-
Hey Guest!
British Car Forum has been supporting enthusiasts for over 25 years by providing a great place to share our love for British cars. You can support our efforts by upgrading your membership for less than the dues of most car clubs. There are some perks with a member upgrade!**Upgrade Now**
(PS: Upgraded members don't see this banner, nor will you see the Google ads that appear on the site.)
Hey - did you know if you click on the title of a thread it will take you to the first unread post since you last visited that thread?
but were afraid to ask: 
STOP!! Never post your email address in open forums. Bots can "harvest" your email! If you must share your email use a Private Message or use the 
smilie in place of the real @
Pretty Please - add it to our Events forum(s) and add to the calendar! >> 
MG Experience Hacked!
- Thread starter PAUL161
- Start date
Share this page
Offline
MG experience has been hacked. The web master has been contacted and I assume, working on a solution. All happened about 3 hours ago. Amazing what some nitwit with a screwed up mind will do by trying to mess up something that works just to be noticed.PJ
Unfortunately, there are millions who do things just to be noticed.
grumble grumble
GTP1960
Jedi Knight
Offline
Offline
On the server I lease for BCF, I hired a professional server management team to "harden" the server to reduce (not eliminate) risk of hacking (Another reason I appreciate those of you who subscribe - to help pay for such things). One of the biggest issues I have, that is not really server-related, is the number of spammers who attempt to register here daily.
I have a three-step process to minimize the possibility of spammers / hackers from registering. First, I use "human verification" to minimize the possibility of bots registering. Second, for those that get past the human verification, I have a third party program that checks the user name, IP address and email address of all new registrations. It checks these against an off-site, third party database of known spammers. If any of these three items matches a known spammer in the database the registration is rejected and not even sent to the registration queue.
For those that do make it to the registration queue, I personally look at each registration before I approve (or delete) the new member account. If anything looks fishy, I will usually trace the IP address. For example, if they say they are located in California, but the IP traces to Russia, I delete that account with no notification. A lot of times, I'll get a registration and where it asks "What British Car Do You Own?" they might say "BMW or Mercedes" - delete. If everything looks good, I will approve it. These steps are about 99% effective, but every once in a while a spammer will sneak past all my checks. Rare, but it happens.
Just to give you an idea of how significant the problem of spammers is, I've attached a screen shot from my Anti-Spam program's log file. All these (except a few) are spammers the system stopped cold! Keep in mind that this is just half a day's worth today (and this was a slow day). (Note, for security reasons I've blurred out partial IP addresses of spammers and also blurred the emails of any legitimate members (for privacy reasons).
I have a three-step process to minimize the possibility of spammers / hackers from registering. First, I use "human verification" to minimize the possibility of bots registering. Second, for those that get past the human verification, I have a third party program that checks the user name, IP address and email address of all new registrations. It checks these against an off-site, third party database of known spammers. If any of these three items matches a known spammer in the database the registration is rejected and not even sent to the registration queue.
For those that do make it to the registration queue, I personally look at each registration before I approve (or delete) the new member account. If anything looks fishy, I will usually trace the IP address. For example, if they say they are located in California, but the IP traces to Russia, I delete that account with no notification. A lot of times, I'll get a registration and where it asks "What British Car Do You Own?" they might say "BMW or Mercedes" - delete. If everything looks good, I will approve it. These steps are about 99% effective, but every once in a while a spammer will sneak past all my checks. Rare, but it happens.
Just to give you an idea of how significant the problem of spammers is, I've attached a screen shot from my Anti-Spam program's log file. All these (except a few) are spammers the system stopped cold! Keep in mind that this is just half a day's worth today (and this was a slow day). (Note, for security reasons I've blurred out partial IP addresses of spammers and also blurred the emails of any legitimate members (for privacy reasons).
Offline
Thanks for the effort Basil, our small club had an online forum that was shut down because of all the effort needed to keep spammers out. We have since upgraded softare, but don't know how well it is working, a popular model railroad forum I belonged to was also shut down because of all the effort needed to keep spammed off.
Offline
Regarding Basil's screened-out hyper-registration attempts:
Take your pick of what they want!
Some are automated registration attempts, sending millions of registration attempts a second, to millions of forums (etc.) world wide. If registration succeeds, a human (maybe) is alerted, who can then start posting garbage. And I mean *garbage*. Also hack the forum to harvest personal info.
Some are lonely people who are desperate for recognition and/or attention.
Some are intelligent but unethical people who want to show how many forums they've "conquered".
Some may be people who really do have a car interest, but don't answer the registration questions as they're expected to. Or people who aren't comfortable with forums, and really don't know how they work.
