Forum Moderators: rogerd
My IPB forum has always disallowed bb code or html in signatures, so they are wasting their time.
I started to recognize the login names of some of the spammers showing up on several unrelated forums.
Googling one of these login names yielded 140K pages. This was one busy guy.
But it can't be a person, can it? It has to be a robot.
Today, two new registrations.
The email addresses look like this:
ipb5789*AT*example.info
ipb4641*AT*example.info
Same IP for both. 69.61.xx.yyy
I checked my raw logs. No user-agent or details show up for this IP.
It shows up as:
200 40689 "-" "-"
I found several other registration attempts for this IP. Googling the IP revealed a preponderance of polish sites. I don't know what it means.
A whois shows a company in Georgia.
[edited by: rogerd at 3:10 pm (utc) on Aug. 29, 2006]
[edit reason]
[1][edit reason] edit specifics [/edit] [/edit][/1]
Regardless, having bogus registrations like this is a pain. Captcha-type image verification will defeat most run of the mill bots. There's a home page thread right now with a variety of other techniques to make forum and blog forms bot-unfriendly. Human-registered spam bots are a bit tougher to control, but that doesn't sound like your problem.
There is image verification of registrations, the bots seem to get over that hurdle.
I don't allow bb code or html in signatures, so they are wasting their time. However, they are a nuisance.
69.61.xx.yyy - - [26/Aug/2006:07:10:15 -0500] "POST /index.php?act=Reg&coppa_user=0&termsread=1&coppa_pass=1 HTTP/1.1" 200 40860 "-" "-"
69.61.xx.yyy - - [29/Aug/2006:04:57:31 -0500] "POST /index.php?act=Reg&coppa_user=0&termsread=1&coppa_pass=1 HTTP/1.1" 200 40860 "-" "-"
69.61.xx.yyy - - [29/Aug/2006:07:38:52 -0500] "POST /index.php?act=Reg&coppa_user=0&termsread=1&coppa_pass=1 HTTP/1.1" 200 40689 "-" "-"
69.61.xx.yyy - - [29/Aug/2006:07:38:52 -0500] "GET /index.php?act=Reg&CODE=image&rc=(encryption)&p=1 HTTP/1.0" 200 67 "-" "-"
69.61.xx.yyy - - [29/Aug/2006:07:38:52 -0500] "GET /index.php?act=Reg&CODE=image&rc=)encryption)&p=2 HTTP/1.0" 200 68 "-" "-"
69.61.xx.yyy - - [29/Aug/2006:07:38:53 -0500] "GET /index.php?act=Reg&CODE=image&rc=(encryption)&p=3 HTTP/1.0" 200 67 "-" "-"
69.61.xx.yyy - - [29/Aug/2006:07:38:53 -0500] "GET /index.php?act=Reg&CODE=image&rc=(encryption)&p=4 HTTP/1.0" 200 67 "-" "-"
69.61.xx.yyy - - [29/Aug/2006:07:38:53 -0500] "GET /index.php?act=Reg&CODE=image&rc=(encryption)&p=5 HTTP/1.0" 200 67 "-" "-"
69.61.xx.yyy - - [29/Aug/2006:07:38:53 -0500] "GET /index.php?act=Reg&CODE=image&rc=(encryption)&p=6 HTTP/1.0" 200 67 "-" "-"
69.61.xx.yyy - - [29/Aug/2006:07:38:54 -0500] "POST /index.php HTTP/1.1" 200 29733 "-" "-"
Where "(encryption)" replaces long alphanumeric encrypted codes.
