Obviously he/she/it came back

[Pugsy]

I believe a sub-forum would be unacceptable to the hosts for that reason, too. It was a traumatic enough step to end guest posts.

Ahhh...but a legit post could easily be moved from a sub forum to a main forum...would be a lot easier for me than manually removing nearly 1 K spams.
I can move posts/threads easily if I wanted to. Just haven't needed or wanted to.
At least it wouldn't be so disruptive to the main forum page when someone comes here and all they see is Asian characters promoting some university or college in the USA.

Newbie registration in the middle of the night is minimal anyway.

[jnk...]

Sub-forum?

Who are you, and what have you done with the real Pugsy?????

SECURITY!!!!

[Pugsy]

Sub-forum?

Who are you, and what have you done with the real Pugsy?????

SECURITY!!!!

The real Pugsy has to go to the doctor to get a splint for her carpal tunnel flare up from repeated use of the mouse.

Actually already sort of a feature like that us available now but not active.
I see it in my moderator panel...where topics are waiting for approval before getting posted.
Newbie posts would require a human to verify it's legit and then allow or move it to public posting on the main forum page.
Not unlike a lot of other forums.

It's a tough call figuring out how to best prevent this crap and not cause problems for legit newbies.
To my thinking it's worse for a newbie to come here and see nothing but Asian characters on the pages and think they came to the wrong place..than it would be for them to register and have to wait a few hours for their post to show up.
Maybe consider doing it temporarily while they investigate beefing up the security protocols. I dunno...like I said before...all that is above my pay grade.

But like I have always said...it's not my sandbox and I don't get to set the rules.

[greatunclebill]

He tests me until I go to bed and then he does a test and I don't block and then all hell starts.
Dirty SOB.
I got up early this morning.
I got it stopped and I blocked the offending accounts and I can watch for new accounts.

In the meantime...cleanup will begin but the only thing I can do is one at a time...so give me some time.
I can only do one at a time until Ben comes to work usually around 7 AM CST and can help.

most active members are in the usa or canada and don't post overnight. simply get permission to shut off all posting and registrations at your bedtime whenever that is. then you or ben can turn it on when you get up. It's an easy fix. They need to help you, help them.

[mesenteria]

If this becomes a persistent problem, you may have to ask Our Overlords here for improved privileges. You're already a 'trusted agent'. You should have the outright privilege (and duty) to expunge obvious bot/spammer accounts when you recognize them. Most fora don't post the first five or six posts of a newbie until read and 'promoted' to view on the main forum by a mod. Even then, on my board, the status of the newbie also had to be updated to allow their posts to appear directly once they were approved.

I'm sure you can oblige the overseers here by agreeing to enhanced terms of service, just as you must have done originally. They can specify limited privileges and still allow you to enjoy a first cup of coffee at the keyboard each morning.

[chunkyfrog]

Once again the question arises:
"Who is PAYING for all these shenanigans?"

[jnk...]

Once again the question arises:
"Who is PAYING for all these shenanigans?"

The bots have bitcoin.

[klm49]

Pugsy, Are they using a different email address for verification every time or does it change every time like the IP address?

I honestly don't know because I don't have access to that information.
I would assume new/different email addresses are needed but those are easy to get.

I can see when someone sets up an account...and the time they made the account and how many posts they make...and I can quickly stop them from posting but that's all I can see. I might could look up the IP addresses but haven't bothered (would take some digging) because people use proxy servers all the time. I was told that they were different IP addresses and to block one might block legit people and it wouldn't stop them anyway since most of the time the IP is different anyway.
With the new forum software I used to be able to easily see IP addresses...now not so easy but really doesn't matter because I can't do anything about it at that level anyway.

My powers are limited....block accounts (one at a time) from posting spam ...remove the offending posts (one at a time) which obviously takes time.

Didn't take me long this morning to put a halt to the dude/it/he/she/bot...whatever.
Ben came on line about 6:30 and did the bulk of the clean up because he/she has different powers than I have.

I have zero input as to what anyone is talking about doing in terms of beefing up security. I am not included in that discussion nor really would it be helpful if I was because I don't know much about that behind the scenes stuff.
That's all above my pay grade.
You all know about as much as I know as to what is going on or what has been tried.

If I have time later I will go poke around in a couple of the spammer's IDs and see if I can find the IP addresses.
I know I don't have access to the registration email account information though. It's not available in any of my moderator screens.
My powers are limited which really isn't a problem under most situations. This SOB though...falls under unusual situations.
I can block the accounts as fast as he can make them or maybe even faster. Problem is obviously I can't be here 24/7 to throw up road blocks.

I know everyone here appreciates your efforts, both as a Moderator and your advice!

[Janknitz]

Another forum I’m on delays a new user’s ability post for 15 minutes after signing up. . That seems to be sufficient to thwart the bots.

I should add that the forum software does the delay, it's not a hands on for any of the moderators. I'm not trying to suggest that you, dear Pugsy, have to manually manage the delay!

[Pugsy]

I should add that the forum software does the delay, it's not a hands on for any of the moderators. I'm not trying to suggest that you, dear Pugsy, have to manually manage the delay!

I understood what you were talking about.

I mentioned the "holding tank" feature only because I saw it in my moderator panel where my special stuff is. There's a section for "waiting for approval" and it's topics or posts I think. I don't don't what parameters would be set to make something go into the holding tank to wait for human approval. It's just something I saw that doesn't seem to have any function at this time. There's nothing in there that needs "approval". What makes something need approval I can only speculate that it is a parameter that I don't have access to.
Maybe something like you are talking about.

