six pages of spam - cant find real messages

six pages of spam now
cant find real messages
you really should let us all move them to a holding pen
one click and no longer cluttering the index list of new messages
if the admins think they are real then move them back

spamhaus does NOT work
it should not be used
the false postives have blocked me twice now
yet massive amounts of real spam are posted daily

got a better solution? tell us
for now let any user “delete” temporarily the obvious spam
when some name posts the same thing 5-10-15 times
and sometimes goes through and does it again

I’ve removed the spam posts and users.

phpBB which this Forum uses does not have text filters, which could block posts containing spam keywords.

As soon as we can migrate to myBB, that has a proper plug-in environment that will let us add tools that block spam posts based on a large number of known heuristics. Buanzo is still making sure migration will work correctly.



Gale

Hey Whomper - don’t nag the forum elves, we do the best we can sweeping up all the spam cr*p (you only ever see a small part of it - believe me there is a lot, lot more that you never get to see cos we catch it early). The problem is that we only cover two time zones UK and West Coast USA - we used to have an elf on Chicago time but he is semi-retired from the forum now and only visits from time-to-time.

I subscribe to other boards where the housekeeping is much worse - we are keen to keep this a clean and family-friendly corner of cyberspace - and we certainly don’t want any dangerous risky links - so us elves are certainly looking forward to the s/w upgrade that Gale wrote about so that we can get better auto-filtering.

In the meantime you can always flag the dodgy posts with a report which we will see and follow up on.

And spammers please note - we run a ZERO-TOLERANCE approach to spam on this forum.

WC

The spam has been particularly rampant over the last few days - The other day I deleted well over 300 spam posts during one evening. I’m looking forward to the migration being completed so that we don’t have to spend so much time deleting posts and banning spammers.

A few days ago I stepped into some forum, which had an interesting tactic against spam… new users’ first post was moderated. This meaning that their first post was put on hold until a moderator would make it visible. After that all posts would automatically show up. I believe most if not all spam messages that show up here are from new recently created users… So it would be great if such mechanism could be implemented here… (I don’t know what software that forum was running on, neither I bookmarked it, sorry)

That’s a common and effective strategy, but it can be horribly frustrating for new users on a help forum who have just “spent the last 4 hours try to get the @$! thing to work and now I can’t even post a @$!& question!”. There are easy ways to instantly stop 90% of the spam, but it requires the right software. We can easily manage the other few % that get through.

+1. I’m strongly against controlling spam by restricting posts by new users (I even know some forums where you have to wait several days after registering before you are allowed to post). Having to moderate all new posts will be frustrating for users and won’t ease the workload for moderators. The better approach IMO is not to restrict legitimate first posts but block the spam in software so the moderators don’t have to deal with most of it at all.

Meantime I’ve found a lot of spam is coming from a small number of domains. The “Banning” tab in the Moderator Control Panel lets you use a wildcard , so to block any addresses at spammers.net, you can block *@spammers.net (assuming it works, of course).


Gale

Basically I agree - but some of these spammers register and then almost immediately post 7 threads (used to be 32 a while back) - no real poster will post seven threads like this in quick succession after registering.

WC

wasnt nagging the elfins
suggested a way to give them some help

note that spamhaus and spammers.net etc do NOT work RIGHT
they block ip numbers. spammers on dial up get a new number next time they connect. and they are relaying from dial up users with infected machines. you cant stop the real spammers from sending the stuff by blacklisting an ip address.

all you can do is hurt legitimate dial up users who get the 'bad" ip the next time they dial in. and waste the isps time getting the ip unblocked at the myriad vigilante sites who think they are 'helping".

give users here (some criteria less than admin but more than n time poster) to flag a message or block of them as probable spam without having to open each of them up . then hide them until the admins can sort it out. it is obvious when you get more than 2 with the same subject time and poster in different forums that it is spam with sufficiently high probability to warrant immediate hiding.

Excuse me whomper, but stevethefiddle did not say that!

We do not use automated IP blocking based on Spamhaus or any similar projects.

IP addresses may be manually blocked if there is a very large amount of spam from the same IP address. This usually indicates a hijacked machine, and just as you would expect traffic police to stop a stolen car that is racing down the freeway, it does not seem unreasonable for “internet police” to stop stolen servers that is spewing spam at everyone else on the internet, though as I have said this is not something that we participate in. If you are regularly having your IP address blocked, you should first check your computer thoroughly for viruses and/or trojans. You should also install a good firewall that blocks both unauthorised incoming and outgoing traffic. If/when you are confident that your computer is not party to the problem, and if the problem persists, you could contact your service provider about the problem. IP addresses are usually shared within a relatively small geographic area, so it should not be too difficult for your service provider to track down the culprit.

I more or less agree with that. We used to block IP addresses but as you suggest, spammers will be able to rotate through hundreds of IP addresses. That’s why I was talking about blocking an e-mail domain, which is a completely separate control on the moderator panel, and has succesfully stopped most of the spam we’ve recently had (so far).

Obviously we wouldn’t block a well known domain, or one where there was any reason to believe it might also be used for legitimate traffic. As soon as we migrate, we can let spam tools make all these decisions on appropriate heuristics.

You’ve got to open a message first to move or delete it (if you have those privileges, which you don’t) or report it (which you can do, but I see little point given most spam will be obvious).

We could possibly give you an extra power to delete posts, which gets them out of the way, but then the deleted posts have still got to be found so the user can be removed and banned. It’s far more efficient to do that in one action in the Admin Control Panel.


