spam

Importante releases or news for the communauty

Moderator: KanedaFr

KanedaFr
Administrateur
Posts: 1139
Joined: Tue Aug 29, 2006 10:56 am
Contact:

spam

Post by KanedaFr » Wed Jul 20, 2011 10:13 am

Hi,

this forum is more and more spammed...
My anti spam measure at sign in isn't enought to stop 'human' spammer...
I banned almost any IP from Pakistan/India/SriLanka but it's not enought...
There are some mods which block spammers from their ip and/or their email...but for phpBB 3.x :(

so 3 solutions (from the easiest to the hardest) :
1/ I keep it like this and delete user/posts one by one
2/ I dev a mod myself (could be harder to hack than "known" mods) using API like StopForumSpam's one
3/ I move this forum to the latest version

I still don't know what to do... but if you see some weird behaviors on this forum on the coming weeks, don't be surprised : I'm perhaps updating it

Again, sorry for the spams, I'm working on this problem.

Stef
Very interested
Posts: 3131
Joined: Thu Nov 30, 2006 9:46 pm
Location: France - Sevres
Contact:

Post by Stef » Wed Jul 20, 2011 11:08 am

Did you tried to change your anti bot question ?
The current question can be find by bot with google
I know that since i added an ambiguous question to a forum that i somewhat managed at work we don't get a single bot (we got a tons before, even with anti bot picture stuff).
When i say ambiguous question it can be something as :
"Give the result minus one of this simple operation : 3 + 4"
which is not 7 as the bot will reply but 6...

KanedaFr
Administrateur
Posts: 1139
Joined: Tue Aug 29, 2006 10:56 am
Contact:

Post by KanedaFr » Wed Jul 20, 2011 12:23 pm

I think the anti bot question is difficult enough...
It's not basic like 2+3 or (green or yellow)

My problem is with human spammer, people paid to lost time register manualy then use their account to bot spam (I don't think they manualy spam)

I plan to check ip + email on register, login, reply, post and private message page. API available is easy to use so it should be possible...

Stef
Very interested
Posts: 3131
Joined: Thu Nov 30, 2006 9:46 pm
Location: France - Sevres
Contact:

Post by Stef » Wed Jul 20, 2011 6:20 pm

KanedaFr wrote:I think the anti bot question is difficult enough...
It's not basic like 2+3 or (green or yellow)

My problem is with human spammer, people paid to lost time register manualy then use their account to bot spam (I don't think they manualy spam)

I plan to check ip + email on register, login, reply, post and private message page. API available is easy to use so it should be possible...
Honestly i don't think they are human spammer which actually does register manually to forum. I just think that automated bots are more and more capable of replying questions.

sega16
Very interested
Posts: 251
Joined: Sat Jan 29, 2011 3:16 pm
Location: U.S.A.

Why?

Post by sega16 » Wed Jul 20, 2011 6:56 pm

I just don't get it why do people spam this forum out of all the forums.Maybe you could do a test question that only people who want to register for the forms because of the sega genesis for example:
Q:What is another name for the sega genesis
A:sega megadrive
EDIT:I just logged out and click register and then got this for the question:
What of these four is an planet?
America, Cat, Earth, University

everyone knows it's earth try something that only sega genesis fans would know like (above) or even what 3 letters are on a sega genesis controller and the answer would be (of course)A B and C

Chilly Willy
Very interested
Posts: 2984
Joined: Fri Aug 17, 2007 9:33 pm

Post by Chilly Willy » Wed Jul 20, 2011 10:59 pm

Human spammers is a real problem - pretty much any of those ads you see for "Earn up to $2000 a day working at home!" is a job signing up on forums for spambots to use. They aren't just in certain countries anymore, but everywhere.

I've no idea how much work it would be, but perhaps after signing up, the user would have to make ten posts in an invisible forum (link provided in the email after registering). If they don't make the posts, or if the posts meet some filtering specs, they're auto-banned. Or maybe send them ten different emails, each with it's own question, one a day for ten days. The idea is to make it not worth the spammer's time as wasting ten days to get on one forum isn't worth the money.

sega16
Very interested
Posts: 251
Joined: Sat Jan 29, 2011 3:16 pm
Location: U.S.A.

Post by sega16 » Thu Jul 21, 2011 12:10 am

the email idea seems like it would make it a bit more difficult to register (for a real reason) because what if the person who wants to register for real and not to post about discount Viagra or what ever crap they are trying to sell just forgets to check there email and then gets auto-banned.

Nemesis
Very interested
Posts: 791
Joined: Wed Nov 07, 2007 1:09 am
Location: Sydney, Australia

Post by Nemesis » Thu Jul 21, 2011 12:36 am

How about making it possible for forum users to help you deal with spammers? Don't try anything extreme to stop human spammers registering, just make it possible for other registered users to click a "Report as spam" link or whatever on a users post. You can then use that information however you want. It might just be logged, for you to check out later, or maybe you can allow it to have an immediate effect, IE, if a user gets, say 10+ reports, or whatever number you think makes sence, their account gets suspended for a day. If you log on and see it's really just a spam account, you can then ban it.

