Spambot Experiment

Posted on December 24, 2011 by Jesse Zylstra

On August 28, 2011, I started a spambot experiment on my website.
One inaccuracy that I want to clear up before I begin posting the results: About a month or so into the experiment, I changed the difficulty of the the CAPTCHA image from the default (“Medium”) to easy (overlapping letters and numbers). It does not change the fact that the trap, a forum, was still spammed like heck.
One other note is that my DNS provider blocks major spammers automatically, excluding many before a lookup even occurs.

The setup: One SMF forum with no modifications on a directory that was not published elsewhere on the web. (You could not search for this forum). Guest posting was not allowed on this forum (but I might try guest posting out to see the increase). What was required for registration: Standard acceptance to agreement. Username. Email address. Password. “Easy” captcha image. Attachments were not allowed, since I just don’t think I can handle that kind of bandwidth.

As of 12/24/2011, the trap forum contained 49457 Posts in 45471 Topics by 21747 spammers.

Average spammer registrations per day:
182.75
Average spam posts per day:
415.70
Average spam topics per day:
382.20
Average spammers online per day:
26.47
Registration of spammers Male to Female Ratio:
1:0
Growth of spammers:

Forum History (using forum time offset)

Yearly Summary New Topics New Posts New Members Most Online
2011 45482 49468 21747 81
December 2011 32814 33915 14939 81
November 2011 11989 13695 5079 49
October 2011 620 1798 1534 18
September 2011 55 56 189 7
August 2011 4 4 6 2

One might think that spambots typically just register, spam once or twice, and leave forever, but this seems not to be the case for all. Indeed, many of the spammers returned multiple times. When these statistics were recorded, the user threshold timer was 15 minutes. This means that, per each logon, a minimum of 15 minutes activity was recorded. (I’ll reduce this for the next experiment). The record-holding bots were as follows, I’ve included how many posts were made by the top bots:

racing-games
5h 53m
Surprisingly, No posts were made by this bot.
LEROTOL
3h 23m

Posts: 248 (5.767 per day)
barigatabletokcc
2h 55m

Posts: 85 (2.179 per day)
AntuanetteLak
2h 9m

Posts: 1
ivilus
1h 53m
Posts: 959 (29.969 per day)
CalOvavaIdodo
1h 48m
Krancualeks
1h 48m
onlinebuydrugss
1h 32m
barbosovviagruu
1h 27m
Orancualeks
1h 16m

I will be resetting the experiment. Here are the changes:
First, enabling guest posting and disabling moderation queue for guests. Guest posting of polls has also been enabled.
Account deletion is no longer allowed (I am not sure if any spammers deleted their accounts or not).
Registration verification has been disabled.
User threshold decreased to 1 minute for accurate time keeping of bots.
All currently registered members were deleted to start “anew”.

Those interested in seeing the forum can contact me via. comment, and I can send them a link. I do not want to publicly share it since the links are dangerous and I don’t want people clicking by accident.

About Jesse Zylstra

Hey! My name is Jesse Zylstra, and I am the administrator of this website. I used to write about free software and programs, online web applications, and new technology -- especially open-source. Now I just write udder nonsense. I also play pipe organ, which I'm told is a fun and interesting fact about me. In the past, I studied network administration. Now I've been trying to pursue a real fake bachelors degree for the last, oh, 10 years or so.
This entry was posted in Computer Stuff, Programs and Software, Spam Research, Web Services, Application, and Design. Bookmark the permalink.

1 Response to Spambot Experiment

  1. Pingback: Spam Research: Experiment Continued on SMF Forum | ZylBlog

Leave a Reply

Your email address will not be published.