Thread: Banned lurker

Originally Posted by ubeaut

List of sleepers (potential spammers/clickbankers) from Vietnam has just grown somewhat larger in the last hour or so whilst doing some deep diving in the back room.

9 more were aggressively banned today, all joined up in March 2022 most on the 4th couple of others at later dates in March.

suckhoegd1999
dinhdohoang1985
NGUYENDUNG1999
Baotinnhanh2018
Thuy Duong2015
hieuduong2016
luatthai1994
phuongho1854
luatthai1994

Hmmmm...
Bit of a theme happening here

Log Dog

Never said you were a racist, or even ‘asserted’ it.

Never said the majority didn’t have Asian names either.

You jumped to those conclusions.

Just said focusing on race is not a good way to build an inclusive community.

Originally Posted by Arron

Just said focusing on race is not a good way to build an inclusive community.

Arron you are taking what I said way out of context!
Stop being precious old mate

Log Dog

Asian names and being Asian isn't a problem. There are other tells that cause the problems.

We have spates of different nationalities hitting us from time to time. In the last few years they have been from Netherlands, Russia, Ukraine, France, India, Vietnam is just the latest among lots including USA and Canada and UK.

Often they are one person with multiple signups.

20 years ago they were gangs of hackers who had fun ruining blogs and forums by attacking in multiple numbers and posting so much garbage that poorly moderated forums were literally shut down due to the avalanche of nonsensical and often dangerous posts.

The original Timber and Working With Wood Show had a sort of forum that had to be closed because they had thousands of attacks over a couple of months that weren't moderated.

Later attacks came from robots intent on spamming.

Then later again the Human verification for most forums (CAPTCHA) was broken by ne'er-do-well mongrels allowing around 1.5% of robots to gain access and with millions of robots attacking at the same time that 1.5% ended up being many millions of break-ins in a couple of weeks. I fixed ours with questions robots couldn't answer.

Then the Spammers couldn't break in with their robots they turned to places like India and had kids doing their signups for them at the rate if a few cents per hundred. But even there they still had problems.

But probably over the last 10 years it's been purely motivated by greed to make money for more clever lucrative click bait posters who can make up to many hundreds even thousands per week.

Many of the click baiters signed up signed up a number of years ago and we call them Spammers In Waiting they will come back from time to time and be caught but we usually have to wait for their first post which will often be nonsense or off topic to catch them.

Used to be a certain period of time would allow newbies to post without moderation hence the waiting time.

For the past 6+ years all newbies are moderated for certain number of posts before they can post without being watched closely. So garbage, gobbledygook, and off topic stuff is and allows us (admin and Mods) to pick them up and often find a number of others.

There's a lot more to all of this than meets the eye, especially the extra time moderators and admin have to put in daily sorting out the good from the bad moderated posts, searching IP's and searching Stop Forum Spam for banned IP's, usernames, emails, etc.

All the above is keep these forums safe or the members and visitors who don't do the wrong thing.

Bottom Line: These forums don't discriminate against peoples race, gender, religion, colour, politics, etc. etc. etc.
All are welcome but anyone who comes just to spam or do the wrong thing will be aggressively banned without warning.

Cheers - Neil
Phew!!!!

I once was talking to a hardened environmentalist.

He said, in brief, that if we want to Save The Whales, we should sell them.

i.e. they have a price. Someone owns them. He, after I reflected upon the problem, wasn't wrong. He didn't mean to sell each individual whale so it might be slaughtered for its bits - but as humans we immediately see things as more valuable when it has a price.

Perhaps a solution to these spammer woes is to simply have a price attached to membership.

To join, one must put in a credit card number and a value of ONE CENT is charged.

This gives the forum a few things:

-- Certainty of identity
-- A known country (non-AU cards are flagged for post/user monitoring via an internal report)
-- One member per card.... how many cards is a spammer going to risk?
-- An elimination of fraud via the credit card systems own fraud detection network (which was a major part of one of my Big Wig jobs)
-- If there is ever a future charge back, the user can be automatically terminated and all posts hidden (or reviewed)
-- Implementation is straight forward
-- Paypal is another option, which does the same filtering


BTW, this has been my job, in one way or another, for 25 years. The ideas would take longer to design & approve than implement

(BTW, Ive been learning Python 3 at a huge rate of knots for the last 6 months (its GREAT!), to compliment my PHP, Java, c++, Ada, Haskell)... I'm looking for another project while I look after SWMBO... if you have the data, I can make magic-reports that are dynamic and sortable, with click-action fun built in)

Originally Posted by woodPixel

To join, one must put in a credit card number and a value of ONE CENT is charged.

