It has come to my attention that lately people (or bots) have been signing up on the boards and then sending spam private messages to our users. We have a zero tolerance policy regarding this - whether a real user or bot, any kind of unsolicited advertising via private messages will result in an instant ban and deletion of the user and all their private messages.

I'm taking steps to beef up security so that this doesn't happen any more, but manual spammers (China slave labour or equivalent) are much harder to stop than bots.

If ANY user receives ANY sort of advertising/spam private message from ANY member, please forward the spam PM to me (Taluntain) immediately so that I can deal with the spammer.

By the way, if you receive a notice of a new PM via e-mail, but see no new PMs when you get on the boards, it means that you've been sent a spam PM, but it has been removed by the time you got on to the boards.

Apologies for the inconvenience.

Oh great, spam bots PMing everyone, and i STILL don't get any PM's... :(

Wow. I had no idea bots had become this advanced.

I hope there are no bots capable of using someone else's account to send a message. It would be pretty irritating to get banned because some bot spammed through your account.

They just make their own accounts, they don't need to use other people's.

I've added this to the first post: "By the way, if you receive a notice of a new PM via e-mail, but see no new PMs when you get on the boards, it means that you've been sent a spam PM, but it has been removed by the time you got on to the boards."

Oh great, spam bots PMing everyone, and i STILL don't get any PM's... :(

Same brother, we're just not popular!

Well, i know why your not, but.... ;)

Well, i know why your not, but.... ;)

Don't we all mate... Popularity if overrated!

I had no idear this was happening. I stull didn't get any PM's either.


What really makes me wonder is who would spam SP members?

We should be thankful that SP is relatively spam-free.

I moderate a cellphone forum, and we had to put up a manual account activation to stop the flow of spam. "Natural male enhancement", weight loss pills, cellphone wholesales, pr0n - you name it, I've seen it.

And it's not SP related, but just a month or so ago, I got hit by a massive wave of spam from phoney eBay users. I was flooded with over 100 of those messages PER DAY for a FULL FREAKING MONTH. Do a quick calculation just how much spam this equals into. :mad: :mad: :mad: :flaming: :flaming: :flaming:

darn - sorry - got one, but deleted before reading this thread - will send if another pops through the filter.

And here I thought that some unknown woman named elsie108 was thinking I was such a cool guy and al :cool: l...

Spammers ... :mad: :nolike: :grr: :almostmad: :flaming: ...

A manual activation procedure, as suggested by DotW, will prevent bots from opening accounts. For example, a new user will have to open an e-mail and click on an activation link, then perform some operation on the page that opens.

This will also be a major nuisance to real people trying to open a large number of accounts, since they will need a large number of active e-mail addresses (if a single e-mail address can only be used for one SP account - just remember to block the e-mail address when you block the account so it can't be reused). So on top of the time it takes to open an account at SP, they have to spend extra time opening a new Hotmail or Gmail or Yahoo account every time.

If all else fails, new accounts could be limited to a certain number of PMs and posts per day for a certain period, which should see to it that spammer accounts are outed and blocked before they can be really profitable.

Manual activations technically COULD work, but keep in mind the forum I moderate is rather small. SP is MUCH bigger, so it could make manual activations a real pain.

The best option I see would be to temporarely disable ALL posts (public+PM) for newly registered users. It could go hand-in-hand with the manual activations (in case a manual approval of a spam account occurs - yes, it can happen), or work as a standalone system.

Or ultimately, if all else fails, go for banning blocks of IP adresses.

If all else fails, new accounts could be limited to a certain number of PMs and posts per day for a certain period, which should see to it that spammer accounts are outed and blocked before they can be really profitable.

This kind of PM limiting is not possible currently. I could make it impossible for new users to use the PM system altogether, but that'd also mean that they wouldn't get our Welcome PM, which is a rather big downside.

Or ultimately, if all else fails, go for banning blocks of IP adresses.
I'm always against banning IP addresses. The way my internet connection works a couple of hundred of users (possibly several hundreds) all get our local IP addresses then we all interact with the rest of the internet through a handful of external IP addresses. Every once in a while I stumble a site that tells me I'm banned, even though I've never seen it before, and I start cursing whoever used the internet in the building and got banned. I know IP banning is much easier for the admins, and I suppose some poor soul will have to pay for the spammers if that ends up being the only viable solution.

Oh great, spam bots PMing everyone, and i STILL don't get any PM's...

lmao :D

I mentioned manual activations in my last post. The email + link Monty mentions would block bots, but there are also some real people spamming.

The policy we have in place in the forum I moderate against spammers is relatively easy: First, the registration webpage has some code on a drawing which acts as a first line of defense against bots. Second, an email is sent to one of the three Admins (if the third one doesen't show up more often, I think it's not impossible I get promoted to Admin). The Admin inspects the new account, and decides to approve or not the new account. While the account is waiting to be approved, the user/spammer cannot post messages of any kind, both private and public. If approved, the account is closely monitored, and if it turns out to be a spammer, both username and email get a permaban.

To also further choke out the spammer traffic, one of the Admins put a ban on all @hotmail.com (and it's variants) and @gmail.com (+ variants), both being spammer favorites. We know this policy affects legit users. The Admin in question said he'd monitor traffic and check if we keep this ban enforced or not.

As a result, it's been aeons since I last canned a spammer. Manual approvals work like a charm, but we are a small forum with small traffic, so Admins aren't overwhelmed with approval requests. SP, I suspect, has much bigger traffic, so it likely would be, ah, more difficult to do, but this policy is a very effective way to thin out spam.

90% of registrations from hotmail and gmail are legit. Blocking both will get rid of most spammers, but it'll affect valid users far more.

Tal, I know most of the registrations from Hotmail and Gmail are legit. I do not believe the ban still in place - I'm just a mod, so there are some things I'm not privvy to.

The manual approval might be a viable option, but it all depends on the traffic here.

For other kinds of spammers, yes, but PM spammers don't really give themselves away at registration usually. Anyway, the measures that we're employing are obviously not something I'll disclose here for every spammer to read. ;)