The spammers have been very active lately. I am using a method to deny these bozos permission to post. Unfortunately even though the individuals cannot post it is not possible to delete their names without compromising the method. The user name of the spammer will appear on the home page showing new registrations only when they are on the site as a non-posting member.

Patience please. I have a trouble ticket registered with vBulletin Support and am awaiting their assistance.

I now have a method, in use for some months now, that allows me to entirely expunge bogus "members".

Good luck Joe.

There have been no junk postings for 90 days; there have been no new bogus registrations for 90 days. During the period 08.12.07-11.12.07 more than 575 IP addresses have been banned. The site is swept a minimum of 4 times every 24 hours. I have succeeded in eliminating these spurious, though occasionally amusing, user names. Of the 302 members currently registered not 1 is a spammer as verified by individual scans of registration information.

The lowvolt.org site is visited by about 100 individual IP addresses in a 24 hour period.

The home page in the bottom left area lists the latest "member". These odd "member" names are a sure indication of nefarious intent and are deleted quickly. If a new "member" name is shown on the home page click on "reload" and they will probably disappear from the screen. Whoever or whatever they are they have not posted anything objectional since their presence is fleeting at best. Constant vigilance means that only bona fide new registrations are admitted to the posting protocols of the site.

Your thoroughness in banning spam has also banned my ISP. You and I have speculated about why, but the problem is not on my end.

Whenever I want to contribute I have to borrow someone else's computer.

Too much hassle.

Please delete my user name and account. It's just too frustrating.

Greg, I reviewed our exchange of private emails going back to 01.25.08; the total of the emails was 7 during the course of about a week. If you come to lowvolt.org and linger i.e. do not sign out or quit the site I could detect the IP listed for your handle and confirm it as matching (or not) the IP in your profile. Since I am on the site to check for bogus members at least 4 times between 8 AM and 11 PM I would shortly discover you on site and detect your IP and email it to you to confirm that our numbers match. The following paragraphs explain how banning works:


When banning an IP from posting only the individual's full IP (for example: 12.345.54.321) will be banned. If 12.345* is banned every individual whose IP begins with 12.345* will be banned. As the IP becomes more complete, the fewer people are banned; inputting 12.345* will eliminate thousands of individuals but the complete ISP will only ban a single individual.

A review of IPs banned since 01.01.08 does not list your (Greg's) IP numbers; none even come close. There is only one banned IP that has the same initial digits i.e. before the first . and this includes all the the separate, full IP numbers we discussed in our email exchange.

Banned IPs are retained in a sequential list as part of vBulletin's protocols. I have kept a separate list of banned IPs by date in handwritten columns that "stack" each set of numbers. There are 3677 banned IPs as of 11 AM 04.20.08 I can scan the list looking at, for example, the first set of digits; if I find a match I go on to the next set of digits. It is extremely rare (only 6 instances) for both the first set and the second set to match much less the third and fourth. See below for an example of a series of complete IP matches.

It is possible to ban an actual, complete email address as well as an IP. There about 25 banned, complete email addresses. Working similiarly I can ban via an email address an entire country; as an example an email address ending with the banned .ru will prevent any Russian Federation email address from accessing lowvolt.org thus a valid email address is required by vBulletin's protocols otherwise a person cannot join or post. As in the IP ban an exact, full email address will ban that exact email address only. If, however @gmail.com is banned the ban would affect every @gmail.com address: millions of them.

The spammers quickly changed their methods so that now almost all of them are using gmail. If I banned @gmail.com there would be no new members and @gmail.com is the most common vector for spam. Typically the spammers were using nonsense email addresses such as: younggirls@sexymovies.com (not an actual address) but now that @gmail.com predominates the traffic most accurate banning is done by IP or the most inclusive by country.

If I am deluged with sets of IP digits such as 12.345.54.321 It is possible to ban the series with an *; thus 12.345.54.32* will ban 10 ISPs, 12.345.54.3* 100 IPs and so on.

My screen shows currently active users (members and guests) with their IP. When I click on the IP in the right hand column it will, about half the time, give the origination of the IP or an identifying term such as googlebot, crawler etc. These are spiders cataloging the site and even though all their IPs end in a related numerical series it is important not to ban these addresses since their function is vital to online searches.

