spam

I will be forced to unsub if it continues. Been getting spam from here for WEEKS.

Hi All,

I recently received an email from my host (Arvixe) stating that they had disabled a script on one of my D7 sandbox sites due to large quantities of spam email emanating from there.

Upon investigation I found an encrypted PHP file called "sql91.php" in my modules/field/modules/options folder. I later discovered a second bogus file called "sraynr.php" in a different folder. Both of these files have been called from Russian IP addresses:

146.185.239.52
146.185.239.51

I've been thinking about enabling comments on my Drupal-based blog (which is low traffic but has been around a long time). Until this point I had user-accounts disabled in order to prevent spam-bots from creating a lot of accounts. Several years ago I opened the flood gates and at one point there were as many as 30 accounts/day created by spam-bots. Even with captchas and Mollum spammers still seemed to find a way to sign up. I'm wondering what modules or processes group members are using on their site to combat the tide of spam. Cheers and thanks!

När jag startade upp nu på morgonen, fann jag hundratals e-post med "Kontodetaljer för xypoktqxv, fallcurlew, ghjdaffvp, arrivalsferret" osv i alla oändlighet.
Hur stoppar jag dessa registreringsförsök?
Jag använder D7
Tomas

On Friday I got a call from a local non-profit whose Drupal 6 site had suddenly crashed. I volunteered to try and help bring them online.

The site was generating an error that suggested a permissions problem with the database. The database for the site was also a bit larger than the allocated space provided by the ISP.

Update! - ready for review and testing by the community

Abstract

Drupal sites are subject to web-bot registrations that target Drupal's /user/register url. The Members Page module was crafted to fight this nuisance by creating a configurable Members page and a special user register page that allows real users to register immediately without admin approval and regardless of any site settings.

Available for Drupal 6.x, 7.x and 8.x

This is about that first email that is sent out by Drupal sites to newly registered Drupal users, welcoming them and telling them what their initial username and password are.

We've found that:
1) these emails often end up in people's junk/SPAM folder (depending on the email client and SPAM filters used)
2) people don't check their junk/SPAM folder enough, so many never return to our site

Apart from more clearly stating on the registration form that newly registered users should check their junk folders, we've been wondering what can be done to reduce chances of this happening?

Google lets you put any number of periods in your gmail address, and it ignores all of them when receiving mail for you.

Try it; it's fun!

Spammers have taken advantage of this, unfortunately, to spam more and more easily.

If you see a Gmail address with about as many periods as letters, it is probably a spammer. If that address turns up twice, differing only by the number or placement of periods, it is pretty certainly a spammer.

If you allow public registration for commenting and/or blogging, it won't be long before you discover spammers abusing your system.

Tools like Mollom help a lot, but they won't catch everything. You need to check your registrations at least every morning and clean up the mess. If you let it get out of control, your site will become a favorite for SEO spammers, many of whom are paid a piece rate for posting links on websites.

Hi,

I have a private site which is undergoing a massive attack (without success, already mentioned here: http://drupal.org/node/811734).
An answer was to set up a small javacript that sets a variable and if a robot visits the javascript won't be triggered.
I could then test for the variable & if not set then don't display the comment form.

How would I do that?
Any help is appreciated.