I think that would work!

One of the tactics I use when messing with scammers on the phone is to ask them for their credit card number.

Apparently scammers don't have credit cards, or at least they won't give me their card numbers for some reason.

(When scammers call me, as soon as I identify that they are a scammer, I immediately ask for their credit card number. They ask why, I tell them there's a $50 fee for calling this number. They ask what is the fee for and I tell them that I cannot discuss it until they pay, thereafter, no matter what they say, I just ask for their credit card number.)

Sounds like an idea, but... Yeah naah!

Got enough problems as it is. Besides, no way I'd give over CC info for this especially with the other info required to sign up. Name, CC, D.O.B., etc sounds like a recipe for disaster.

Originally Posted by woodPixel

I once was talking to a hardened environmentalist.

He said, in brief, that if we want to Save The Whales, we should sell them.

i.e. they have a price. Someone owns them. He, after I reflected upon the problem, wasn't wrong. He didn't mean to sell each individual whale so it might be slaughtered for its bits - but as humans we immediately see things as more valuable when it has a price.

Perhaps a solution to these spammer woes is to simply have a price attached to membership.

To join, one must put in a credit card number and a value of ONE CENT is charged.

This gives the forum a few things:

-- Certainty of identity
-- A known country (non-AU cards are flagged for post/user monitoring via an internal report)
-- One member per card.... how many cards is a spammer going to risk?
-- An elimination of fraud via the credit card systems own fraud detection network (which was a major part of one of my Big Wig jobs)
-- If there is ever a future charge back, the user can be automatically terminated and all posts hidden (or reviewed)
-- Implementation is straight forward
-- Paypal is another option, which does the same filtering


BTW, this has been my job, in one way or another, for 25 years. The ideas would take longer to design & approve than implement

(BTW, Ive been learning Python 3 at a huge rate of knots for the last 6 months (its GREAT!), to compliment my PHP, Java, c++, Ada, Haskell)... I'm looking for another project while I look after SWMBO... if you have the data, I can make magic-reports that are dynamic and sortable, with click-action fun built in)

Originally Posted by ubeaut

Sounds like an idea, but... Yeah naah!

Got enough problems as it is. Besides, no way I'd give over CC info for this especially with the other info required to sign up. Name, CC, D.O.B., etc sounds like a recipe for disaster.

Neil, It's Like putting a target on your back - another "soft source" for hackers to target for "saleable" personal information to sell on the dark web.

Naah, Nahh!

Heck, I won't even sign up for loyalty programs and really rile up about the proliferation of "you must be a member to shop here" business tactics. All such practices should be made illegal under ACL in my not so humble opinion.

The card info isn't kept, or even stored. Its irrelevant. Thats dealt with via a gateway.

The only thing that matters is the one cent.

The charge is made and the confirmation code stored. Its just a string of number irrelevant to anyone else. It does not need to be secure.

As for the other items on the signup page, don't collect them. They are all only for ID. This idea bypasses them.

The site then only needs to collect a handle, email address... and that's it. IF the other stuff is needed, put it on page two, or a config page post signup. All they do is inhibit joining.

Clearly state that the one cent is purely and only for spam control and NONE of the data is EVER even seen by the site. Be absolutely up front about it - and if people have a whammy, refund them the goddam one cent. You'll already know they aren't a spammers - for spammers rely on volume.

But, ultimately, its not my site. I'm only offering a simple¹ bullet-proof solution to an intractable problem....



Sadly, ID to use the internet is soon to become a thing. Spam and fraud are out of control. Bots ARE out of control. The free and open internet will continue, but Internet Version 2 will involve tiny tokens like the one cent to ensure spam and fraud is destroyed right at the source.


1 - it would take less than a few hours to implement.

