[Security] Updates in registration form.

Post anything, about anything here!

[Security] Updates in registration form.

Postby Wighar on Mon Aug 03, 2009 11:05 am

There are a few minor updates being made to blacklists and various, nothing you would notice nor any common registrant would notice for that matter.

I have started adding pre-emptive IP blocks from those listed at Stopforumspam.com among a few other blacklists.

We also ask you members to keep an eye out, should you for example see a member of our forum that is listed on a blacklist you are free to pm Wighar, Proto or other admins so that they can confirm the information is correct and decide what action to take if any is needed.

Q: Why should i report a suspected spamer?
A: In normal case we can catch them as they make the Spam Post, in other cases the bot leaves a unused account that was ment to perform a action that fortunatly did not trigger*.

Q: so a unused account on our forums, whats the big deal?
A: true since it probably failed its action, it is potentialy harmless, but its details are still listed which makes it a real annoyance when we need to mass inform the forum of updates or details that will be mailed to members.

The administration email will recive this in reply 8 out of 10 times from such accounts:
repsonse Mail wrote:<Mail address>: host mailservice provider[#.#.#.#] said:
550-5.1.1 The email account that you tried to reach does not exist. Please
try 550-5.1.1 double-checking the recipient's email address for typos or
(in reply to RCPT TO command)

the admin mail will then send a notice to a Super-Administrator/Founder that this has failed. I personly recive anywhere from 8-14 of these daily (including failed validation mail on newly registrated accounts)

Some of these are ment to not do anything but lure members to check the profile of the member (some prey on the birthday list function) and they will have a Website listed that is most commonly trap/phiss or pr0n sites which are used to provide the spamer with money or to steal personal identifying information or creditcard numbers.






(*)
some trigger actions that could be performed by bots:
- Mass PM spam
(this function has been manipulated to not allow such actions per limitations that will be kept secret.)
- Using the forum mail script or mass mailing system to send spam mails
(this function is not available on our forums after a failed upgrade that has corrupted the install, so this wont ever be available, well that is until a new install which i don't see happening any time soon.)

and these are only 2 of the more common ones.
Image
You can visit My Website and My Blog by these links.
User avatar
Wighar
Admin
 
Posts: 1447
Joined: Wed Jan 11, 2006 12:09 am
Location: Sweden

Re: [Security] Updates in registration form.

Postby levyne on Sun Aug 09, 2009 12:58 pm

Just read this, thanks for keeping us updated. I was wondering what is the difference between the outgoing box and sent box in personal messages?

Also I have always found it strange that public email display is opt out and not opt in upon registering, I dont think many notice that their sign up email is on display.
levyne
TSS Member
 
Posts: 144
Joined: Mon Nov 19, 2007 6:00 pm

Re: [Security] Updates in registration form.

Postby Wighar on Sun Aug 09, 2009 5:34 pm

levyne wrote: I was wondering what is the difference between the outgoing box and sent box in personal messages?


Outbox is pm's still to be sent to a member (can still be edited)
Sent is pretty much the aftercase of Outbox when the in forum message has been sent to the user (this happends upon thier login action.)


levyne wrote:Also I have always found it strange that public email display is opt out and not opt in upon registering, I dont think many notice that their sign up email is on display.


The profile listed email address 'public email' as you listed it, is indeed the one you registered with, this is the normal behavior of the PHPBB system as it does not come with the functionality of a 'private' and 'public' mail display otpion rather then 'registered' mail, and there are acctualy no administrational settings that states or functions in the manor of to opt in or opt out the display of the email address that i have been able to find.

however as we have broken the mass mail and mass PM usage by registered members a new registrant on our forums can not utilize them to spam email addresses, those functions should be set so that only administration can use the group pm functions.
Image
You can visit My Website and My Blog by these links.
User avatar
Wighar
Admin
 
Posts: 1447
Joined: Wed Jan 11, 2006 12:09 am
Location: Sweden

Re: [Security] Updates in registration form.

Postby levyne on Sun Aug 09, 2009 7:37 pm

Ah ok thanks for explaining :o_y: , I do think it would be better to have the user make the choice of seeing email a bit clearer but seems a problem with the forum type as you said. Option to toggle it is Users can contact me by e-mail in board preferences.
levyne
TSS Member
 
Posts: 144
Joined: Mon Nov 19, 2007 6:00 pm

Re: [Security] Updates in registration form.

Postby Wighar on Sat Aug 15, 2009 7:38 pm

more and more spamers from china... it is indeed a majority, I have had the suggestion given to me that we blockade all of china from the site, but that would be respectless and being as if combing over the whole country for what some careless spamers are doing.

I recently added a list of IP's from china from a IP listing that claims the IP's that i will soon list is used commonly by spamers, however the list is from 2002 so i am not sure it really applies to these addresses that i will soon list, the ban will show a message in chinese by Google translation that says basicly that the Serivce cant be provided at the time being and a second english message that states tha one can request more information from the sites admin address on the ban, this is so we can remove the ban, these IP's will not be listed on the ban for more then 2 weeks as they are part of a experiment in the midst of the update period.

the IP's are as follows in range:

58.17.0.0 - 58.17.255.255
58.20.0.0 - 58.20.255.255
58.21.0.0 - 58.21.255.255
58.22.0.0 - 58.22.255.255
58.38.0.0 - 58.38.255.255
58.56.0.0 - 58.56.255.255
58.58.0.0 - 58.58.255.255
58.59.0.0 - 58.59.255.255
58.60.0.0 - 58.60.255.255
58.82.0.0 - 58.82.255.255
58.208.0.0 - 58.208.255.255
58.246.0.0 - 58.246.255.255
58.248.0.0 - 58.248.255.255
59.32.0.0 - 59.32.255.255
59.40.0.0 - 59.40.255.255
59.42.0.0 - 59.42.255.255
59.52.0.0 - 59.52.255.255
59.56.0.0 - 59.56.255.255
59.108.0.0 - 59.108.255.255
60.12.0.0 - 60.12.255.255
60.28.0.0 - 60.28.255.255
60.160.0.0 - 60.160.255.255
60.194.0.0 - 60.194.255.255
Image
You can visit My Website and My Blog by these links.
User avatar
Wighar
Admin
 
Posts: 1447
Joined: Wed Jan 11, 2006 12:09 am
Location: Sweden


Return to The G.A.T

Who is online

Users browsing this forum: No registered users and 2 guests

cron