Author Topic: The Spammers are still at it...  (Read 387 times)

0 Members and 1 Guest are viewing this topic.

Offline saratogaWX

  • Administrator
  • Forecaster
  • *****
  • Posts: 8587
  • Saratoga, CA, USA Weather - free PHP scripts
    • Saratoga-Weather.org
The Spammers are still at it...
« on: January 11, 2022, 11:23:52 AM »
I analyze the webserver logs of wxforum.net (and all my sites) daily and it's amusing to note that the robo-registration bots are ever trying to get a foothold on wxforum.net, but are thwarted by the dual captcha devices from successfully registering.

Here's yesterday's unsuccessful attempts:
Code: [Select]
Count         IP Address     Location
   1495 46.161.11.28 net for dedicated servers users, Russia
    954 193.169.254.146 PL-AstroVM-net, ASTROVM.NET, PL (AstroVM.net)
    342 178.129.197.209 OJSC "Bashinformsvyaz", Russia
    325 158.46.99.43 E-Light-Telecom, Russia
    316 195.246.120.170 EU-ZZ-193-194-195, Europe, EU (The Netherlands)
    291 46.148.234.229 ECO-NET, route object, RU (Altagen CJSC 3 Davydkovskaya street 121352 Moscow RUSSIAN FEDERATION)
    172 95.65.81.152 STARNET S.R.L, Moldova
    171 193.169.253.97 GigaHostingServices-NETWORK, PL (ESTONIA)
    156 91.221.66.52 Oy Crea Nova Russia LTD, Finland
    130 191.101.132.137 Digital Energy Technologies Chile SpA, CL (8320313 - Santiago - RM)
    119 46.148.234.164 ECO-NET, route object, RU (Altagen CJSC 3 Davydkovskaya street 121352 Moscow RUSSIAN FEDERATION)
    119 165.231.5.4 FIBERGRID-20120611, SC (Seychelles)
    114 5.138.126.22 Macroregional_South, Stavropol, Russia, RU (355000, Stavropol, Russia)
    114 191.101.132.95 Digital Energy Technologies Chile SpA, CL (8320313 - Santiago - RM)
    107 37.192.177.23 RU-NTK-20120321, Novotelecom Ltd., RU (630099 Novosibirsk Russia)
...

They're also after unsecured comment forms, but the Login Pad captcha is thwarting the robo-spammers too.

Code: [Select]
Count        IP Address        Location
     47 109.194.243.36 ERTH-IRKUTSK-PPPOE-19-NET, TM DOM.RU, Irkutsk ISP, RU (Russian Federation)
     12 95.152.50.222 JSC Volgatelecom, Penza branch, RU-PENZA-VT-DSL-200901, RU (Russia)
     12 92.38.136.69 DINET-USER1, aggregate prefix, RU (Moscow, Russia, 129366)
     12 62.171.190.173 RMPLC, Internet for Learning, GB (United Kingdom)
     12 178.159.37.66 SBY-Telecom, UA (Marshala Grechko st., n. 20-B, Kiev, Ukraine)
     10 24.37.226.178 Le Groupe Videotron Ltee, VL-15BL, Montreal, CA (150 Beaubien Ouest)
     10 188.122.82.146 i3d B.V., Netherlands
Ken True/Saratoga, CA, USA main site: saratoga-weather.org
Davis VP1+ FARS, Boltek-PCI/NexStorm, microSferics ToA, Blitzortung RED, GRLevel3, WD, WL, VWS, Cumulus, Meteobridge/hub
Free weather PHP scripts/website templates - update notifications on Twitter saratogaWXPHP

Offline mcrossley

  • Forecaster
  • *****
  • Posts: 912
    • Wilmslow Astro
Re: The Spammers are still at it...
« Reply #1 on: January 11, 2022, 12:01:13 PM »
Mainly from eastern Europe :(

