.ru email addresses

jcerious

Participant
Joined
Feb 14, 2006
Messages
78
I have a VERY local forum site. It's geographically based around my own neighborhood. Recently, I had 3 new users sign up with @mail.ru email addresses (which are Russian). Anytime I see anything Russian on the internet I know it can't be good! I deleted them - as no one in Russia could have any possible reason for signing up on my site.

But I wonder if anyone else has been "attacked" by Russian spamers/scammers, and if so, what was the scam exactly? I deleted these before I had a chance to find out!

Oh, and yes I do have email validation turned on - as well as the visual code authentication thing - so when people register they have to type in the code they see.
 

hari

Tazmanian
Joined
Jan 2, 2006
Messages
5,701
It's human spammers I guess who register and then let the bots do the dirty work. Just ban all mail.ru addresses from registering from your admin panel.
 

Julia

Fan
Joined
May 26, 2005
Messages
866
Are you running IPB? There was a recent security hole discovered (which IPB released a patch for), but I think hackers were looking for IPB boards. I've probably had 20 - 30 try to sign up. I suspend immediately. I haven't banned the .ru address for two reasons, some members using this address are legit & if I ban it then the hackers may sign on using something else such as Yahoo or Hotmail & I'll not be as quick to spot them. Anybody I'm not 100% sure of is either suspended immediately or if I'm not convinced they're hackers they go onto moderator preview.
 

Psyched

Adherent
Joined
Jan 1, 2006
Messages
316
I have two members who use the mail.ru email addy .. one registered (and they have to register for the game before they can become members of the forum) in Feb. '06 and one just a few days ago ... both have active accounts in the game. Neither of them have made a post or have sent any Private Messages ... should I be concerned and what should I be looking for that tells me they are trouble ... I'm not too sure I am understanding this whole issue regarding mail.ru to be honest ...
 

IMPAQ

Nuyorican Soul
Joined
May 19, 2005
Messages
1,000
I run a regional forum as well.

The mail.ru users never activate their accounts, so... I block the IP, change the password, keep the member name around for the "numbers".

I usually block the ip's of those who are from overseas that come along and register. Being a city of under 200K, not sure what the appeal to someone in Spain or the UK or India, etc. other than spamming and/or trolling.
 

jcerious

Participant
Joined
Feb 14, 2006
Messages
78
I'm not too sure what we should be looking out for either! That's what my original post was about - trying to see if anyone had had any problems with these guys.

My site is just for a very small geographical area in my town. There is no reason whatsoever anyone in Russia should be using the site. I don't want people from Russia on the site. In fact, I don't want people from anywhere except the immediate geographical area. So the Russian email addresses were a real red flag.

I know .ru anything is always trouble in any other internet work I've done. So I was just trying to figure out how it could be trouble here. I mean they took the time to register by hand and manually type in the visual code, and they even responded to the validation email. Then like someone here mentioned - nothing happened. They didn't post anything or even access the account after the day they registered.

HOWEVER, that doesn't mean they weren't lying in wait to do something harmful later on. I just have a feeling that at some point they'd begin to massively spam the board.

I used some old forums software years ago - really basic stuff. You couldn't even sign up for it and it got so massively spammed that's why I eventually moved to vB. Well, it's at least one of the reasons. I can only imagine they've probably figured out some way to use vB for some kind of automated spamming. So, if anyone hears anything about it or experiences it - please let us all know!
 

Julia

Fan
Joined
May 26, 2005
Messages
866
I look for unusual usernames & also check their profile. Members have to fill in certain fields when joining the forum (stating how they found the site for example), and have the option of including what pets they have. If they don't fill in these fields I'm somewhat suspicious but don't do anything, but I've noticed most of the people from the .ru addresses actually fill them in with rubbish such as "how did you find the site" reply "12345". That heightens my suspicion & I then go into the admin area & check their e-mail address. 99% of the time these people are using an .ru address.

ETA: I'd say 80% of my new registrations come from Australia, if somebody looks a bit suss & I check out their profile and see they're using an ISP e-mail to register with (such as john_chan@australianisp.net.au) then that is an indicator that they're legitimate. I dont' think trolls or spammers would use an ISP address to register with. If it's a free one & I'm unsure I either put them on moderate preview or just watch them closely, after their first post & I've seen they're legit then that's that...I stop keeping an eye on them.

It's not foolproof, but checking what they've put in the fields does often give me an indicator.
 
Last edited:

eclectica

Participant
Joined
May 13, 2004
Messages
68
I had a problem with such spammers and the problem was solved by banning all mail.ru email addresses from registering.
 

jcerious

Participant
Joined
Feb 14, 2006
Messages
78
That's funny! You'd think they'd just switch to a yahoo address or something. Weird. Oh by the way, I did an IP look up on them and none of them were in the US but not I think only one of them was in Russia. The others I forget now but I think they were somewhere in Europe.
 

Leilani

Fan
Joined
Oct 12, 2005
Messages
746
So far, 100% of the .ru addresses that tried to register at my forum were bots that were auto-blocked for attempted form spoofing. Some bots also tried to register with nonexistent e-mail accounts on my domain and were similarly blocked.
 

eclectica

Participant
Joined
May 13, 2004
Messages
68
And may I also add that the users who were spamming my site with mail.ru email addresses, in their board settings would have their time zone set to GMT -12.

Leilani is a nice name. My second daughter is named that. It's surprising to see a forum member by that name because I'm used to it being my daughter's name.
 

RockyB

Participant
Joined
Dec 19, 2005
Messages
91
I blocked them outright a while back. Most of my Spam has stopped since then.
 

dojo

Passionate admin
Joined
Apr 27, 2005
Messages
3,787
I have already started banning mail.ru, list.ru, inbox.ru emails. I had some spammers in the forums and they were all from these addresses. Now I am looking to some more types of .ru addresses to ban them too :D
 
Top