Who is user NAREMAN?
mcchip - April 5, 2007 - 09:46
I my Drupal website an new user NAREMAN registered an new account.
I delete this account, because the data was:
Full Name nareman
E-Mail (public) killerspm@runbox.com
Country nareman
After two days, again this account was created.
I searched google and found a lot of drupal sites, this user was registered.
http://www.google.de/search?hl=de&q=nareman
Any ideas?
Reason?
McChip
i think
this is a bot registered on different drupal sites to spam and also tries to get into other sites by using the global login feature of drupal. I have also spam comments by this user on my site.
What is "global login
What is "global login feature of drupal" ???
what i am talking of is
what i am talking of is http://drupal.org/handbook/modules/drupal
a global sites directory to enable logins without registration on your site but another drupal site.
In Dutch, the word "nare
In Dutch, the word "nare man" (with a space) would mean: "awful person, lousy character, creep", something like that. Are we talking about someone with low self-esteem here? :-)
Ludo
So is this a known issue being fixed ?
So is this a known issue being fixed ?
I did a google search on (nareman AND drupal ) and found lots of websites with this same spam username. Have a look at this drupal site and see te flood of spam drugs ads and below them the spam posts by "nareman". http://www.endymios.com/flash-gallery-module.
Would it be wise to require admin approval of registrations till the problem is fixed ?
Admin approval
> Would it be wise to require admin approval of registrations till the problem is fixed ?
I have done this for my website now
McChip
picture folder, asa.html
I have tried to change the registration settings on my site, but am consistently prevented by a spurious error about the location of the picture folder. I wonder if this is related to the spambot in some way.
I also noticed a hyperlink had been written into the banner area of my homepage, linking to a file called asa.html. That file doesn't exist, but had been repeatedly requested by nareman.
---
new, green, and learning: that's me!
currently running at http://nunovo.org.uk/drupal/
Are you sure?
Are you sure this file and header hyperlink are related to the Nareman thing?
Or is it just confusion on your part?
Which Drupal version are you using.
--
Drupal development and customization: 2bits.com
Personal: Baheyeldin.com
Neither
No, I am not sure, that's why I wrote 'I wonder if'.
The other peculiarity has not shown up since I deleted naremann's user account.
That doesn't explain anything, but at least I'm not getting error messages any more.
I am using the current version.
---
new, green, and learning: that's me!
currently running at http://nunovo.org.uk/drupal/
This bot has left multiple
This bot has left multiple comments on my site, but I have moderation turned on, so I delete them. What's interesting is that I have the captcha module installed and it either gets past it or does the math problem somehow.
User signups are set to admin only, but I am working on a site that will have them open. Outside of human intervention is there another way to stop bots from signing up?
It's just recently started
It's just recently started posting comments on one of my sites. The spam module catches all his posts for me though.
captcha?
It is easy to block the person's email in /admin/user/rules/add, but that will cause another name/email to be used, then another, then another. So that will not solve the problem, rather cause an arms race.
Can anyone with an affected sites tell us whether you have captcha enabled? Whether math based or graphics?
--
Drupal development and customization: 2bits.com
Personal: Baheyeldin.com
Go To My Website! He's from Turkey!
http://indiecom.net/node/467 - Check it out!
"Hello from Malaysia! ^^ "
Website: www.indiecom.net
Skype: ga1984
oh nareman
I thought I was imagining things when I saw nareman on two unrelated drupal sites, but basically, there is a "nareman" registered on every Drupal site I've ever looked at.
uggg.
I'm amused by the dutch translation, though. Thanks!
What A Pain...
Yes, he's registered on my Drupal site, once as "nareman" and more recently as "naremanuut".
He appears to want to sell "Ambien".
Or maybe he gets paid for clickthroughs?
His Bio: (all live links):
ambien
Buy ambien
Buy ambien online
Purchase ambien
Cheap ambien
Online ambien
ambien no prescription
discount ambien
generic ambien
order ambien
They all link to: "http: // xhttp.net / dvms12 / ambien.html" DON'T FOLLOW IT - He could profit, or worse!!!
The Spam Module helps to
The Spam Module helps to prevent this bot from spamming your site. On my site it works like a charm.
Spam Module helps, but slows down the site incredibly
Indeed, the Spam module helps against bots, and it is highly configurable; however, it also slows down the site incredibly, at least, if it runs a bunch of regular expressions. I had to deactivate it on my Drupal sites, since average page loading times grew to 20 seconds and more.
What I did was:
* deactivate the tracksbacks module completely
* disallow creation of nodes and comments by anonymous users
* changing default action for "normal" users when crating nodes or comments from "Save" to "Preview"
* installed the captcha module.
Most bots and spammers I discovered so far are not smart enough to check this all. If they become smarter, I'll have to tighten security even more, e.g. check mail addresses of registered users with double opt-in, etc.
Greetings, asb
user "naremanuut"
Haha ...I just got hit by this f!@#tard yesterday. I ended up writing about him/it and it's hack after I got rid of him..heres a link..
http://zinzi.us/?q=node/578
Hey Zinius, Taco just told
Hey Zinius,
Taco just told me you experienced this problem and I was immediately interested when he told me the name 'naremanuut'. I have had an account with this name and with the name 'narremanynch' on my website. The users hadn't even visited my site after five months when I deleted them five minutes ago.
Forgot to note the e-mail address and other data though. Bit stupid.