I suspect that if there was just a time limit that the bots would still spit the crap out and it would just show up a bit later.
If there is no human involved the bot won't know that none of their crap is showing up immediately...they just keep firing out the crap.
I think that somewhere there is a human involved in the Asian spam because once I start blocking the multiple IDs they are using the spam quits until I get tested again with one little spam. They don't even try to create a new account. They do the one and wait a bit until they see if it sticks or not and if it does they know I am in bed and then all hell breaks loose. It's been that way every day this week and I fully expect it to happen again tonight.

My opinion is that new member posts need to be restricted and monitored at least temporarily until the powers that be have beefed up security to filter the bots out. It would be an easy to implement restriction that could be just as easily removed at a later date and wouldn't be nearly as much work for me as trying to manually clean out 1 K posts from 2 hours of spamming.
They could just sit in the holding tank until I got them cleaned out and they would never make it to the main forum page.
The legit posts...not many are made in the middle of the night and those would be easily spotted and moved to the main page manually.
But then again...just my opinion.
I just do the best I can with the tools at my disposal.

[RogerSC]

Pugsy, as a moderator you shouldn't need to be responsible for eliminating automated spammers in real time, that just doesn't make sense. That isn't really what a moderator should be spending time doing...there needs to be other solutions for that sort of auto-generated forum spam. Hopefully, there are other things that can be done to get the trash down to a manageable level. It's unrealistic to expect you not to get burned out dealing with that stuff.

In fact, I'd be inclined to spend my time looking for other solutions, and clean up after the fact (not during an intense automated spam attack)...but never mind, I really hope that's happening as well. Hopefully this current stuff will be short term, until a real solution is found and implemented. It's too bad that people find it somehow rewarding to restrict the usefulness of a forum with their spam, but there's little that you can do about it while it's happening and stay sane.

Take care of yourself. I understand the desire to take this on and keep things clean and usable, but you may find yourself hating it. That doesn't help anyone.

[USMCVet]

Pugsy,
The waiting for approval section is usually used when they require posts to be reviewed before being seen by everyone. The setting to set that up is in the admin control panel.
Definitely ask them to set it up so the first couple posts have to be approved before posting. That way you can sleep soundly without nightmares of spammers lol

[Holden4th]

This is a spambot and it's managed to get around the registration process as you now use Captcha to register.

Logically, this means that the registration was not done by a bot but by an actual person. This person has registered at least 6 accounts from my brief reading of the posts. The spambot takes over from there. All the spam stems from university websites which indicates that another bot has been used to gather e-mail addresses. Universities are a good source for a variety of reasons

To see how this might be done, I registered for Cpaptalk in a different name and the usual safeguards - Captcha on registration and activating the account via e-mail were there. A good step forward for this forum. I can now post as two different people if I wish.

Assuming that this is one person, I wondered how easy it would be to get/purchase spambot software from the web. Much easier than I thought. I went through most of the process before pulling out of downloading the software. I had more than one choice and some of the software was from well known software websites - they obviously don't care about what they sell!

Some points to ponder.

This time around the spam has been slow because the user has to manually register thanks to the Captcha process and the e-mail verification. Before, another bot did this for him/her and we saw what happened last time.

A great site on the web lists best practices for defending against spambots.

They include some that we are already doing - Captcha on registration and e-mail verification. This requires the spammer to register manually and use one of the e-mail addresses that another bot has gathered for him/her. It also suggest the following which would not be hard to implement and would be frustrating for the spammer:

Settings to prevent flooding. By putting a limit on the number of threads a user can post per hour, you can limit a rogue user’s ability to “flood” the board with his or her junk.

Institute filter to judge content for spam. One of those filters should be that all thread titles and posts are in English. There are additional filters that could easily be implemented.

One other simple setting (and while it would involve just a couple more clicks of the mouse it's not onerous) is to use the Captcha system for each post. It might make some of us pause and reread what we've written before blithely committing our rhetoric to the ether of the internet.

My research showed that we are not alone in this. It also lead me to believe that we are being deliberately targeted, possibly by a disgruntled ex-member.

There are further steps we could take but let's leave it here for the moment.

[Sheriff Buford]

Thanks for what you do Pugs!

Sheriff

[Pugsy]

He tested me again last night at around 7:40 with one test account and one post. It went away quickly and so did he.
Then again around 12:40 this morning with 4 accounts and got 3 posts in before I got them stopped/blocked and removed.
I went to bed around 1 AM. I knew he would be back with another test post and when it didn't get removed he would start up again and he did.
Looks like from the new account times he started again with a test post around 3:30 or so and then when that didn't get removed he started with the flooding.
Ben showed up about 5 minutes after I did here this morning and starting doing the bulk removal for me and there wasn't nearly as many to remove as has been in the past because the SOB started much later this morning.

He will be back today...probably this evening and later tonight in the wee hours of the morning again...and the battle will resume.

I am pretty sure a human is involved some where in this process because once I stop him...he doesn't create any more new accounts until he decides to test us again.
If it were all bots the new accounts and posts wouldn't stop once I got the current accounts banned from posting anything.
Once he knows someone is here who can stop him he waits until a later time to create a new account and start the battle all over again.