[thelist] tracking spammers

[Renoir Boulanger]

Tracking spammers

Here is my take on what I would start searching from.

My experience is mostly PHP application development, Email server management and Linux System administration.


BTW, in montreal we have good technical conferences: ReCon (in a few weeks),  Hack.us in eastern townships and ConFoo.ca (Im part of the organizers).

What I wrote for:


== My opinion ==
I tend to say that using the password as an element to detect a registrant as a spammer is unreliable. 

First, ethical issue, then, we, tech savy people, teach [non tech savy] friends and family to have better passwords.

I don't know where your research went so far but here is some places I might look onto:

== Patterns ==
- run a dictionary check on username it doesnt happen often, when user has right to decide username, to pick something non human

- Keep track of IP and check if IP did not try already some time ago

- Use MX check on user email domain provider then try to send email to it and require user email confirmation from a generated URL (obvious but good filter I think)

- Use Facebook connect. If there is a session opened and the username doesnt fit at all with user. Remove validity points


== Open source utilities == 
- SpamAssassin
They provide a suite of testing tools and scoring system. I think you could be able to use the engine as a filter and pass your registration fields through it like we do with mail servers there is lots of documentation.


== Webservices ==

- Get API access to Relay Black Lists they could give some hint on spammer networks. Do not use as hard evidence because it's SMTP IP addresses and not actual users

- Try to see what WordPress has done with their Akismet, they provide professionnal API and they work well on comments on blogs

- ReCaptcha is a captcha provider. Could be useful. Why re-creating captcha system.


== ConFoo ==
A web techno conference from the PHP, ruby, java, Javascript usergroup communities Happening in montreal in Feb-March. 

We are about to open call for speakers if you are interrested, send a mail to board at confoo.ca




Cheers Guys


RENOIR BOULANGER //

devLABmtl.org/
ConFoo.ca/
evocatio.com/

(envoyé de mon téléphone)
~

On 2011-07-06, at 09:06, Bob Meetin <bobm at dottedi.biz> wrote:

> Several of my websites commonly get hit by either low paid human spammers or spam bots.  The registration form employs a good captcha function and the form IS being used.  Recently I started capturing data about the spammer wanna-be's.  The patterns are obvious.
> 
> IP: 173.242.118.133
> Name: Affesibre
> Email:testxr30 at o2.pl
> Username: Affesibre
> 
> 1) Although they use differing email suffixes, .pl is common and none of the 750+ valid members use that domain.
> 2) Name matches username = nonsense
> 3) IP address varies
> 4) Password = nonsense and always 10 characters
> 5) Special hidden fields are not being filled in
> 
> I can trace the IP to various countries, not much help. There are valid registered members on the site who register with the same name and username, so I can't really use that, although I've considered respectfully requesting that username and name not match.
> 
> Password = key. I was thinking that these were humanoid but in that the passwords are always 10 random characters, that makes me think perhaps otherwise, perhaps the same program has been passed around the spammer block. Idea: If  $name == $username&&  string length $password == 10 then choke.
> 
> Other ideas?
> 
> -- 
> Bob Meetin
> dotted i - http://www.dottedi.biz
> LinkedIn: http://www.linkedin.com/in/bobmeetin
> 
> -- 
> 
> * * Please support the community that supports you.  * *
> http://evolt.org/help_support_evolt/
> 
> For unsubscribe and other options, including the Tip Harvester
> and archives of thelist go to: http://lists.evolt.org
> Workers of the Web, evolt !