You guys are clearly spending too much time on this issue without realizing how fast these bots are registering (all of the bans that have been listed here are entirely dwarfed by the new spambots registered in that time).
For that reason, I've given the other admins access to the tool that I created to ban these bots. Used correctly, it is possible to ban around 100 per hour. At the time of this writing, there are 7207 potential spambots in the list.
Admins can access the script here
You'll need a very wide monitor in order to get the full benefits (it was designed for 1920). This table lists all of the potential "zero post" spambots that are detected. Note that there ARE occasionally false positives (but in banning about 1000 of them I only found around 10 false positives). In fact, the first 7 in the list right now are all false positives.
Each row of the table lists a member. The background color becomes more red as it becomes increasingly likely that they are a spambot (of course this algorithm isn't perfect, so don't put too much weight into it). Each row lists, from left to right:
- Username (click to visit profile)
- Registration date
- Email address
- Website (click to visit)
- IP address
- Whether or not the account is activated
- The amount of time spent logged in
There are several additional things to note:
- Most of these spambots register with an age between 20 and 40
- If the age is 2010 it means that it was not given
- The email address cell will be highlighted in green if the e-mail address is from an uncommon domain
- The email address cell will be highlighted in purple if the e-mail address domain has been banned through this script before
- The IP address cell will be highlighted in purple if the IP address has been banned through this script before
- The control box will be highlighted to remind you of some of the other highlights in the row
- A lot of the spambots have 0 activity time
- If the signature is detected as one used by a spambot by one of the many regular expressions included in the script, the matching expression is shown in bold black before the signature
And finally, each cell has the control box. Each performs a different action. From left to right, they are:
- "IP" Bans the user's IP address (specifically; no masks)
- "EM" Bans the user's email (by domain name; not specifically)
- "SIG" Blanks the user's signature
- "URL" Blanks the user's website
- "EMS" Searches the forum for all users who have the same e-mail domain
- "DEL" Deletes the profile
To make your job easier, the final button, "!", performs several of these functions at once:
- Blanks the signature
- Blanks the website
- If the user is NOT currently banned by IP address, the resulting page also adds a link to quickly ban the IP address
Another important thing to note is that I previously removed a lot of the automatic IP bans made through this script and replaced them with range bans. The script does NOT pick these up, so the IP address field will NOT be highlighted in purple for these bans. That means that if you are going to ban an account using the "IP" button, you should first check the profile to make sure that it is not already banned by "SenthrylAutoBanFocus". An even better solution is to just use the "!" button all the time, which IS clever enough to notice this and not present an IP ban button in these cases.
Also keep in mind that the purple highlighting doesn't update unless you refresh the page. That means that if you ban an e-mail address domain using the "EM" button, make sure that you don't ban the same domain again from another member on the same instance of the page. In practice, this means that you should refresh the table after every use of "EM".
The table is sorted in chronological order. To avoid stepping over other admins who are also working the list, you might consider jumping ahead using the "start" parameter in the querystring to begin at some random spot in the list.
This is the algorithm that I use when scanning the rows:
- If the user has a green e-mail address, use "EMS" to determine if that domain is only used by spambots. If so, hit back and use the "EM" button to ban it. If you use the "EM" button, refresh the table immediately afterward. If you find a green e-mail address which is used by legitimate users, tell me about it so I can "ungreen" that domain
- Use "!" to blank the account
- If the resulting screen has an IP ban button, click it
- Return back to the table
- Once the table has been traversed, refresh the page to get a new batch (the act of blanking their accounts removes them from the list, so hitting the "next 100" button would skip over 100)