Hello, everyone.
I've seen a few spam-bots here recently, so I thought it could be a good idea to share with you what I found out, and how I have reacted towards them.
I have the role of a moderator in a forum about High Sensitivity and about Highly Sensitive People (HSPs).
It is built upon vBulletin 3.6.4 . There are no Captchas or how they are called during the registration process.
According to www.stopforumspam.com there is an insanely huge list of bots out there.
I once thought it would be great to have the bot names from that site as an RSS feed or so to use them as akind of filter against newly registering bots here.
First of all, try to make it a habit to control evry new user. If you find it, the new user's timezone is set to China, it's likely it's going to be a bot.
During this year, in an massive hack several hundreds - or even thousands ? I don't know - chinese or asian boards have been compromized. As I suspect, they now act as kind of "spam-throwers" towards the rest of the world. However, I cannot prove this. It's just that I combined 1 + 1.
Here is just a short list of bots that are likely to arrive here, but before, I'll tell you why:
1. I banned Yangkee140 on the HSP board.
2. Yangkee730 was here just today.
3. Both sound astonishingly similar.
1. First step: Take the user name and feed it into Google or any other search engine.
Results:
1. If the results are more than let's say 5 pages, then it's most likely a bot.
2. If almost all results are user names from forums, then even more so.
3. If the time zone of Yangkee730 is set towards China, then you'll have another clue.
2. Second step: Take the e-mail adress and/or (double-checking) the IP adress of Yangkee170, and look for it in the database of www.stopforumspam.com .
I just did it, and interestingly it was not present there.
Google also has only 3 entries.
But we just saw it working. So it must be brand new.
Maybe it is the last "specimen" of the following list I found via www.stopforumspam.com :
Yangkee408
Yangkee672
Yangkee197
Yangkee070
plus Yangkee140, from "my" forum.
They all have interestingly the same e-mail adress: treessoo@gmail.com
Sometimes, you can also feed the e-mail adress into google ot whatever. It *can* give another clue, but not always.
Now, there's a very weird thing:
Yangkee140 from "my" forum had something in "its" signature.
There was nothing else than this:
That's all.
I still don't know what's this for, but I have a suspicion that this belongs to a greater scheme, because I have found similar bots in "my" forum with other, also very tiny, fragments.
Now follows a small list, first the bot's name, after that the fragment in the signature (within quotation marks):
Yangkee140 "10"
Huitogi84 "leveling"
Jucke45u "eing"
Rutiio032 "up"
I wonder whether these are fragments used by other bots to compose a spam-message out of this (these fragments) ... Like someone collecting mosaic-stones and putting them together and then distributing the complete work ...
But I don't know ...
Also interesting is that so many bots actually put their time zone to China ... Why do they do this ? Why do they have this "feature" implemented ? Trying to conceal their identity ? Just code left behind in the bot (maybe out of lazyness) ? Or waiting from a signal coming from China so it is essential that they have the same time zone, maybe for putting together fragments like in my example from above ?
I still don't know.
Well, now this is in principle what I've found out this far. Unfortunately I've never worked enough with PHP to understand these things enough ...
Interestingly, several bots we banned in "my" forum come back again and again ... But since they are banned, they can write nothing ...
Unfortunately I'm only a moderator over there, with not enough rights to examine what these already banned bots still try to do. I think it would be interesting ...
Among these "Zombies" are the following names:
080903k
080907k
CEO2008GAME
usagirl19735
Other names of bots that we banned in "my" forum:
KaiyureBoy
loveumaryii
lovebeijgo
usagirl19735
dtrrrjoke
baadman27
xuanlu425
xujingmei04
LRTIMKEN
vwxy720
Easyforpp
megadream20
admin86skf
Well, that's it for now. Hope this helps you.
Thank you for listening.
Alrik
I've seen a few spam-bots here recently, so I thought it could be a good idea to share with you what I found out, and how I have reacted towards them.
I have the role of a moderator in a forum about High Sensitivity and about Highly Sensitive People (HSPs).
It is built upon vBulletin 3.6.4 . There are no Captchas or how they are called during the registration process.
According to www.stopforumspam.com there is an insanely huge list of bots out there.
I once thought it would be great to have the bot names from that site as an RSS feed or so to use them as akind of filter against newly registering bots here.
First of all, try to make it a habit to control evry new user. If you find it, the new user's timezone is set to China, it's likely it's going to be a bot.
During this year, in an massive hack several hundreds - or even thousands ? I don't know - chinese or asian boards have been compromized. As I suspect, they now act as kind of "spam-throwers" towards the rest of the world. However, I cannot prove this. It's just that I combined 1 + 1.
Here is just a short list of bots that are likely to arrive here, but before, I'll tell you why:
1. I banned Yangkee140 on the HSP board.
2. Yangkee730 was here just today.
3. Both sound astonishingly similar.
1. First step: Take the user name and feed it into Google or any other search engine.
Results:
1. If the results are more than let's say 5 pages, then it's most likely a bot.
2. If almost all results are user names from forums, then even more so.
3. If the time zone of Yangkee730 is set towards China, then you'll have another clue.
2. Second step: Take the e-mail adress and/or (double-checking) the IP adress of Yangkee170, and look for it in the database of www.stopforumspam.com .
I just did it, and interestingly it was not present there.
Google also has only 3 entries.
But we just saw it working. So it must be brand new.
Maybe it is the last "specimen" of the following list I found via www.stopforumspam.com :
Yangkee408
Yangkee672
Yangkee197
Yangkee070
plus Yangkee140, from "my" forum.
They all have interestingly the same e-mail adress: treessoo@gmail.com
Sometimes, you can also feed the e-mail adress into google ot whatever. It *can* give another clue, but not always.
Now, there's a very weird thing:
Yangkee140 from "my" forum had something in "its" signature.
There was nothing else than this:
That's all.
I still don't know what's this for, but I have a suspicion that this belongs to a greater scheme, because I have found similar bots in "my" forum with other, also very tiny, fragments.
Now follows a small list, first the bot's name, after that the fragment in the signature (within quotation marks):
Yangkee140 "10"
Huitogi84 "leveling"
Jucke45u "eing"
Rutiio032 "up"
I wonder whether these are fragments used by other bots to compose a spam-message out of this (these fragments) ... Like someone collecting mosaic-stones and putting them together and then distributing the complete work ...
But I don't know ...
Also interesting is that so many bots actually put their time zone to China ... Why do they do this ? Why do they have this "feature" implemented ? Trying to conceal their identity ? Just code left behind in the bot (maybe out of lazyness) ? Or waiting from a signal coming from China so it is essential that they have the same time zone, maybe for putting together fragments like in my example from above ?
I still don't know.
Well, now this is in principle what I've found out this far. Unfortunately I've never worked enough with PHP to understand these things enough ...
Interestingly, several bots we banned in "my" forum come back again and again ... But since they are banned, they can write nothing ...
Unfortunately I'm only a moderator over there, with not enough rights to examine what these already banned bots still try to do. I think it would be interesting ...
Among these "Zombies" are the following names:
080903k
080907k
CEO2008GAME
usagirl19735
Other names of bots that we banned in "my" forum:
KaiyureBoy
loveumaryii
lovebeijgo
usagirl19735
dtrrrjoke
baadman27
xuanlu425
xujingmei04
LRTIMKEN
vwxy720
Easyforpp
megadream20
admin86skf
Well, that's it for now. Hope this helps you.
Thank you for listening.
Alrik