One quick and easy way to prevent spam registrations: charge $10 to register by PayPal. When the $10 is received by the forum manager(s), the registration can proceed. Would probably work with just $1 - as it's another couple of steps that have to be accomplished. I'm betting anyone with an interest in a topic who wants to join a forum, could somehow scrape up $1 in one way or another. And if PayPal isn't possible, there are many other ways to transfer - personal check, bank transfer, or even putting a dollar bill in an envelope and mailing it.
And - imagine how quickly email spam would disappear, if each email cost just one penny to send.
The mind boggles.
Just my two shekels.
Tom M.
GTP1960
Jedi Knight
Offline
I recall Andy Rooney had a solution to usps junk mail, I always found amusing.
he would take the largest postage paid junk mail envelope he recieved and load it up with all the other junk mail he got & send it all back to the 1st. junker.
he said after a while he started looking forward to junk mail.
to bad that can't work digitally.
he would take the largest postage paid junk mail envelope he recieved and load it up with all the other junk mail he got & send it all back to the 1st. junker.
he said after a while he started looking forward to junk mail.
to bad that can't work digitally.
Offline
Guy - I think the $1 charge would accomplish even more! Forum gets the dollar(s), and non-dollar payers are eliminated.
Voila!
And Basil pays a team to manage the server and keep out hackers. So the $1 is only to combat bogus registrations.
Anyway, seems a logical and effective idea to me.
Voila!
And Basil pays a team to manage the server and keep out hackers. So the $1 is only to combat bogus registrations.
Anyway, seems a logical and effective idea to me.
Offline
I appreciate all the clever ideas to monetize/ reduce the spammers, but to be honest I feel like the process I have in place is 99% effective. We rarely have a spammer get through (compared to the thousands that try) and when they do, some alert member usually notifies me ASAP and the offender is quickly deleted and blocked forever.
Offline
Hackers are a mixed bag. Most are destructive though. An extraordinary effort is needed to keep them at bay, unfortunately. Billion$ annually spent on securing servers.
Glad I joined BCF when I did! My IP & MAC addy were spoofed at that time. I'd have been put on Permanent Double Jeopardy Probation Suspension or somesuch. :smirk:
Glad I joined BCF when I did! My IP & MAC addy were spoofed at that time. I'd have been put on Permanent Double Jeopardy Probation Suspension or somesuch. :smirk:
D
Deleted member 8987
Guest
Guest
Offline
And they rely on clueless site owners to do their spamming.
Some sites, owners don't even look for days, weeks, months.
E-mails to the owner go unanswered, spam keeps growing.
I remember one forum, owner was (and still is) a moron.
Had an (alleged) female join who asked about finding a specific electronic part..with part number And it was not an electronic-specific forum.
I immediately e-mailed the owner, noting that this was an (at the time) typical fifth-columnist attempt to imbed, and that this same type of posting was being seen all over the net, to either imbed the user to await a php bulletinboard exploit announcement, or to get personal responses to harvest e-mail addresses, or to be paid for "hits" on links provided.
He came back telling me that HE was a professional (means he got paid...not that he was any good) and he was tired of clueless folks telling him what to do (which none of us did).
He said he had checked it out, it was a good e-mail address (?) and good post.
My response was (based upon current experience), "Oh, good. Then as long as it doesn't originate from (the current spam generator) tiscali.fr, you're okay".
Ooops.
Post and profile gone in less than 5 minutes.
One thing I have noticed it if everybody keeps an eye open, someone will have experience with some aspect of what is showing up, and it can get zapped.
Oh...and the clue on the "electronic part" posts was the number was bogus. No number anywhere, in any search, like it.
Some sites, owners don't even look for days, weeks, months.
E-mails to the owner go unanswered, spam keeps growing.
I remember one forum, owner was (and still is) a moron.
Had an (alleged) female join who asked about finding a specific electronic part..with part number And it was not an electronic-specific forum.
I immediately e-mailed the owner, noting that this was an (at the time) typical fifth-columnist attempt to imbed, and that this same type of posting was being seen all over the net, to either imbed the user to await a php bulletinboard exploit announcement, or to get personal responses to harvest e-mail addresses, or to be paid for "hits" on links provided.
He came back telling me that HE was a professional (means he got paid...not that he was any good) and he was tired of clueless folks telling him what to do (which none of us did).
He said he had checked it out, it was a good e-mail address (?) and good post.
My response was (based upon current experience), "Oh, good. Then as long as it doesn't originate from (the current spam generator) tiscali.fr, you're okay".
Ooops.
Post and profile gone in less than 5 minutes.
One thing I have noticed it if everybody keeps an eye open, someone will have experience with some aspect of what is showing up, and it can get zapped.
Oh...and the clue on the "electronic part" posts was the number was bogus. No number anywhere, in any search, like it.