Tips to fight a new type of smart spammers invading our communities

We have discovered a new type of spammer on our three networks: AnalyticBridge, DataScienceCentral, BigDataNews.

They use many IP addresses (possibly via a Botnet) and are able to elude the captcha and advanced questions asked on sign-up (what is the square root of 144), as if they manage to sign-up via a proxy or IP addresses or devices where that bypass the captcha / sign-up questions.

However, they are easy to catch:

  • They provide an email address domain that looks suspicious (e.g. John_Doe@maiburixer.net)
  • Or they provide an email address that do not match their fake name, e.g name is John Doe, email address Amy.Ridgeway.87@yahoo.com
  • Usually country is suspicious (SA, CT, but I've also seen many occurences from NL and CH)
  • When they answer a URL question (e.g. what is your favorite analytic website), the answer is always two capital letters (e.g. http://AS, http://WV, http://VP)

I hope this helps you get rid of them.

Tags: captcha, dedtection, sign, spam, up

Views: 488

Reply to This

Replies to This Discussion

Permalink Reply by Melinda Orr on February 11, 2013 at 2:13pm

Seeing those too! Thanks for the overview!

Permalink Reply by Kos on February 11, 2013 at 4:47pm

We are receiving oddball spammers again as well.  Just now from "Passaic
MM" with odd email 

M.it.ch.e.ll.L.ew.alte.r0.4@gmail.com

Luckily our sign up questions are tip off to deny but yes, it seems they've begun again.  Augh
Permalink Reply by Skye on February 13, 2013 at 6:52am

Kos that is right, exactly the spammers that are showing up although they do not spam on my community as every member pends first then I simply ban them before they even get in. BUT I grab their IP and place that in the sign-in block area. 

Permalink Reply by Kos on February 13, 2013 at 8:22am

Yep, the minute u see those . dot.dot dot . email addresses you know they're crap.  *lol*  Received 3 more this morning (hairstyles).  Uh, no thank you.  *bam*  I wonder how much they're paid to be so annoying?  Maybe I'm in the wrong line of work.  LOL

Permalink Reply by Clark P on February 11, 2013 at 4:51pm

How are they spamming?  Profile comments?  Forum spam?  Friending and then private messages?

Thanks for the heads up!

Permalink Reply by Vincent Granville on February 11, 2013 at 5:17pm

A few of them manage to make it through the sign-up process, because I have so many new members to approve each day and so little time, my brain makes a rejection decision in 0.1 second (I hope it could be automated).

What I've found is the following:

They want to post blog posts, promoting diets and pills to lose weight. Thanks God, I also have to approve each post and thus they actually never went live. I don't understand why they continue to hit me so hard (about 10 new sign-up attempts each day) since they are not getting any benefit out of it. Not even one blog post that lasts more than 10 minutes. They must be using a Botnet.

Not sure if they do email spam or profile spams, and never heard a complaint from members, and I have seen anything in my various decoy accounts. Note that they can't send an email blast to any of our groups: this email blast option was turned off by me long ago, due to abuse by spammers.

Permalink Reply by Barbara Smith on February 15, 2013 at 10:23am

Can you tell me(us) more about decoy accounts.  I would like to see exactly what my members see and know exactly what they can do, especially inside of private groups for example. I don't know how to set one up however.  Do you need permission from Ning?

Permalink Reply by Dave Walkerden on February 11, 2013 at 5:00pm

I've had 50 in the last 3 weeks from this crew. On my site they post advertising material in blog posts. I have set my controls to "approve blog posts before they appear" and this seems to stop publication nicely. Every day I go to blog moderation and delete their profiles for SPAM and ban their IP addresses and everyday I get a few more. It takes a minute or two each day.

I too suspect that they're spambots avoiding signup controls and they're indiscriminate in the sites they're targetting. None of the spam ads have relevant offers for my country or my audience but they appear regardless.

Some of the recurring email addresses come from: 

  • articlechief.info
  • magicsubmitternow.com
  • articlearistrocat.info
Permalink Reply by LadyHawk on February 11, 2013 at 8:24pm

We have been hit the last few days as well. Unfortunately one did get past and he had a decent profile...answered all of the questions with lots of information. The first attacks were from Accra, Africa and today we got one from India. I have taken the time to trace all of the IP addresses (the block of...) issued to them and once I banned all the IP addresses associated with them the sign ups stopped. The ones we have been getting are not using the ma.ry.ca e-mail addresses but hanescrany@yahoo.com.

Here are the IP addresses if you wish to add them to your banned IP address list~

The 212 IP's are from Accra, Ghana

212.85.196.4

212.85.196.3

212.85.196.5

212.85.196.1
212.85.203.17
212.85.201.28
The 210 IP's are from India
210.212.152.0
210.212.152.1
210.212.152.2
210.212.152.3
210.212.152.4
210.212.152.5
210.212.152.6
210.212.152.7
Permalink Reply by Clark P on February 11, 2013 at 8:51pm

Thanks LadyHawk!

Now wouldn't it be nice if we could bulk upload these IP's?

Permalink Reply by Melinda Orr on February 12, 2013 at 5:09am

Sure would...or to have an auto IP ban list incorporated Ning wide ~ :) 

Permalink Reply by Elshara Silverheart on February 15, 2013 at 1:04am

I know right? How about IP approval added to spam watchlist! A feature that would never work otherwise.

RSS

Latest Activity

Fire-Tech replied to Jen's discussion 'Jen's Running List - Updated 4/6/2013' in the group The Sandbox
"Same thing here. All of the same issues...in FF and Chrome, but not as bad in Chrome."
24 minutes ago
Kos replied to Kos's discussion '3.0 My Thoughts From A Non-Coder (edited 5/20/13)' in the group The Sandbox
"Edited to add a menu layer suggestion [used the Galaxy SIII]"
32 minutes ago
Allison Leahy replied to Jen's discussion 'Jen's Running List - Updated 4/6/2013' in the group The Sandbox
"Sure does. Thanks for capturing this."
1 hour ago
Profile IconAndre Lacerda, solo and 2 other members joined Allison Leahy's group
Thumbnail

The Sandbox

Join The Sandbox to experiment with Ning 3.0 now!The Ning Team will be triaging bug reports and…See More
1 hour ago
Yaron replied to Allison Leahy's discussion 'Changes to Ning 3.0 Based on Your Feedback'
"Some embedded videos from members on our Ning 2.0 site can be seen in full screen, but most cannot.…"
1 hour ago
Kos replied to Jen's discussion 'Jen's Running List - Updated 4/6/2013' in the group The Sandbox
"Allison I was just on IE 10 and here was the screen I got.  Look a little empty?  LOL…"
2 hours ago
Fabio replied to Bosco Carvalho's discussion 'Futuro das Redes Ning' in the group Criadores Brasileiros - Brazilian Creators
"Tenho que dizer que concordo com o Thiago, tenho o meu NING 2.0 www.radarhiv.com com 12 mil membros…"
2 hours ago

NC for HireJen replied to Jen's discussion 'Jen's Running List - Updated 4/6/2013' in the group The Sandbox
"Thanks, I'm using FireFox 20.0.1. I wonder if it's a problem with FireFox and Ning?"
2 hours ago

Cultivating Community

20 Fantastic Content Ideas For Your Online Community

What is Your Community Support System?

Digest Emails: Yea or Nay?

Create Content That Your Community Will Love [Video]

Cultivating Communities From Your Audience

© 2013   Created by Ning.

Badges  |  Report an Issue  |  Terms of Service