11-17-2011, 04:37 AM
If you delete a suspicious account, can you send me the Username, IP, and email address if you can? I've been tracking both the accounts I've been deleting, and the ones I see attacking the forum on the error log. Some of the spammers reuse their fake email or username again and again as a sort of calling card. This can be helpful if they're attacking from a new IP that hasn't been widely reported yet on spam lists.
Here's what I've been looking at:
- Google the IP, if an IP gets hits on the first page for one or more of the following:
-- Stop Forum Spam - IP Check - [IP Address]
-- BotScout.com: IP Check: [IP Address]
Then it's highly likely that it is a bot that is spamming us, trying to register an account. I've found if you follow the links to one of those pages, you will generally find either the username or email address somewhere in the list - sometimes it's a close variation.
I will also sometimes to searches on the email address and/or username. The very generic ones that would come up in a lot of searches are generally fake. Typically a real forum user will come up with a few reasonable hits, though not always.
If I don't have enough evidence, then I leave the account alone. If after one day the new user hasn't been online (which I judge to be atypical behavior), then I will also delete the account.
This may sound incredibly dull, but it's actually been a little interesting. If you don't feel like doing any of this then that's fine too, but please do pass along the information, please. Very few of the attacks actually succeed in registering.
I'd be happy to post the spreadsheet I've been keeping somewhere and updating it periodically if there is any interest.
Here's what I've been looking at:
- Google the IP, if an IP gets hits on the first page for one or more of the following:
-- Stop Forum Spam - IP Check - [IP Address]
-- BotScout.com: IP Check: [IP Address]
Then it's highly likely that it is a bot that is spamming us, trying to register an account. I've found if you follow the links to one of those pages, you will generally find either the username or email address somewhere in the list - sometimes it's a close variation.
I will also sometimes to searches on the email address and/or username. The very generic ones that would come up in a lot of searches are generally fake. Typically a real forum user will come up with a few reasonable hits, though not always.
If I don't have enough evidence, then I leave the account alone. If after one day the new user hasn't been online (which I judge to be atypical behavior), then I will also delete the account.
This may sound incredibly dull, but it's actually been a little interesting. If you don't feel like doing any of this then that's fine too, but please do pass along the information, please. Very few of the attacks actually succeed in registering.
I'd be happy to post the spreadsheet I've been keeping somewhere and updating it periodically if there is any interest.
