of its/hers website address seperating each with a | and place $ on the end of each URL.

This will stop any email address from those websites being used to sign up to your website.

Now if anyone wants the list of websites then please PM me.

26
Anonymous
Re: To Admin - Spammer Targeting Xoops sites
  • 2007/5/31 10:20

  • Anonymous

  • Posts: 0

  • Since:


Only one registration on my site (so far!), account not activated so I activated it and added the user to my site's "Sin Bin":

Resized Image

All that a "Sin Bin" user sees on my site when they login is the "Webmaster" block on the left and a Custom Block in the centre which contains the above image and some text explaining why the user is in the "Bin". The block also contains a "logout" link.

27
emptyaccount
Re: To Admin - Spammer Targeting Xoops sites

In addition to BDW's recipe:

1. Admin Control Panel
2. System Admin >> Preferences
3. Word censor options
4. Now Enter the domain names presented above and george-walker-bush.info, seperating each with a | .

Now the spammer can't place links to his websites.

(BUG REPORT: if you add too many spammy domainnames... XOOPS will erase it when you save it. )

28
Anonymous
Re: To Admin - Spammer Targeting Xoops sites
  • 2007/5/31 10:34

  • Anonymous

  • Posts: 0

  • Since:


Quote:
sato-san wrote:

http://1117.thegrandwazoo.it/
http://80.sopracultura.it/
http://420.ninsole.it/
http://707.sveverona.it/
http://229.sofismusica.it/
http://316.sofismusica.it/
http://362.misterhyde.it/
http://245.misterhyde.it/
http://1125.singlenet.it/
http://87.poseidonbeach.it/
http://1302.orienteeringweek.it/
http://828.misterhyde.it/
http://1157.misterhyde.it/
http://153.orienteeringweek.it/
http://952.vbgallery.it/
http://1060.spegnilatv.it/
http://104.thegrandwazoo.it/
http://1313.vbgallery.it/
http://199.ninsole.it/
http://943.sopracultura.it/
http://1316.singlenet.it/
http://1107.orienteeringweek.it/
http://462.nefroar.it/
http://1246.orienteeringweek.it/
http://855.ninsole.it/
http://250.vhr.it/
http://328.sopracultura.it/
http://147.thegrandwazoo.it/
http://552.poseidonbeach.it/
http://1212.thegrandwazoo.it/
http://151.vhr.it/
http://293.sofismusica.it/
http://1140.thegrandwazoo.it/
http://618.vbgallery.it/


That lot condenses to the following for your user info settings:

thegrandwazoo.it$|sopracultura.it$|ninsole.it$|sveverona.it$|sofismusica.it$|misterhyde.it$|singlenet.it$|poseidonbeach.it$|orienteeringweek.it$|vbgallery.it$|spegnilatv.it$|nefroar.it$|vhr.it$

29
BDW
Re: To Admin - Spammer Targeting Xoops sites
  • 2007/5/31 10:40

  • BDW

  • Quite a regular

  • Posts: 280

  • Since: 2002/9/28


actually, heres my thought.

If XOOPS is now being exploited by Spam Bots that can activate their accounts even though you have set your site to email activation only then surely there is a security issue within xoops.

this should be looked into ASAP.

30
Anonymous
Re: To Admin - Spammer Targeting Xoops sites
  • 2007/5/31 10:48

  • Anonymous

  • Posts: 0

  • Since:


Quote:
BDW wrote:

actually, heres my thought.

If XOOPS is now being exploited by Spam Bots that can activate their accounts even though you have set your site to email activation only then surely there is a security issue within xoops.

this should be looked into ASAP.


Good thought, but the one registration that I had wasn't activated at the time I spotted it.

Could it be that all those email addresses used to refgister the accounts forward to another (single) place and there's a real person clicking the links?

My site doesn't allow anonymous postings/comments, so perhaps I'm lucky in that I intercepted the account before it was activated.

I don't get many user activations on my site so I might set the system to "Activation by administrators" until this business quietens down.

Oh, and I back-up my database twice a day at the moment

Login

Who's Online

167 user(s) are online (108 user(s) are browsing Support Forums)


Members: 0


Guests: 167


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Mar 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits