Russia, Ukraine, gmail.com and comment spammers
I run a number of Drupal websites and in the last few weeks one of them has received a lot of attention for comment spammers. I guess they target the website as it has a decent Google page rank. I was already using Capcha to prevent automated submissions but I've since had to disable anonymous comments and moderate all user comments. I wish I didn't have to moderate comments as it slows down the experience for users and adds to my workload.
Anyway, what I have noticed is that about 95% of all comment spammers are using gmail.com email addresses. I've not had a single comment spammer using Hotmail or Yahoo. Most spammers (at a guess, about 70%) are using IP addresses from the Ukraine or Russia. I'm tempted just to block new users from registering with gmail.com email addresses.
Has anyone noticed similar trends in spam posted to their websites?
On a different note, when I block an IP address or user name pattern, I'd like to add a note in Drupal to remind me why I did so (e.g. Russian spammer uses this address). It would be good if this feature could be added to Drupal. I'll have to suggest it sometime if I can figure out where to do so.
Yes.
On one of my sites I've blocked entire networks from Russia, Georgia, Ukraine and India. On that particular site we require registration and keep a very close eye on blogs and comments, but we were getting literally thousands of bogus registrants who were placing drug and porn links into profile fields, which were not being monitored. We installed the http://drupal.org/project/advuser, and those fields are being monitored now.
Gmail lets you append '+' and any string to an address, without actually changing the deliverable address. Google regards this as a feature, but it lets a spammer register repeatedly on your site without having to get a new email address, just by appending "+randomstring" to the old email address.
You might want to ban %+%@gmail.com, which will stop those registrations while allowing simple/real gmail addresses.
_
EXCELLENT tip!
_
Don't be a Help Vampire - read and abide the forum guidelines.
If you find my assistance useful, please pay it forward to your fellow drupalers.
That's good to know, however
That's good to know, however after receiving a load more spam I have now blocked registrations by users with Gmail addresses.
Our site is also getting far
Our site is also getting far too many spam accounts created through gmail. I really don't want to ban all gmail accounts from registering but it is getting to the point where I will have to.
One thing I notice from the logs is that every time a spam post makes it onto the site there is a site search done a few hours later for the spam topic.
So far the post has been deleted before the search so they are getting nowhere but they are wasting a lot of my time and my hosts resources.
Anyone else noticed the search pattern or am I the lucky one?
nemsis@beertaster.ca
Please can you check whether
Please can you check whether you have this problem as it can genarate spam mails
http://drupal.org/node/447100
You have to view source your page and look for any suspicious looking javascript code