Spambot activity - How you can stop it

firedrake969_test

Heck, a JavaScript/HTML5 simple thing can be made with clicking dots. Easy for even kindergarteners (that can read) but almost impossible for spambots (especially if they're programmed to deal with captchas)

Alt account of Firedrake969.

Rocket II: A black and white bitmap space game!

I seek not fame, but education.

;

jontmy00

jvvg wrote:
However, another possible solution would be to check the IP and email against http://stopforumspam.com. That is the service I use to prevent spam.

I'm not using a proxy.
I can't go on any website that has it.
It won't allow me to remove my IP.
Just no, it doesn't just stop bots, it stops real users.

GeonoTRON2000

jontmy00 wrote:
jvvg wrote:
However, another possible solution would be to check the IP and email against http://stopforumspam.com. That is the service I use to prevent spam.
I'm not using a proxy.
I can't go on any website that has it.
It won't allow me to remove my IP.
Just no, it doesn't just stop bots, it stops real users.

You can submit a request for removal. I've done it twice and it worked both times.

ScratchJahd2011

This is a great plan everyone! Just keep it simple, and it will work.

…..

ScratchJahd2011

I have reported THREE spam posts in the last 1 hour.

…..

Kayah

I just found a topic about watching thor in the project ideas fourm

You won't be unknown anymore

I love Birds!
; oh! no idea how that got there…
; that's better
;;;;;;;;; noooooooo!

jvvg

jontmy00 wrote:
jvvg wrote:
However, another possible solution would be to check the IP and email against http://stopforumspam.com. That is the service I use to prevent spam.
I'm not using a proxy.
I can't go on any website that has it.
It won't allow me to remove my IP.
Just no, it doesn't just stop bots, it stops real users.

Go to the removal page and sumbit a removal request.

Professional web developer and lead engineer on the Scratch Wiki
Maybe the Scratch Team isn't so bad — Why the April Fools' Day forum didn't work last year

jontmy00

jvvg wrote:
jontmy00 wrote:
jvvg wrote:
However, another possible solution would be to check the IP and email against http://stopforumspam.com. That is the service I use to prevent spam.
I'm not using a proxy.
I can't go on any website that has it.
It won't allow me to remove my IP.
Just no, it doesn't just stop bots, it stops real users.
Go to the removal page and sumbit a removal request.

I have done that for eternity.
Almost every other IP in this region here is blocked.
I can unblock it, but there's a huge problem here.
My dynamic IP changes with alternating page refreshes, so I have to do this for every IP I use?.
Several times I've been “IP banned” because of some random spambot (or something) which appeared to have the same IP… (why I have no idea).
The banned IPs have been removed now by the ST, at least.

I'm just fully against SFS or any other spam IP detection list/site/whatever, since some people just happen to live in a country with the same spam condition as me… I hate spammers.

Here's some proof (copied from here):

Your public IP address 2*0.255.2.*2 is in our database.
Your public IP address 2*0.255.2.*9 is in our database.
Your public IP address 2*0.255.2.*8 is in our database.

None of these numbers were made up in any way.

Last edited by jontmy00 (Nov. 26, 2013 15:00:14)

Lirex

ErnieParke wrote:
Lirex wrote:
What about a CAPTCHA like this one?

I had some trouble reading that, and I'm still not sure what to put down (thanks to that 3, w, or m?). I'd even think that XRumer might be able to get through it, but then again, the circular nature of the text might stump it.

I do like the design and colors, though.

Hmm, maybe I cloud change it to another font (the Scratch font?) or underline the letters or just turn them back to the right direction or something else…
Because this CAPTCHA is circular, it may confuse most (all?) bots, what a CAPTCHA is supposed to do.

Last edited by Lirex (Nov. 27, 2013 13:58:25)

Scratch-DACH-Wiki author

;

Yay, 500+ posts! (05/25/2014)

Mozzi64

Lirex wrote:
ErnieParke wrote:
Lirex wrote:
What about a CAPTCHA like this one?

I had some trouble reading that, and I'm still not sure what to put down (thanks to that 3, w, or m?). I'd even think that XRumer might be able to get through it, but then again, the circular nature of the text might stump it.

I do like the design and colors, though.
Hmm, maybe I cloud change it to another font (the Scratch font?) or underline the letters or just turn them back to the right direction or something else…
Because this CAPTCHA is circular, it may confuse mosta (all?) bots, what a CAPTCHA is supposed to do.

Yes, I agree: A circular CAPTCHA could stump it, But maybe the CAPTCHA could be in different shapes, like a triangle, square, star, or, most hardest to crack, a randomly-generated polygon.

THE POTATOES, THEY'RE EVERYWHERE
HEELLLLPPP
lol

Deerleg

Mozzi64 wrote:
Lirex wrote:
ErnieParke wrote:
Lirex wrote:
What about a CAPTCHA like this one?

I had some trouble reading that, and I'm still not sure what to put down (thanks to that 3, w, or m?). I'd even think that XRumer might be able to get through it, but then again, the circular nature of the text might stump it.

I do like the design and colors, though.
Hmm, maybe I cloud change it to another font (the Scratch font?) or underline the letters or just turn them back to the right direction or something else…
Because this CAPTCHA is circular, it may confuse mosta (all?) bots, what a CAPTCHA is supposed to do.

Yes, I agree: A circular CAPTCHA could stump it, But maybe the CAPTCHA could be in different shapes, like a triangle, square, star, or, most hardest to crack, a randomly-generated polygon.

Yes, a randomly generated polygon would be the best idea.

