Mopar Muscle Association UK

Those of you that also frequent my own message board will know that for the last couple of weeks my board has been bombarded by industrial scale spam attacks.
It seems the forum web address was placed on a list last September and sold recently to a spam network. This resulted in ten spam registrations per day at first, climbing to 20 a day over about ten days.

Banning IP addresses and email accounts used didn't even slow them down. These places are like factories where the guys earn $1 for every 1000 spams they send. They have thousands of IP addresses and hacked PCs all around the world at their disposal to use.

The only way of stopping it was to upgrade the forum to the latest version (phpbb 3.0.8) and enabling the reCaptcha feature (you have to copy the text) to slow them down and stop some of the "spambots" used. We also had to add a simple mopar question to stop the more persistent spammer.

I mention this in case you also find yourselves having to delete 20 spam members a day like I was.
But also my message board looks well cool now I think.

Dave, I thought we were alone in this, not knowing much about how it works. The MMA forum gets about 30 spam registrations a day, which Ivor or Mandie or Martin are clearing away on a daily basis. Right pain in the butt, especially if you delete a genuine member at the same time.

I just don't understand what the purpose of it is??

You have 10 people sending 1000 spams per hour earning $1 each per hour. That 10,000 spams for $10.

If you got a result from 1% of them that is 100 of them...

Oh, I see, someone somewhere (1%) may buy what their web site is selling then?

MattH wrote:Oh, I see, someone somewhere (1%) may buy what their web site is selling then?

Yes. Sometimes it is real stuff. Often it is a con. Sometimes they are just after your card details. Other times it might be prescription drugs of dubious composition. Fake viagra etc
It is not 10 people working for an hour either. They have thousands of people working 24 hours.

reCaptcha filtered most of them out straight away. You should move to that in the registration as a first step. The latest version of this board software makes a lot more possible from the security point of view.

You may as well upgrade while there is so much content missing from here anyway..

the aim of email spam and dodgy registrations is the same

play on somones interest (ipads for £50) or insecurity (enlargment or engorgement)

use the hard sell to get them to click a link, what they see is a sales and payment process spiced up with emotive content and proces to purchase

what happens is at each step of the way to the none existant purchase a jigsaw is put togther on the unspecting customers PC

just by visting the link they know

browser version, operating system version, service pack level, all addins for your browesr that are active, the IP address of at least your router, and possibly the version and update level of your virus scanner and firewall

this info may be sold on...i.e the next part of the process just says page not found as they are done with you, to hacker with better skills who can compromise this Pc

or if you look like a soft touch they will continue and slowly compromise your PC with each link you click

or they may just plant a cookie that lies dormant until you visit a legit website that they have better compromised and they go to town on you when months later you visit it.

but either way they keep going until they have either

planted a spamming process which sends their mails for them
planted a key logger to get all your acount details your intrenet banking pay pal etc or access to your shared folders
set you up as part of a virus network or denail of service attack to be activated at some time in the future.

all of tghis is adminstered on your PC from the comfort of their own cave

message board access is great for this

once they have a legit account its easy to run scripts to harvest all email addresses from the user list page

if they are clever they read up on the version of the messagebaord, work out the secuirty issues with it and plant hidden script in perhaps the signature of their posts to do all of the above.

none of these processes are particlularly visible to the unsupecting PC owner

some of the rubbish ones are obvious

there is a common one about at the mo.

you as a cencerned interbnet user look up virus software
you install a free scanner top of the list in google
this installation alters a few of the main windows system files, which beause they are windows system files never rise suspicion

from that point on when 10-15 minutes in to any internet session a box will pop up that looks like "my computer" and a fake virus scan runs finding 15,0000000 things wrong

click yes to fix
click no
click the cross on the box to close it

all take you to a website for a product that is a virus scanner but costs 35 bucks. if you install it it also takes over your PC further, and on top of that where have your card detils gone...!!!.....install it and every web page you go to ends up triggering pop ups and pop overs for stuff you do not want and you find that this software has mamnaged to open up both outgoing and incoming ports in your firewall software

legit scanners see this scanner as a virus or advertsing malware as they call it

if so-called legitimate organisiations do this (i.e regisstered as software vending companies)

you can just imagine what the criminals are up to...

spybot search and destroy is a tool everyone should have
but only download this version http://www.safer-networking.org/en/download/
or the version from sourceforge...google search is filled with fakes

RUbotted works as well
http://free.antivirus.com/rubotted/

If a messagboard suddenly gets a lot of interest from the undesirbales
1) has a security issue with it been recently dicovered
2) has one of the members PCs been compromised which has flagged its existance up to a group who would normally not take notice
3) are the memebers of this board active on another that has been compromised because many sites log where you go next as you leave

Mmmm

Dave

My message board administrator (and host), Johan Ronkainen, has also added another layer of protection against spam for me.

Whenever someone attempts to register a new account, the IP address
request it is received from is verified real-time against a continuously
updated database of known forum spam sources.
If the source IP is in that blacklist the spammer won't be allowed to register but redirected to a generic error message.

He did this redirect part in case someone get's incorrectly blocked they still have an email address to contact.

