Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Spam for vanilla forums - target keyword

hi

I just found the following keyword search for my forum.

"It looks like you're new here. If you want to get involved, click one of these buttons!"

I guess the spammers target the vanilla forums by this keyword.
Is it good idea changing this word?
What is the use for them? I delete the spams immediately. But they keep posting the spams on my forums.

Comments

  • @mahesh

    Is it good idea changing this word?

    They've already found you probably to late to stop the one who found you.

    try it and see if it helps. change it via localization (see the wiki)

    What is the use for them?

    who the spammers. Attracting attention.

    you can use one of the anti-spamming techniques discussed in several discussions (search forum for various spam discussions)

    But they keep posting the spams on my forums.

    they like you

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • whu606whu606 I'm not a SuperHero; I just like wearing tights... MVP

    @mahesh

    There are any number of threads on how to prevent and deal with spam.

    If you have followed all the suggestions, then, like me, you will find you get no (or almost no) spam applicants, and this question becomes irrelevant.

    If you haven't, why not?

  • x00x00 MVP
    edited November 2013

    tbh honest there is load of ways to detect a framework. On top of that spam bot will try an probe nearly every form regardless.

    It is naive to think they only target the forums by some phase.

    grep is your friend.

  • phreakphreak Vanilla*APP (White Label) & Vanilla*Skins Shop MVP

    @mahesh: I think it's a help request search of someone trying to change the text. Under 2.0.18.8 and below this text wasn't in the locale file. It was in *guestmodule.php something.

    • VanillaAPP | iOS & Android App for Vanilla - White label app for Vanilla Forums OS
    • VanillaSkins | Plugins, Themes, Graphics and Custom Development for Vanilla
  • peregrineperegrine MVP
    edited November 2013

    @phreak said:
    mahesh: I think it's a help request search of someone trying to change the text. Under 2.0.18.8 and below this text wasn't in the locale file. It was in *guestmodule.php something.
    Under 2.0.18.8

    perhaps, but the user failed to specify the version they are using. and if this was the real question, maybe the title should be changed, after the op says what they really want.

    but the proper way to do it is via definitions and locale! in your conf.locale.php or some other defintion file if you prefer. Not editing core files.

    $Definition['GuestModule.Message']= "It looks you posted a few questions here - Why don't you post your Vanilla Version, jeez, its not that hard";

    some people hard coded it into their themes I believe. e.g. Sky theme - that would be a problem though.


    did you see this message in pink at the top of the page regarding posting a questions?

    When posting a question on the forum, please include the version number of Vanilla you are using.

    check these out as well.

    http://vanillaforums.org/discussion/23130/forum-post-ettikett-etiquette

    http://vanillaforums.org/discussion/17954/food-for-thought-forum-etiquette

    http://vanillaforums.org/discussion/25115/how-to-how-can-a-new-user-better-help-the-community-when-asking-a-question

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • hi,

    I didn't mention the version because, I mainly wanted to know how do they get benefit from posting spam in unpopular forum.

    If the above text brings the spam, so other users can make edit on their forum before it is too late.

    honestly how do they get benefit from this?

  • honestly how do they get benefit from this?

    how do spammers get benefit? is that what you mean.

    • some miscreants derive pleasure by causing havoc and creating problems for others.

    • some people get paid to post website links on other web sites.
      no different than getting a spam e-mail for a rolex watch.

    • some people enjoy trolling on the edge to see how much they can get away with and fool people that they are not trolls, before they do indeed get banned or deleted when the admin gets the true picture. Some people pretend they are young but old, one gender but actually the other, etc, etc. to deceive or derive pleasure.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • I am using stop forum spam. It is really a good one. blocks lot of spam registrations.
    I am using Akismet.

    I have changed the registration to approval.
    Some registrations are escaping stop forum spam.

    I will be thankful if you can recommend me few more which can stop spammy registrations.

  • whu606whu606 I'm not a SuperHero; I just like wearing tights... MVP

    @mahesh

    The 'spam' discussion has been done to death on this forum.

    It should not be beyond you to search for 'spam' and find the relevant discussions.

    There shouldn't be any need to constantly re-post solutions.

  • @whu606

    Yes. I did a search and found lot of plugins to stop spam. Unlike other fourm softwares, Vanilla is simple and clean. That is why i have decided to use it. Adding tons of features with security hole is not good idea.

    I checked few plugins which are not verified plugins.
    Stop forum spam is also not verified. But go through with that. I felt there wont be any security issue with "Stop forum spam" and installed. I still want to have a safe forum instead of loading tons of plugins.

    As you can see i have already mentioned the plugins name which i am using. So you can advice me if there is any security problem with those two plugins and i asked you to recommend few more because you are using vanilla for ages when comparing with me. You know better vanilla than me!

  • whu606whu606 I'm not a SuperHero; I just like wearing tights... MVP

    @mahesh

    The point of my post was that there are already a lot of threads discussing the various methods people use to prevent spam. Asking people to post again because you haven't looked hard enough isn't OK in my book.

    Search whu606 and spam or peregrine and spam.

  • x00x00 MVP
    edited November 2013

    @mahesh there is basically five ways you can help prevent spam

    1. Being unfamiliar/aloof, if you do something different it does take a while spammers to catch on, and if you vary thing all the better. So for instance asking people to give the equivalent Roman numeral of a character in your language (if that language is uncommon). This is not uncrackable obviously, by typically these script target the softer familiar targets. But if you refresh thing often it is better. This is not a solution on its own.

      Also sites the require sms confirmation, or some transaction, are too much hassle, and too big of a evidence trail to spam.

    2. Putting the maths in you favour. I have seen some terrible captchas, I solved one in ten tries entering the same digits, it had a really ironic name of "ironclad" or something like that. People wrongly think that reCaptcha is weak, it isn't, it is just well used, so naturally spammers have invested more time in cracking it. It is rarely cracked (usually some exploit). However, it is updated automatically. You can use reCaptcha, but it doesn't hurt to put an additional layer, personally I like this project: Asirra. It is not about the cute cats, it is about the maths, there are similar looking ones that don't have maths in there favour. Notably the size of of the data pool, and the possible variations of answers.

    3. Making you site less attractive to manual spammers. Make sure user profiles aren't open to guests, make clear link are no follow, even lot allowing linkage, for new members.

    4. Intelligence based blacklist and heuristics like stop forum spam, akismet. These are only as good as the reporting so make sure you report offenders. Such project can use statical method like data training to help spot spam like behaviour.
    5. Basic server security, learn the best ground up practices for running a server. Not all spam is through comments and html inputs. If your site is compromised, registration security is useless. Not all spam is obvious. It it might not directly target human but search engines, and hide the payload, so you could find your site blacklisted through no fault of your own. Some of these script are 'call home', which mean they are using up resources, and compromising privacy of your users.

      Also make sure that all those that have privileged access scan their computer for vulnerabilities regularly. People don't realise that spammer use this indirect but highly effective vector of detecting site use of the backend interface piggybacking the session and delivering the payload. if you have a site where there are contributors and editors, limit their powers as much as possible, even if you trust them personally.

    grep is your friend.

Sign In or Register to comment.