[cgrey8]

Historically, it's been easy to ban a lot of the spammers via their IP. In fact, I'd often just block the entire range of IPs they hit the site from since most of the time, they are from countries that generally don't have a lot of Ford tuning going on like China or India.

However with the advent of all these Personal VPNs that are out there now, people buy their way into hiding who they are, aren't tracked, and as a result aren't going to be punished even if I contacted the VPN company and told them the IP and time the offense occurred. If they don't track their users, then how could they possibly "punish" anybody for wrong doing?

So my only alternative is to start banning IP ranges that VPNs use, even if they are in the US. While it's not likely, what I can't be assured is that I won't inadvertently block legitimate users (possibly using the same VPN company but not using them to wreak havoc).

The question to you guys is, how many of you access the site while using a P-VPN? I know a lot of them integrate into your phone and are active all the time. So all access to the Internet is secured and there's nothing nefarious about what you are doing...you just don't want to be tracked by websites. And I get that. But how big of a deal is it going to be if the popular P-VPN IPs wind up getting blocked?

Or would you prefer the admins not block the VPNs and just clean up the spam when it happens?

[EDS50]

I just delete suspicious member accounts which are pretty easy for me to weed out. I must have a good track record since I have not been questioned on one account delete in 10 years.

[cgrey8]

Deleting the account gets rid of the user and, if selected, all the offending posts they created.

And that's fine, but my intention is to block the IP they registered from so they can't create another account later and just keep spamming at will. Most use throw-away emails, so blocking email address isn't any more effective. So if they can create an account once, they can just as easily create another with another "burner" email address. But if we block the IPs they are hitting the site from, that stops them from even being able to create an account.

My fear is getting too excessive with the blocks and inadvertently blocking the IPs legitimate users might use.

[EDS50]

I agree with what you are wanting to do. I would move forward with blocking the ip's as you see fit and if a legitimate account gets blocked or involved in the process; they do have the option to contact us to dispute the blockage via the "contact us" form that comes to our emails. I personally have not received one as of yet.

[cgrey8]

Will do.

It just really bothered me when I checked this morning and there were 30 something spam posts, most with Chinese letters, but the registration IP was from the US. I know most P-VPNs let you choose the country you want to "appear" to be from. That's quite useful for things like watching Netflix where certain shows are only available in certain countries.

I figured that out when I went to Canada and found that Netflix had the latest season of a show I liked, but when I got back here to the US, I couldn't access those episodes. I even had some episodes downloaded to my tablet, but once the app realized I was back in the US, it denied me the ability to watch what I'd already downloaded! So a common use of P-VPNs is to fool apps like Netflix into letting you watch shows that technically aren't "allowed" for US customers to watch.

Point is, knowing you can do that with P-VPNs, I'm fairly confident that's what the spammer was using. Being I have all the known IPs in China already blocked (as I'm assuming many other sites do), my guess is spammers are going to start using P-VPNs more and more.

[EDS50]

I have seen a majority of spam ip's from India as well here which I have deleted their accounts and have not seen them return. Maybe you are getting to them faster than I do. Can we not set up the registration process for new accounts/members to be approved by a moderator before their accounts/memberships are activated? I am sure there are other measures to prevent spam accounts like captcha security protocols or some type of security/screening questions that can be administered.

[cgrey8]

Yeah I see a number of them from India too. Unfortunately India's IP ranges are so scattered and narrow, that it doesn't surprise me that you see a lot from there.

[EDS50]

If we want to take on the extra work we can just set the user account registration from "by user (email verification)" to "By admin" so every registration has to go through our hands....probably a lot of work but any spam would be nipped in the bud sort of speak.

[cgrey8]

Yeah, we set it that way a few years back. And that worked. It was just inconvenient for the people registering because they had to wait until we got around to reviewing the requests and approve them. But if it gets bad like it did back then, we may have to do that.

Right now, it's only a spammer once a week or so which is quite manageable. Back then, we could get multiple spammers an hour just because the authentication was so weak that unmanned bots were able to register and post. I'd go to bed with the forum clear and the next morning, there'd be a hundred spam posts. So yeah, we had to resort to that back then until something better could be put in place.

An update to phpBB allowed us to put into place a "pass phrase" to get registered. We pointed people trying to register to forum rules FAQ and told them about 1/2 way down the page what the pass phrase is to get registered. So presumably only a human would be able to figure it out. But I don't see that setting anymore.

[EDS50]

I know our current phpbb is 3.2 and the latest is 3.2.7. Not sure if an update is required. Anyway to restrict registration by email protocol such as anything other than .com, .org or .net is not able to be registered?

[cgrey8]

You'd have to figure out what all the extensions are that are legitimate, like .edu, .au, .uk, etc etc.

[EDS50]

Makes sense. Probably best to keep proceeding as we are.

[tvrfan]

It's a catch-22, like much of the internet.

me -
I don't have a fixed IP on my account, and don't use a VPN for this site.
As default, I use Firefox with NoScript to switch off most/all of the JavaScript to stop ads,popups,trackers, which it does well, but it does stop some things working on many sites (like signing in !!)


I guess you guys (the mods) can only watch and weed out offenders and hacks.

Either it's a bulletin board, open to possible abuse, or it's not.
I can't see any way unless you review all new members, (via email acceptance/special password, or such like) which I can see is a PITA.

I reckon as long as any abuse is cleaned up fairly quickly, then that's just fine (for me at least!).

Having worked in a Govt dept for a long while, I was amazed at the number of pings, email probes, bot attempts, which occur EVERY SECOND on the dept's web servers, they had two guys who monitored it more or less continuously for hacks. I saw the logs as they rolled up the screen....


Keep up the good work !!

[EDS50]

Watch n weed seems to be working fairly well up to this point. It appears to me that leaving my most current abuser (Cyeargz) active has kept them from returning...lol.

[cgrey8]

Another thing I've noticed that helps is not deleting the user, but banning it and changing the password of the account. At the very least, it keeps the bot from reusing the email address to register another account (the forum won't allow a new user to register with an email address already used by another registered user). I don't know that this slows them down any today, but I did notice back when we were getting spammed hourly that I'd delete a user and the same exact username would come right back, registering with the same email address.