While I regret that an individual may have somehow been erroneously banned, that is a singular occurance not a glitch in the vBulletin protocols. The problem is elsewhere. I welcome input from members having difficulty with the lowvolt.org site. In the circumstance that prompted this lengthy post there is a demonstration of my commitment to the members.


A new member of lowvolt.org cannot post until they have been manually accepted by my responding affirmatively to their provisional status. An acknowledgment of their full membership and the ability to post are confirmed to the new member by an email to their address. There are no pending members awaiting "moderation" thus a match of numbers is required to be a posting member.

Joe,
I would have replied on the board but was denied access....
So I emailed you with a response.

I'm having to post from my girlfriend's laptop... (she uses a Comcast wireless conection)


My main email is Earthlink, and my provider is Earthlink. I use their DSL. I don't know about proxy servers or any of that stuff, but when I try to find my IP address it usually places me in Oakland (45 miles away) and using Mindspring (an Earthlink subsidiary).

BUT, it's my understanding (?) that anytime I power down my DSL modem that it might give me a different IP when I power up again. In fact, as I recall, one of my emails to you was about that.


My IP (apparently) currently begins with a 66.245.....

IP Location:

Country of this IP:United States
Region of this IP:California
City of this IP:Oakland
ISP:EarthLink

Proxy:

Proxy Type:None / Highly Anonymous



Gregg Catanese
www.sprinklersplus.com

G. Catanese Landscape Services
CA Lic. # 529866
408.369.1391

Joe, I guess you're having some issues with your security software not letting some of us on. I myself tried to send you an email earlier today which would not go through because of my ip address?

Here is something that was sent to me this morning:

Have you been on low volt lately? I haven't visited the site in months, but when I tried today I received a message that states my IP address has been banned? If you can still log on, could you please email Joe and ask him what's up for me? I tried to email him, but even the emails don't go through. I'd appreciate it if you would ask him to email me if there is some kind of problem that I'm not aware of.

Thanks Paul,

ilightemup@comcast.net
__________________
Chris J, CLO (Chief Luminary Officer)
Johnson Landscape Lighting, Inc.
Member AOLP, CLVLT #0638
FL Lic#ES12000428, GA Lic#LVG105244
www.JohnsonLightingInc.com

I wanted to let you know so you could rectify this.

Thanks,

I have sent emails directly to the members involved and I have posted an inquiry on the vBulletin trouble-shooting Forum today.

Joe, has your site been hacked?

I received three emails in my spam folder of my old email dated 2/24/06... but when I downloaded them the dates reverted to 8/11/08.

Each gave me a different link to access the site, and each attempt failed because my IP is blocked.

Two attempts to email you at admin@lowvolt.org also failed. I cc'd those emails to someone at sgass@gass.com, because the email appeared to have come from there, and I thought maybe they were emailing on your behalf....

www.gass.com appears to be a portfolio site for someone who does graphic design...

No reply yet from them either...

Emailing you know from a laptop somewhere else because my DSL is down at home...

Wondering if the email I thought I was sending to you went to a hacker instead. It had my IP in it, and soon after that my DSL stopped working and my antivirus software warned me of unauthorized change attempts... hoping it's a coincidence.

I did experience an anomaly about four days ago. My inbox received 40 or 50 old emails alerting me to responses to posts dating back a few years; this was the first occurrence of anything out of the ordinary relating to lowvolt.org's potential vulnerability.

A few minutes ago I opened a query to vBulletin Sales Support concerning the purchase of a professional upgrade to the latest iteration of vBulletin. Their 3.7.2.PL1 (the site is currently running 3.6.8) is purported to have addressed security issues relating to your report. I will keep you informed.

All administrative emails come to me. Steve Gass, the former webmaster for lowvolt.org, regrettably is no longer available to solve technical problems with the site. The email address you mentioned is no longer active.

Thank you for bringing this to my attention.

This site is now upgraded to the latest iteration of vBulletin: 3.7.2 PL2; I have not noticed any additional quirks similar to what was reported earlier. Let me know if anything similar recurs.