Wired1
04-06-2007, 04:42 AM
Backstory:
saw a spammer, banned him. Searched member database for his IP (first 3 subsets) and his email's domain name. Those led to finding members w/ no posts, and obvious spam traits (in my case, a URL in an obviously wrong place where all SEO spammers put a URL). So, I copied down their IP / email domain (whatever I hadn't searched to find them) and added it to a list, then deleted the account.
After compiling a list of IPs / email domains from the first search. I searched for members with that list's info in their profile, and behold, more spammers, and more info to the list. Note: since I had already deleted the first search's resulting members, there's no duplication of found spammers.
As you can probably figure out, I compiled more lists, and the pattern continued...
So far in the past hour, I've deleted 200 members or so, and banned 5-10 partial IPs / email domain names that multiple spammers and no REAL members had in common. All deletions were MANUAL (yes, it sucks). Yes, there's still more to track down, but I'm tired!
As you can see, there's a clear logic pattern here:
Human finds spammer, adds IP A / email domain B to temp list, spammer deleted.
member list is searched for IP A, other members found, some / all verified to be spammers. Their email domains are concatenated to the list. All spammers deleted. If all members found were spammers, IP (or class C of IP) is blocked. IP A deleted from the temp list.
member list is searched for email domain B. other members found, some / all verified to be spammers. Their IPs are concatenated to the list. All spammers deleted. If all members found were spammers, email domain is blocked. domain deleted from the temp list.
=====================================
Now, this is logical enough to be turned into a mod I believe. I don't have the time to make it, but I have the need for it, and I think others out there do as well.
Now since this has the potential to get stuck in a reciprocal loop and/or take up lots of CPU cycles, it can be designed to work on chunks at a time and/or require human interaction occasionally, or a time limit or something.
One idea would be to have 4 lists:
2 temp / "scratch" lists for the current jobs (1 for IPs, 1 for email domains)
2 history lists (1 for IPs, 1 for email domains)
Also, a table that would keep track of IP / email domain relations. Not the IP OF the email domain, but what IP the spammer was using during registration. After doing 200 manually, I've seen some relations forming, perhaps a network of relations even.
Note: I prefer deleting these accounts, simply so that I don't run into an account again in another search. This automated spammer catcher could ban them, and exception out banned accounts during its queries.
Note: searching the member list SHOULD include searching the COPPA members, and users awaiting email confirmation, as often times they don't bother to finish registration for various reasons (CAPTCHA, broken bot, they don't care, whatever).
Now, I certainly wouldn't recommend that this plugin should automatically delete / ban members without human interaction. Say, a results page detailing the user name / IP / domain name / post count (most SEO spammers don't post) / other optional user profile fields. Now of course sharing a domain / IP subset with a spammer isn't a bannable offense by itself, so the post count / optional profile fields columns would be key to have, as they can help a GOOD admin make a split second decision on who's a spammer, who's not, and who needs more research.
Example: 20 college students that use college computers / email would have the same IP / email domain, and very well could share similar profile info with a spammer that's on campus, or has hijacked a PC on campus, but in reality has nothing to do with said spammer. This plugin idea is a powerful tool for knowledgeable admins, and may not be able to take the form of a tool for beginner admins for quite some time down the version chain, if you catch my drift.
From this results page, the admin can then select via checkboxes which members to delete / ban one at a time. Buttons should be available so that they can click an IP, and any member on this page (with said IP) will become checked. Ditto for email domains.
Warnings can also be set here (preferably with defaults, but user customizable as well) so that if say, a common email domain (gmail.com), or a post count above 5, or the admin's IP (don't want to ban yourself lol), etc. is on the list, an extra warning will pop up before the ban / delete occurs.
Of course, once an IP / email domain name is confirmed to have 100% spammers on it, or meets the pre-set (or user configured) threshold for being declared a spammer, then it can (with human interaction of course) add it to the Banned IP Addresses / Banned Email Addresses lists within vBulletin's User Banning Options area.
WHEW!!!
