What's new
What's new
By:
Advanced search…

OT-Mysterious spammer network constantly trying to register for PM

Milacron

Milacron

Administrator
Staff member
Joined
Dec 15, 2000
Location
SC, USA
In spite of "Captcha" and two questions to answer (one of which one needs some basic manufacturing awareness to answer without Googling), for a few months now there has been a relentless number of spammers trying to register for PM such that I have to open every entry one by one to examine. I won't go into the details but even with wildly different answers for location, interests and occupation it's obvious they are all from the same group or person.

Every once in a while a spammer get's thru on PM but far as I can tell it's never one of these. So here these guys are attempting 20 or more times to get PM membership per day for months and yet far as I know always rejected and yet they keep it up, never tiring.

Just wondering if anyone here has read anything definitive somewhere as to what is going on here ? Maybe some Vietnamese getting paid a few cents per spam attempt no matter what the results ?
 
tjbaudio said:
Are you tracking the IP adresses? Could be traced back to a specific ISP.
Click to expand...
Haven't checked lately as they seemed to be most anywhere. Checked five ISP's just now... all different numbers... two in Los Angeles, one in New York, one in France, one in Serbia... all different providers. The same spammer or group of spammers working for the same entity..for sure.

Curious what these morons want.. seeing as even if they did get thru and post, with rare exceptions (like when I'm asleep !) the post would be pointed out to me within minutes, deleted and they banned.
 
Milacron said:
So here these guys are attempting 20 or more times to get PM membership per day for months and yet far as I know always rejected and yet they keep it up,
Click to expand...

They are most likely using the membership form as a springboard for a 3rd party attack or probe, as a relay, by spoofing their originating address.

Also, in this a way a messenger can anonymize themselves by using a random websites rejected form data as a relaying mechanism.

never tiring.
Click to expand...
Why would they, so long as the messages get through?
.
 
you sound very knowledgeable. can you explain that, please, so i can understand?
 
dian said:
can you explain that, please, so i can understand?
Click to expand...

There are probably tens of thousands of websites that run some kind of vBulletin forum, all with very similar membership sign-up pages.

Behind the sign-up page there is form-data that is sent via http protocol.

In the case that the sign-up is rejected, a negative-acknowledgment is sent back to the originator of the enrollment process. This negative acknowledgement contains a significant portion of the originating form data. By spoofing the originators address that form data is sent to a 3rd party. As an anonymized message.

Many thousands of websites each handling 20 'forwards' per day adds up to significant bandwidth.

.
 
As for the spammers that do get through & post, how is it best to point them out? In the past I click the little triangle with the exclamation point.... the "Report Post" icon, in lower left of each post. And type "spammer" into the message box that pops up and submit.

Is that how spammers should be reported?
 
There is also not really an incentive for them to stop trying. It's highly unlikely that it is a person attempting to specifically gain membership to this site. It's just a computer program that someone wrote and tries an enormous list of sites. It could be malicious, it could be a kid trying to write an algorithm to beat Captcha or any of the other tests people set out to determine if a user is human. The reason you're seeing different IP's is most likely the person that wrote the program is using a botnet to issue the requests.
 
First, my congratulations and very sincere THANKS! for working to keep this a site we can use. This site provides an excellent forum for machine tool discussions - even more excellent since it's a well managed site.

The many registration attempts you are fighting off are proof that anyone who has a computer needs good virus/malware/trojan/whatever protection. In my opinion, you need something that stays current through regular updates from the software supplier as well.

As they say: "The most expensive insurance is not having any insurance at all..."
 
pri0ritize said:
There is also not really an incentive for them to stop trying. It's highly unlikely that it is a person attempting to specifically gain membership to this site. It's just a computer program that someone wrote and tries an enormous list of sites.
Click to expand...
In this case it seems to be actual people trying to gain access. For example I could see the possibility of someone writing a program to answer the questions automatically but only after the answers are determined and a new line of code entered for the new answers. But in this case when I change the questions and answers, there is virtually no delay between doing so and the continued onslaught of the same spammers. If all "bot" one would think there would be a delay of a day or two while a human figures out the new answers to program in....but there isn't.
 
I get tons of registrations for my site as well. Not a msg board like this but gives the ability to comment. With the range of IP addresses I guess it is just a bot network that is registering via a script. Captcha is supposed to weed out this but I think some of the scripts can get by it. What I do see is that the email address domain is the same for each registration that is part of the attack.
 
<jbc> said:
In the case that the sign-up is rejected, a negative-acknowledgment is sent back to the originator of the enrollment process. This negative acknowledgement contains a significant portion of the originating form data. By spoofing the originators address that form data is sent to a 3rd party. As an anonymized message.
Click to expand...
There is an option in VB control panel to send emails only to those that are accepted and to not send email to those that are rejected (deleted)...wonder if that would help ? The only problem with that is occassionaly I reject someone legit (they put city only, leave out occupation, etc) and so they email afterwards to find out why.
 
Milacron said:
Haven't checked lately as they seemed to be most anywhere. Checked five ISP's just now... all different numbers... two in Los Angeles, one in New York, one in France, one in Serbia... all different providers. The same spammer or group of spammers working for the same entity..for sure.

Curious what these morons want.. seeing as even if they did get thru and post, with rare exceptions (like when I'm asleep !) the post would be pointed out to me within minutes, deleted and they banned.
Click to expand...

Whatever vile creature they may be, I'm confident they definitely are not "morons". The relentless nature of it sounds to me like a bot attack.

V
 
JBC, so you're saying the following:

-they sign up as many accounts as possible at as many forums as possible.........
-all the denial emails come back to a 3rd party, like maybe the mayor of Ferguson MO.
-the Ferguson MO servers go down because they are overloaded.
-'denial of service' attack complete.

Correct?
 
Vernon Tuck said:
Whatever vile creature they may be, I'm confident they definitely are not "morons". The relentless nature of it sounds to me like a bot attack.
Click to expand...
I disagree...they are morons...otherwise it wouldn't be so obvious they are spammers...not only spammer but the same spammer. We are lucky that the vast majority of spammers (or the originators of the spam programs) are breathingly stupid people.
 
You must log in or register to reply here.

Similar threads

T
Mazak's new standard?
Replies
14
Views
2K
BT Fabrication
B
R
Should I stay or should I go? Advice on employment situation / Just need to vent
2 3
Replies
40
Views
5K
winger
W
dandrummerman21
What program / spread sheet / etc are you using for programming a thread mill?
Replies
8
Views
2K
moonlight machine
M
B
Agie Classic S, wire tension, tank fill / drain issues
Replies
6
Views
2K
davemtz
D
Matt@RFR
FOR SALE: Turn-Key 2007 Haas VF-2ss
Replies
19
Views
6K
Matt@RFR
Matt@RFR








 

ABOUT PRACTICAL MACHINIST

With more than 10.6 million unique visitors over the last year, Practical Machinist is the most visited site for metalworking professionals. Practical Machinist is the easiest way to learn new techniques, get answers quickly and discuss common challenges with your peers. Register for the world’s largest manufacturing technology forum for free today to stay in the know.

Learn more about us.

STAY CONNECTED

Facebook Instagram YouTube LinkedIn Pinterest Twitter Tiktok

Register Become a forum member. Register today.

Sign Up Sign up for our e-newsletter.

© 2024 Copyright Practicalmachinist.com. All Rights reserved.

Back
Top