So we have now three layers of defense against spammers:

1. IP checks against blacklist (RBL, some technical information on how
these work on http://en.wikipedia.org/wiki/DNSBL)
2. Q&A, currently you need to know the answer to a simple Mopar question. It's easy to change the question to something else via admin pages of forum.
3. reCaptcha. Closest thing to uncrackable. Of course it's not really
uncrackable, but big names such as Google and Facebook trust the same
product.

Dave999 wrote:the aim of email spam and dodgy registrations is the same

play on somones interest (ipads for £50) or insecurity (enlargment or engorgement)

use the hard sell to get them to click a link, what they see is a sales and payment process spiced up with emotive content and proces to purchase

what happens is at each step of the way to the none existant purchase a jigsaw is put togther on the unspecting customers PC

just by visting the link they know

browser version, operating system version, service pack level, all addins for your browesr that are active, the IP address of at least your router, and possibly the version and update level of your virus scanner and firewall

this info may be sold on...i.e the next part of the process just says page not found as they are done with you, to hacker with better skills who can compromise this Pc

or if you look like a soft touch they will continue and slowly compromise your PC with each link you click

or they may just plant a cookie that lies dormant until you visit a legit website that they have better compromised and they go to town on you when months later you visit it.

but either way they keep going until they have either

planted a spamming process which sends their mails for them
planted a key logger to get all your acount details your intrenet banking pay pal etc or access to your shared folders
set you up as part of a virus network or denail of service attack to be activated at some time in the future.

all of tghis is adminstered on your PC from the comfort of their own cave

message board access is great for this

once they have a legit account its easy to run scripts to harvest all email addresses from the user list page

if they are clever they read up on the version of the messagebaord, work out the secuirty issues with it and plant hidden script in perhaps the signature of their posts to do all of the above.

none of these processes are particlularly visible to the unsupecting PC owner

some of the rubbish ones are obvious

there is a common one about at the mo.

you as a cencerned interbnet user look up virus software
you install a free scanner top of the list in google
this installation alters a few of the main windows system files, which beause they are windows system files never rise suspicion

from that point on when 10-15 minutes in to any internet session a box will pop up that looks like "my computer" and a fake virus scan runs finding 15,0000000 things wrong

click yes to fix
click no
click the cross on the box to close it

all take you to a website for a product that is a virus scanner but costs 35 bucks. if you install it it also takes over your PC further, and on top of that where have your card detils gone...!!!.....install it and every web page you go to ends up triggering pop ups and pop overs for stuff you do not want and you find that this software has mamnaged to open up both outgoing and incoming ports in your firewall software

legit scanners see this scanner as a virus or advertsing malware as they call it

if so-called legitimate organisiations do this (i.e regisstered as software vending companies)

you can just imagine what the criminals are up to...

spybot search and destroy is a tool everyone should have
but only download this version http://www.safer-networking.org/en/download/
or the version from sourceforge...google search is filled with fakes

RUbotted works as well
http://free.antivirus.com/rubotted/

If a messagboard suddenly gets a lot of interest from the undesirbales
1) has a security issue with it been recently dicovered
2) has one of the members PCs been compromised which has flagged its existance up to a group who would normally not take notice
3) are the memebers of this board active on another that has been compromised because many sites log where you go next as you leave

Mmmm

Dave

Bananarama! me better shut this board down then i dont want my info gettin out to them spamin Bananarama!, no way do i want my email bombardin with prick extension emails i have enough bother draggin this one eyed monster round with me as it is,

excatly

you be careful now



Dave

Glad I have a Mac...and a big dick too

Cannonball wrote: Bananarama! me better shut this board down then i dont want my info gettin out to them spamin Bananarama!, no way do i want my email bombardin with prick extension emails i have enough bother draggin this one eyed monster round with me as it is,

P!ssing myself with laughter!

I like that!

Dave wrote:The only way of stopping it was to upgrade the forum to the latest version (phpbb 3.0.8) and enabling the reCaptcha feature (you have to copy the text) to slow them down and stop some of the "spambots" used. We also had to add a simple mopar question to stop the more persistent spammer.

There are other measures but those are no-brainers

Stuff is going on behind the scenes ... expect changes to be made to this place when I manage to grab a minute to work on it (some work is already done - plenty more to do - but hopefully I should be able to announce whats what soon)

Holly wrote:

Dave wrote:The only way of stopping it was to upgrade the forum to the latest version (phpbb 3.0.8) and enabling the reCaptcha feature (you have to copy the text) to slow them down and stop some of the "spambots" used. We also had to add a simple mopar question to stop the more persistent spammer.

There are other measures but those are no-brainers

Stuff is going on behind the scenes ... expect changes to be made to this place when I manage to grab a minute to work on it (some work is already done - plenty more to do - but hopefully I should be able to announce whats what soon)

It is good to know the club board is in good hands Holly.

Yes the tactics i outlined above are not the only things my board administrator is doing for me. For example he's already serving gigabytes of random data to all spambots trying to register. It seems they will download as much junk as we send to them. Over 30 gigabytes during last 6 hours alone.

Revenge is sweet.