How To: Fight back against botnet spammers on forums when CAPTCHA fails

Go down

How To: Fight back against botnet spammers on forums when CAPTCHA fails

Post by S7 Vision67 on Wed Oct 06, 2010 3:37 pm

Pretty interesting read on a forum admin who went beyond blocking the vast amounts of bot-spam accounts on his forums by IP-Block banning, and taking over the spam-email account and denying the bot access to it to stop the flow of spam.

I absolutely love the fact that he's set up honey pots to get the login credentials for the spambots. I love honeypot base security research in general, actually Very Happy

Edit: And the interview from a blog called "free internet press" (not https, if you're like klown and worry about that kind of stuff, I copypasted the interview below.)

FIP: Can you tell me a little about yourself?
[Editor's note: We respect Random Digilante's privacy, and have not asked for any identifying information.]

RD: Let's just say I do run forums, and they have been spammed relentlessly, so now I also run a few forums which I know have been added as defaults to the Xrumer and other [spam] software suites, and the spammers don't know which ones they are. These forums now only exist to capture usernames and passwords from forum spammers, who are officially the only ones who visit these forums.

FIP: Why did you get started in this aggressive tactic against spammers?

RD: Because it was causing my actual forums to slow down. I was seeing anywhere from 5,000 to 20,000 attempts to register every single day. This just shouldn't be happening. My main forums are for critical technical discussions and these spammers instead want to flood it with ads for penis pills, "make money at home for free" scams and of course porn and the sale of stolen credit cards. It eats up resources and above all it is unwanted and really scummy behavior.

FIP: Obviously the accounts you are disabling are set up against the terms of service of the mail providers, and are being used for illegal activities.

RD: If I were taking over an account that was created by a human being who actually cared to contribute to my forums, yes that would be illegal.

FIP: Are you concerned about the possible legal consequences of your actions?

RD: Here is the reasoning I use, and I know that a lot of people argue it.
Especially now that I have a few dedicated forums whose only reason for existing is that they capture the login credentials of forum spammers, my feeling is that they're not people, they're robots. Xrumer [a forum spamming software] is a 100% automated process. The human has to set up the email address where the responses get sent for things like confirming your account by clicking on a link, but everything after that is done by the software. No human being is harmed by what I do, only a piece of software. If they cared, they would pay attention to the fact that these accounts are getting taken over very regularly by me. They don't. They just set up new accounts and start over.

It's hard to feel "bad" about taking these accounts over. All I can tell you is that I have never taken over any account that was not very obviously being solely used repeatedly to auto-register to forums. In fact by the time I get to them it's obvious that the spammer only set them up from 1 - 6 days prior to me taking it over. There are no human-written messages in any of these accounts. I certainly would not have gone so public with this activity if there had been. Only purely automated messaging has ever been present in any of these, and I have enough hard data to back that up.

FIP: Are you concerned about the people and organizations that you're fighting trying to get revenge for your actions against them?

RD: I was. I get many threats to "cave my skull in" among other things. But they don't care enough to come find me, and they still don't know who i am or where I am geographically. They aren't very skilled at spamming forums, so I doubt that they would have much skill in actually trying to find me or do any real harm to me.

FIP: Do you have any statistics on what you've done?

RD: Here is a breakdown of the total number of accounts taken over from May 2009 until today
[Editor's Note: The total was 542. Other references have been removed to protect RD against any liability]

Total number of attempts by all accounts that I have logged to my main forum: 17,784. That's only since I actually began logging these which started in March 2010.

I know that overall the number of forums which successfully get affected by this activity is much lower, and I would have to think that this is at least partially due to my alerting forum owners about this scum. When I started doing this, the average account I took over was full of nothing but confirmation emails from usually 60,000 to 80,000 forums. Now, that number can only very seldom reach 40,000, but average is now 2,000 - 12,000. I know that this is not scientific information. It may be that the spammers who had the really huge lists of forums just never pruned their lists of forums and they just stopped trying, or it could mean that a new list of forums is the new standard. Either way, my forums are on all of these lists that the spammers use. It's all I have to go on.

I have personally reported and gotten several hundred forums shut down (I'm working on 500 for this year. I'm not far off.) Each of these had been abandoned since 2008 and were full of nothing but spam promoting purely criminal activity (stolen credit card info being the primary one, but child porn being another.)

FIP: How has the feedback been, both the obvious posting, and private messages? Were most of the people who found you happy that you're doing something to stop the problem? Were any of the comments from those that you have been disabling?

RD: The negative tend to be largely from people who just are not understanding the point I'm trying to make, and these very often appear to be unskilled moderators. They claim that I am spamming them. I'm not. Every time they get a message, it's because they have allowed a spammer to attempt a register which the software approved. Even though the spammer still needs to do the final confirmation, or the moderator needs to manually moderate these accounts, these operators could save themselves a huge amount of hassles by just putting in some far stronger password requirements. That, I can say 100% for a fact, makes these attempts far less successful, and removes a lot of the bandwidth usage these scum add to every forum they do this to.

FIP: What do you see happening with this project in the future?

RD: I don't know. It started as an experiment, but now here you are asking me questions for a real interview.

FIP: Do you have advice for those operating forums on how to protect themselves. I have seen some tools, such as [a specific blacklist], which appears to be a helpful.

RD: My problem is that it is still not really used by a very large number of forum operators. When the average number of forums which are being continually abused by these spammers is still as high as tens of thousands of them, i think it is safe to say that it is no real deterrent, and that nowhere near enough people are taking their advice, or mine, very seriously at all.

I didn't expect this to end the problem, I expected forum spammers to notice that I'm really sick of hearing from them, and I want them to stop. They don't stop. Why they think that I'll ever allow a single one of them into my systems is baffling. These are some of the stupidest people I have ever heard of.

The biggest problem with all of this is that anyone can set up a forum site as a hobby and not know enough about anything to do with forum spam. They eventually forget all about their hobby forum. This is probably around 20% of all of these forums.

When so much free software is out there, run by people who just aren't that skilled at what they're doing, and who don't ever think that their hobby forum would ever be used to sell things like child pornography or stolen credit cards, that's a problem. If it was your house, and you woke up one day with stacks of child porn lined up on your front lawn, you would be very concerned about that. These hobbyist forum people don't understand that they are a huge part of this problem. They are contributing to some really bad crimes and they are unaware that they can be held legally responsible for this activity.

The same is true for the majority of the forum spam out there which (of course) tries to sell Viagra or harder drugs with no prescription. These fake drugs are dangerous (there is a lot of evidence online that these pills are manufactured overseas by frankly sh1tty factories) and eventually people can die from them. If Mr. Hobby forum operator happens to have 3 million postings on his forum promoting these sites, don't you think that is a form of criminal activity if someone buys these fake pills and eventually suffers some big health problem from them? I do. These spammers see every forum on the internet as a free place to promote whatever bullshit they think they can make money from. I'm here to at least slow that process down.

FIP: Thank you for answering our questions. I hope this helps bring some insight to those who don't understand what you're doing for them, and hopefully give spammers the hint that it's no longer a one sided battle.
S7 Vision67
Master Sergeant
Master Sergeant

Posts : 645
Join date : 2010-02-27
Age : 29
Location : Los Angeles, CA
GamerTag : Loose LL Change

View user profile

Back to top Go down

Back to top

Permissions in this forum:
You cannot reply to topics in this forum