Gale

spamhaus has blocked me twice from posting here
tjey have falsely accused my pc of being infected
ran the microsoft software they said to use and it found nothing
my pc is locked down tighter than the proverbial drum
but they dont care - just claim i have some bogus virus
because some ***hole webmaster put my ip on some list
without any proof that my pc was a problem

apparently my domain is not well enough known
or you all rely on a less accurate vigilantes blacklist

I’ve checked and your service provider is NOT blocked by this forum and never has been. If your IP address is blocked elsewhere I don’t think there is anything that we can do about it.

maybe you all have a virus?
twice i got blocked posting to this forum
saying cant do that because my ip was blacklisted by spamhaus
with a link to spamhaus to resolve the problem

dialed in again
got new ip address
then posted the message

if you all are not using spamhaus then is your hosting service ?

I’ve checked several of your IP addresses for you, and they are not blocked by Spamhaus in the SBL or XBL, but they are listed in the PBL records.

What does this mean:
It means that “outgoing mail is being blocked on the IP adresses that you are using because your email program is not authenticating properly when it connects to your ISP or to your company’s mail server”.

Do you post to the forum by logging onto the forum through a regular computer web browser or by some other method?

If this happens again, take an image of the block message and send it to me in a Private Message (PM).

The IP address you registered with is on the Spamhaus Policy Block List (PBL):

“This IP range has been identified by Spamhaus as not meeting our policy for IPs permitted to deliver unauthenticated ‘direct-to-mx’ email to PBL users.”

The PBL removal page is here:
http://www.spamhaus.org/pbl/removal/

My suggestion would be you e-mail your ISP and explain the issues you are receiving and ask them to give you a static IP address which is not on any Spamhaus or other block lists (lots of random IP addresses within their net range are not listed by Spamhaus). If they are not interested, switch provider.



Gale

thanks
it was not email wrt to audacity problem
(but i have had problems that could relate to that with email)
it was posting to the forum
error message in red
saying i was flagged by spamhaus
using mozilla firefox 3.08
dial up via isp
http to the forum at audacity team
browse fine
but then cant post

been to spamhaus each time
and got off the lists
but somebody at the isp is runnign wide open as a bot etc
and burning up the dynamic ips so they do get on the spamhaus lists

not easy to change isps
and notifiying everyone we know about new email address
would be a real chore if possible at all

this isp has had problems when they were new
got blacklisted due to open relay or some such problem
fixed it and has run their own servers securely since then

dont think that i can get a static ip from them
at least on dial up
with a home subscription
maybe if i paid more for a commercial link

the mom and pop grew up to be a medium commercial isp
and just keeps dial up cause it is there already
not pushing for new customers at all

i will check with them
but doubt that they care enough to do anything
will tell me to move on
which as i noted is hard
not many choices and changing newsletter subscriptions
telling people we have a new email address etc is a big chore

I’ve found out the phpBB forum software is actually set to “check the following DNSBL services on registration and posting: spamcop.net and http://www.spamhaus.org”. That check includes all the Spamhaus lists including PBL. Is the image in this phpBB Forum thread what you are seeing?

I searched for “spamhaus” and “spamcop” on our Forum, but I only see one other report a couple of months ago of a legitimate user being blocked: “my starbucks wifi IP is blocked by spamhaus so I couldn’t post here”. I can find two other e-mail reports of “I’m blocked” which are too vague to be sure. Obviously that count will be an underestimate by some degree or other.

I’d tend to conclude these blocklists are probably so ineffective against the spam we get it is probably barely worth doing (professional spammers will probably have automated checks against blocklists). There is no way to whitelist a specific IP while keeping the DNSBL check on. I’m not going to turn the check off just at the moment, but I’d hope we can avoid indiscriminate IP-based blocking when we migrate and can having effective, configurable anti-spam tools.

As for changing e-mail addresses, once you join a webmail service like gmail or hotmail, you then no longer have your e-mail address tied to your ISP.



Gale

that was the image
the bbs software would have been the only other place that would have checked

i have a webmail address for newsletters and to give out to people who do spam like batteryshack and worstbuy

but many places i need to contact (professional organisations and their web sites) do not take such addresses (but some newsletters and other web sites do this too) and my wife only has the isp email address and i am not up to trying to teach her how to use yet another method to get email

other places reject the webmail addresses too as being too easy to spoof
which is nonsense as i get spam addressed to myself from myself at my main email address so the spammers can clearly spoof anything
(wish they would spoof some govt ip address and stop picking the ones from my isp :confused: )

MIT professor showed that the only way to correctly handle spam is at the end point. anything else in between causes problems for legitimate users. but the vigilantes don’t care about facts.

I was blocked today too from posting here, because of spamhaus.

The message I got when posting was the same as from the pic Gale posted.

My ip address range was list in PBL and XBL. My computers are not being used for spam or whatever they say on spamhaus.

I have ADSL connection with dynamic ips from my isp which change every few days or so…

Probably someone else was spamming on this ip address a few days ago (the record on spamhaus was from 4 days ago), or a close ip address from the same range was spamming.

I unsuccessfully tried to remove my ip address from spamhaus.

I ended up setting up an http proxy at my server and manage to post that way. This is not something a regular user would be able to do.

I think this is the second time this happens to me. I can’t be sure if the first time was on this forum or some other one though… (the other time I think I worked around it by resetting my modem and obtaining a new ip address…)