I think adding tools to allow users to help manage spam is the best way. Just look at how Wikipedia manages to keep so well under control.

Chilly Willy
Very interested
Posts: 2984
Joined: Fri Aug 17, 2007 9:33 pm

Post by Chilly Willy » Thu Jul 21, 2011 12:43 am

sega16 wrote:the email idea seems like it would make it a bit more difficult to register (for a real reason) because what if the person who wants to register for real and not to post about discount Viagra or what ever crap they are trying to sell just forgets to check there email and then gets auto-banned.
Give them a week to respond to the email. If they don't respond, maybe mark the account as "suspect" and when the person tries to log in, pop up a screen telling them to respond to the email or they'll be banned.

sega16
Very interested
Posts: 251
Joined: Sat Jan 29, 2011 3:16 pm
Location: U.S.A.

Post by sega16 » Thu Jul 21, 2011 5:27 pm

Nemesis wrote:How about making it possible for forum users to help you deal with spammers? Don't try anything extreme to stop human spammers registering, just make it possible for other registered users to click a "Report as spam" link or whatever on a users post. You can then use that information however you want. It might just be logged, for you to check out later, or maybe you can allow it to have an immediate effect, IE, if a user gets, say 10+ reports, or whatever number you think makes sence, their account gets suspended for a day. If you log on and see it's really just a spam account, you can then ban it.

I think adding tools to allow users to help manage spam is the best way. Just look at how Wikipedia manages to keep so well under control.
Great idea! that would by far get the most results also it would more than likely get spritesminds of there list of sites that people register and spam

Chilly Willy
Very interested
Posts: 2984
Joined: Fri Aug 17, 2007 9:33 pm

Post by Chilly Willy » Thu Jul 21, 2011 11:30 pm

sega16 wrote:
Nemesis wrote:How about making it possible for forum users to help you deal with spammers? Don't try anything extreme to stop human spammers registering, just make it possible for other registered users to click a "Report as spam" link or whatever on a users post. You can then use that information however you want. It might just be logged, for you to check out later, or maybe you can allow it to have an immediate effect, IE, if a user gets, say 10+ reports, or whatever number you think makes sence, their account gets suspended for a day. If you log on and see it's really just a spam account, you can then ban it.

I think adding tools to allow users to help manage spam is the best way. Just look at how Wikipedia manages to keep so well under control.
Great idea! that would by far get the most results also it would more than likely get spritesminds of there list of sites that people register and spam
No, it wouldn't. NeoFlash had a similar problem, and giving common user (like myself) the ability to delete spam and ban spammer made NO DIFFERENCE AT ALL since the spammers realized that users will still take a certain amount of time to notice the spam, realize it is spam, then delete it. If they can flood 10 to 100 spams before getting banned, they've earned their money and they'll keep it up. You need to prevent them from ever getting a single spam posted or you've failed.

By the way, NeoFlash eventually wound up updating the forums to the latest version of their board software to block current spammers.

sega16
Very interested
Posts: 251
Joined: Sat Jan 29, 2011 3:16 pm
Location: U.S.A.

Post by sega16 » Fri Jul 22, 2011 5:04 am

Chilly Willy is right about the update part By keeping up with the latest security updates we would be more ready to combat the spammers with better technology

KanedaFr
Administrateur
Posts: 1139
Joined: Tue Aug 29, 2006 10:56 am
Contact:

Post by KanedaFr » Fri Jul 22, 2011 5:45 am

I know....but update to 3.x is a major work...
I need to find the time to do it :(

Chilly Willy
Very interested
Posts: 2984
Joined: Fri Aug 17, 2007 9:33 pm

Post by Chilly Willy » Fri Jul 22, 2011 6:45 am

KanedaFr wrote:I know....but update to 3.x is a major work...
I need to find the time to do it :(
Yeah, that's the downside of updating. I guess in the meantime as a stop-gap measure, you could set a couple other users to admin status so they could delete any spam until you find the time to update.

Eke
Very interested
Posts: 884
Joined: Wed Feb 28, 2007 2:57 pm
Contact:

Post by Eke » Fri Jul 22, 2011 8:04 am

In my opinion, only severe restrictions on new registered users can prevent spam.

For example:

- prevent new account posts from appearing on the forums immediately, make their first posts go through some kind of moderation pipe until you are sure they are not spammers.

- block private messages for new accounts until above step is fulfilled (this blocks spamming users message boxes)

- remove public profile informations or signatures (it's often used to spam website addresses and I'm sure we can live without it)

It's not as if this forum was getting a lot of new registered users anyway so I don't think these measures would be too much annoying for legit users, maybe the first step requires some boring work on the moderating side and could eventually be dispatched to forum users who have time to do it. Off course, it must also be technically possible, and that I have no idea.

Post Reply