Originally Posted by woodPixel

The card info isn't kept, or even stored. Its irrelevant. Thats dealt with via a gateway.

The only thing that matters is the one cent.

The charge is made and the confirmation code stored. Its just a string of number irrelevant to anyone else. It does not need to be secure.

As for the other items on the signup page, don't collect them. They are all only for ID. This idea bypasses them.

The site then only needs to collect a handle, email address... and that's it. IF the other stuff is needed, put it on page two, or a config page post signup. All they do is inhibit joining.

Clearly state that the one cent is purely and only for spam control and NONE of the data is EVER even seen by the site. Be absolutely up front about it - and if people have a whammy, refund them the goddam one cent. You'll already know they aren't a spammers - for spammers rely on volume.

But, ultimately, its not my site. I'm only offering a simple¹ bullet-proof solution to an intractable problem....



Sadly, ID to use the internet is soon to become a thing. Spam and fraud are out of control. Bots ARE out of control. The free and open internet will continue, but Internet Version 2 will involve tiny tokens like the one cent to ensure spam and fraud is destroyed right at the source.


1 - it would take less than a few hours to implement.

started a new thread - so we dont hijack LD's thread.

ID protection online (woodworkforums.com)

Thanks for the further information WP. It's is interesting but I'm not sure it's a good thing for here.

I will have Steven look at it and see what he reckons. However being the sceptic that I am, I have a feeling that it will scare off more genuine prospective members than spammers.

May not bother the younger ones, with the emphasis on "may not"!

May not bother the more mature ones who are a bit more savvy, again with the emphasis on "may not"!

But older and wiser and "Once bitten twice shy" people will be way more wary of giving out their CC info for even one cent to join up.

In these times people are being strongly warned to not hand over their CC or other info to to anyone you don't know or completely trust.

Not only that but in the same vein people are now being warned... "if a scammer calls you on the phone don't say yes to anything because it can be recorded and used against you later."

---

Jan 9th 2011 Woodwork forums started using Stop Forum Spam and Akismet which helps us immensely after massive spam attacks on the forum when the bad guys broke CAPTCHA .

Of interest: I was on Stop forum Spam a couple of hours ago and inadvertently landed on their home page. Saw the below stats and thought they would be of interest in this thread and also a bit of a laugh.

From Stop Forum Spam homepage.

API QUERIES TO DATE
106,857,972,920

CURRENT API QUERIES
500
PER SECOND

COFFEES CONSUMED
SINCE STARTING
16,941

Cheers - Neil

Originally Posted by ubeaut

Thanks for the further information WP. It's is interesting but I'm not sure it's a good thing for here.

Yes, it's all about trust. People who have been members here for a while would be cnfident to trust Neil and Woodpixel to run the system as WP described it.

Unfortunately it probably would be a huge disincentive to new members even though they would happily be in 100 facebook woodworking groups where the platform itself datamines everything it can get.

I can see what WP is suggesting would be the way of the future, but being the pioneer of the use of the technology in this way woudld be a brave move. It woudl be hard to sell the idea to potential members who have not developed a trust of the management and members of the forum.

The only thing I want to say about all this is thanks to the moderators for your vigilance and associated hard work at keeping this forum secure. I have recommended this forum to many woodworkers, including at markets I happened upon (recently at Echuca, Victoria, and in New Zealand in the past fortnight. I have been happy to tell people that it is a heavily moderated site that is safe because the scammers and abusers are kicked off.
Once again, thanks to all who play any part in making this forum a site I want to be on and am proud to recommend. I trust your decisions. Keep up the good work.

Just to give members a bit of an idea what we're up against.

A number of dual registration with same IP and bad intent have been banned since last posts above.

But the below will open the eyes of many as to what we're facing I guess not only on here but other forums. The below info is from an email received at 1:15pm today.

FROM CLOUDFLARE
Cloudflare stopped 3,692,363 threats
last month for woodworkforums.com

And that's not counting the ones stopped by Akismet nor the ones who somehow managed to register, were caught and banned by us.

A big thumbs up to Cloudflare, Akismet, DJ's Timber and members who have reported spam posts and PM's.
And an great big gotcha to those lowlife mongrels who wish to do the forums harm...

Cheers - Neil