So, what do you all think? Is there a kind soul out there willing to work on this? I don't mind if there's a FREE spammer plugin out there that wishes to incorporate this idea, but please give me credit for the idea :)
Did I mention keep it FREE? :)
saw a spammer, banned him. Searched member database for his IP (first 3 subsets) and his email's domain name. Those led to finding members w/ no posts, and obvious spam traits (in my case, a URL in an obviously wrong place where all SEO spammers put a URL). So, I copied down their IP / email domain (whatever I hadn't searched to find them) and added it to a list, then deleted the account.
After compiling a list of IPs / email domains from the first search. I searched for members with that list's info in their profile, and behold, more spammers, and more info to the list. Note: since I had already deleted the first search's resulting members, there's no duplication of found spammers.
As you can probably figure out, I compiled more lists, and the pattern continued...
So far in the past hour, I've deleted 200 members or so, and banned 5-10 partial IPs / email domain names that multiple spammers and no REAL members had in common. All deletions were MANUAL (yes, it sucks). Yes, there's still more to track down, but I'm tired!
As you can see, there's a clear logic pattern here:
Human finds spammer, adds IP A / email domain B to temp list, spammer deleted.
member list is searched for IP A, other members found, some / all verified to be spammers. Their email domains are concatenated to the list. All spammers deleted. If all members found were spammers, IP (or class C of IP) is blocked. IP A deleted from the temp list.
member list is searched for email domain B. other members found, some / all verified to be spammers. Their IPs are concatenated to the list. All spammers deleted. If all members found were spammers, email domain is blocked. domain deleted from the temp list.
=====================================
Now, this is logical enough to be turned into a mod I believe. I don't have the time to make it, but I have the need for it, and I think others out there do as well.
Now since this has the potential to get stuck in a reciprocal loop and/or take up lots of CPU cycles, it can be designed to work on chunks at a time and/or require human interaction occasionally, or a time limit or something.
One idea would be to have 4 lists:
2 temp / "scratch" lists for the current jobs (1 for IPs, 1 for email domains)
2 history lists (1 for IPs, 1 for email domains)
Also, a table that would keep track of IP / email domain relations. Not the IP OF the email domain, but what IP the spammer was using during registration. After doing 200 manually, I've seen some relations forming, perhaps a network of relations even.
Note: I prefer deleting these accounts, simply so that I don't run into an account again in another search. This automated spammer catcher could ban them, and exception out banned accounts during its queries.
Note: searching the member list SHOULD include searching the COPPA members, and users awaiting email confirmation, as often times they don't bother to finish registration for various reasons (CAPTCHA, broken bot, they don't care, whatever).
Now, I certainly wouldn't recommend that this plugin should automatically delete / ban members without human interaction. Say, a results page detailing the user name / IP / domain name / post count (most SEO spammers don't post) / other optional user profile fields. Now of course sharing a domain / IP subset with a spammer isn't a bannable offense by itself, so the post count / optional profile fields columns would be key to have, as they can help a GOOD admin make a split second decision on who's a spammer, who's not, and who needs more research.
Example: 20 college students that use college computers / email would have the same IP / email domain, and very well could share similar profile info with a spammer that's on campus, or has hijacked a PC on campus, but in reality has nothing to do with said spammer. This plugin idea is a powerful tool for knowledgeable admins, and may not be able to take the form of a tool for beginner admins for quite some time down the version chain, if you catch my drift.
From this results page, the admin can then select via checkboxes which members to delete / ban one at a time. Buttons should be available so that they can click an IP, and any member on this page (with said IP) will become checked. Ditto for email domains.
Warnings can also be set here (preferably with defaults, but user customizable as well) so that if say, a common email domain (gmail.com), or a post count above 5, or the admin's IP (don't want to ban yourself lol), etc. is on the list, an extra warning will pop up before the ban / delete occurs.
Of course, once an IP / email domain name is confirmed to have 100% spammers on it, or meets the pre-set (or user configured) threshold for being declared a spammer, then it can (with human interaction of course) add it to the Banned IP Addresses / Banned Email Addresses lists within vBulletin's User Banning Options area.
WHEW!!!
So, what do you all think? Is there a kind soul out there willing to work on this? I don't mind if there's a FREE spammer plugin out there that wishes to incorporate this idea, but please give me credit for the idea :)
Did I mention keep it FREE? :)