It may be overkill but how about randomising the login pad code each time? Something like...
Code: [Select]
$rndArray = range(0, 9);
shuffle($rndArray);
$kpChallenge = implode('', array_slice($rndArray, 0, 8));
Mark

Offline saratogaWX

  • Administrator
  • Forecaster
  • *****
  • Posts: 8587
  • Saratoga, CA, USA Weather - free PHP scripts
    • Saratoga-Weather.org
Re: The Spammers are still at it...
« Reply #2 on: January 11, 2022, 02:09:34 PM »
Yep, Russia, Ukraine, and other eastern Europe seem to be lax about shutting down robo-spammers and scanners for vulnerabilities to take over a website for use as new spammer/malware distribution.  Sigh.

I've found that even using a static passcode with Login Pad captcha, the robots haven't conquered it yet.  They're already using Google voice-to-text to solve Google reCaptcha V2 sites easily so that alone is insufficient to protect from spammers.  That's why we use two forms of captcha for registrations on WXForum.net -- only the very occasional human spammer slips through now.   
Ken True/Saratoga, CA, USA main site: saratoga-weather.org
Davis VP1+ FARS, Boltek-PCI/NexStorm, microSferics ToA, Blitzortung RED, GRLevel3, WD, WL, VWS, Cumulus, Meteobridge/hub
Free weather PHP scripts/website templates - update notifications on Twitter saratogaWXPHP

Offline vreihen

  • El Niņo chaser
  • Forecaster
  • *****
  • Posts: 1181
  • K2BIG
Re: The Spammers are still at it...
« Reply #3 on: January 11, 2022, 03:30:43 PM »
I've heard that there are third-world sweatshops that take live CAPTCHA images from sites they wish to access via bot, and present them to people as a game.  Solve it correctly, earn a penny or something if the answer gets the bot past that CAPTCHA.  Who needs artificial intelligence when natural intelligence works that cheap?????
WU Gold Stars for everyone! :lol:

Offline WeatherHost

  • Forecaster
  • *****
  • Posts: 3584
Re: The Spammers are still at it...
« Reply #4 on: January 11, 2022, 06:47:22 PM »
But how many legitimate members are turned away?

I do not do the captcha thing.  If a site presents it and my solve it bot doesn't solve it instantly, I go away and never return.


Offline saratogaWX

  • Administrator
  • Forecaster
  • *****
  • Posts: 8587
  • Saratoga, CA, USA Weather - free PHP scripts
    • Saratoga-Weather.org
Re: The Spammers are still at it...
« Reply #5 on: January 13, 2022, 01:31:15 PM »
As to legitimate members turning away, I've only had 4 admin messages from folks saying they couldn't work the captchas in the last 4 years.  I handled those manually via email contact.
The contact form on the forum just has a Google reCaptcha V2 on it so is easy to navigate.

Before installing the noCaptcha image rotation captcha, we were flooded with spammer registrations.  Apparently, the robospammers had cracked that one two if the default images were used, so I crafted a custom set of images and they've not cracked it yet.
I definitely prefer to thwart the robots at registration by automation than to constantly clean up the mess with a more robot-friendly registration mechanism.  Your mileage may vary...
Ken True/Saratoga, CA, USA main site: saratoga-weather.org
Davis VP1+ FARS, Boltek-PCI/NexStorm, microSferics ToA, Blitzortung RED, GRLevel3, WD, WL, VWS, Cumulus, Meteobridge/hub
Free weather PHP scripts/website templates - update notifications on Twitter saratogaWXPHP

Offline havtrail

  • Senior Contributor
  • ****
  • Posts: 187
    • Haverford Weather Station
Re: The Spammers are still at it...
« Reply #6 on: January 13, 2022, 03:34:39 PM »
Thanks for staying on top of this, Ken!

Rich K.
Onset HOBO RX2102 Cellular
https://www.havtrail.com/weather/
NEWA https://newa.cornell.edu Haverford, PA

 

anything