LeDerpy123

ppettitt wrote:
Captcha is a great idea! I wonder why they haven't done that in the past…
EDIT: Of course, younger Scratchers might not be able to read it as well…

I'm in 9th grade and I still have trouble reading those things…

My specs: Windows 8.1.2 - 3 GB RAM - Intel Core2 Quad - IE11

124816

ProdigyZeta7 wrote:
To all of Scratch:

In the past 20 minutes I have found at least 8 topics created by spambots made in the last 24 hours. Just yesterday I found 6 more spam topics over the course of that day. Has activity always been this high? Last time I checked one or two topics were made every month or so. Something bad is happening, and it's happening fast. So why all of sudden we're being attacked more often?

There is a major flaw in the sign-up process: a lack of something to stump a spambot. Captcha could work, although I remember reading a post by jvvg that even spambots have the intelligence to bypass Captcha. Not good. We need something to gain the high ground against these malicious spambots and we need to do it fast, or else we will face another spambot invasion far worse than Scratch has encountered before. I'm not cynical, but the vulnerability of Scratch is a reality.

As for now, Scratch Team, I (we) wish that you consider adding an extra segment to the Join Scratch process: something that can beat a spambot while keeping it relatively easy for a 7-y/o to join.

And for everyone else, keep your eyes peeled for any suspicious topics with keywords “Live Stream”, “Watch”, along with names of people from sports and entertainment. Do not go to these malicious sites: unless you have an iPhone or some other tech that is untouchable by viruses it is highly advised you do not let these spambots win.

If you see a topic such as “Dude vs Dude2 Live Stream” or “hey bro whats up” that doesn't seem to fit with the rest of the forums, REPORT IT IMMEDIATELY. The report button is located in the bottom right corner of every post; when you click it, you will be asked to put in a reason for why you are reporting that post, so put in “Spam” or “Spambot” as the reason. It should take a few minutes (hours?) for a moderator/admin to pick up on the report and take down the topic along with terminating the spambot account. To see if any spambots have infected the forums, click the link “See unanswered posts” at the bottom-right of the main discuss page and locate suspicious topics.

Thank you for patience in reading this and I wish you luck in your fight against spam.

I definitely don't want the spambots to win.

Want to be part of the Scratching Post? Apply here!
Want to stop the AE war? Click Me! Also click Me! You might want to click me too!
Want to stop bullying? Click Me! Click Me too! Also click me! Click Me if you want to stop cyberbullying!

<[] = []>//This boolean block looks like a reporter block. I resent that.

Nobody will forget the semicolon.
;

jontmy00

124816 wrote:
ProdigyZeta7 wrote:
-snip-
I definitely don't want the spambots to win.

Who doesn't.

Obviously except the spammers themselves…

scratchisthebest

We can't do “click the red button” because some Scratchers are colorblind.
I think the jquery slider is our best bet.

I am a Lava Expert

Lirex

scratchisthebest wrote:
We can't do “click the red button” because some Scratchers are colorblind.
I think the jquery slider is our best bet.

Do you need JavaScript to register? Because what would happen when someone (a bot) has JavaScript disabled?

Scratch-DACH-Wiki author

;

Yay, 500+ posts! (05/25/2014)

scimonster

Lirex wrote:
scratchisthebest wrote:
We can't do “click the red button” because some Scratchers are colorblind.
I think the jquery slider is our best bet.
Do you need JavaScript to register? Because what would happen when someone (a bot) has JavaScript disabled?

Yes, you need JS. But you can't count on bots not being able to run JS. Especially since bots clearly have registered.

Retired Community Moderator
BTW, i run Google Chrome 41.0.2272.101 on a Linux system - Ubuntu 14.04. NEW: iPad 4th gen. w/retina.

418 I'm a teapot (original - to be read by bored computer geeks)
THE GAME (you just lost)
; THE SEMICOLON LIVES ON IN OUR SIGS

jvvg

I came up with a pretty cool solution.

Unfortunately, I am on a tablet right now and can't implement it on anything, and all I have to show right now is what I wrote on the back of an airline ticket.

I apologize for my bad handwriting.

Last edited by jvvg (Nov. 27, 2013 15:21:27)

Professional web developer and lead engineer on the Scratch Wiki
Maybe the Scratch Team isn't so bad — Why the April Fools' Day forum didn't work last year

ProdigyZeta7

jvvg wrote:
I came up with a pretty cool solution.

Unfortunately, I am on a tablet right now and can't implement it on anything, and all I have to show right now is what I wrote on the back of an airline ticket.

–snip–

I apologize for my bad handwriting.

Let me make that more readable….

Registration Page
~~~~
Frame: verification from another domain (?)
~~~~
Submit:
If IP entry dated within 10 minutes in
database, then accept.
Otherwise, reject registration.
——————–
Verification Page
Enter this code: #####
[_________] [Go]
Submit: If ??? then add database entry for IP address lasting 10 minutes

jvvg

ProdigyZeta7 wrote:
jvvg wrote:
I came up with a pretty cool solution.

Unfortunately, I am on a tablet right now and can't implement it on anything, and all I have to show right now is what I wrote on the back of an airline ticket.

–snip–

I apologize for my bad handwriting.
Let me make that more readable….
Registration Page
~~~~
Frame: verification from another domain (?)
~~~~
Submit:
If IP entry dated within 10 minutes in
database, then accept.
Otherwise, reject registration.
——————–
Verification Page
Enter this code: #####
[_________] [Go]
Submit: If ??? then add database entry for IP address lasting 10 minutes

Here is a better explanation:

On the registration page, make a frame that points to a secondary form and ask the user to submit the form in the frame before registering.
When the secondary form is submitted, mark that IP as verified for 10 minutes.
When submitting the registration form, check that the IP was verified within the last 10 minutes, and reject the request if it wasn't.

Professional web developer and lead engineer on the Scratch Wiki
Maybe the Scratch Team isn't so bad — Why the April Fools' Day forum didn't work last year

Discuss Scratch