Forum spam

[stinkyfax]

Hello everyone,

I am relatively new to the forum but would like to point out:

I am subscribed to RSS feeds of the forum, and have noticed that 80% of posts are spam, most of which is deleted fast.

Due to massive spam, I would like to suggest improving anti-spam side of the forum, captchas, some custom questions like on ru-mangos site, etc etc. We could add something to reduce the spam traffic.

Thanks

[antiroot]

Oh soo sorry stinkyfax, I reported your post by mistake, i deeply apologize to you and the moderator that will have to deal with my mistake...

This has been discussed several times, especially as of recently. The Luda has explained some issues with improving security (not that I believe he is against it any way, just a daunting task)

Most of the spam I see comes from individual accounts that are created and used only once (maybe they get banned quickly?) I would recommend making new accounts as a Pending user group that must post a minimum number of posts in a special thread, that way the spam that does happen can be centralized in one area and prevent them from getting to other threads. Legitimate users would just have to post something coherent that's obviously not spam and then they would be allowed to post to the rest of the forums. The reason for suggesting this way is that it wouldn't require any new plugins/modules to the forums software.

Then a new moderator could be assigned to this "spam catcher" thread and ban spammers and occasionally purge the thread

Edit: Just have to say I was not trying to be an ironic ass by reporting you, I just simply wasn't paying close enough attention when I thought I clicked reply, again sorry about that we really do need more people like you that care about the community and don't want it being overrun by people claiming to sell "cheap watches" or "enhancement products", I had just finished reporting some spam and i think i was still in "Report mode"

[stfx]

This has been discussed several times, especially as of recently. The Luda has explained some issues with improving security (not that I believe he is against it any way, just a daunting task)

Most of the spam I see comes from individual accounts that are created and used only once (maybe they get banned quickly?) I would recommend making new accounts as a Pending user group that must post a minimum number of posts in a special thread, that way the spam that does happen can be centralized in one area and prevent them from getting to other threads. Legitimate users would just have to post something coherent that's obviously not spam and then they would be allowed to post to the rest of the forums. The reason for suggesting this way is that it wouldn't require any new plugins/modules to the forums software.

Then a new moderator could be assigned to this "spam catcher" thread and ban spammers and occasionally purge the thread

No, please dont. I really hate those forums where you need to get permission to post or something like that. Simply add a few random custom questions on register - this catches all spambots

[stinkyfax]

No problem, When I was typing topic name :"Forum spam" I was thinking someone will definitely accidentally report me

I personally have to fight spammers much, I have active forum which periodically is a target for spammers.

Best thing so far I found is "assemble picture kaptcha", but since you run different forum software I can't insist on my option being best cross-platform Just felt expressing my opinion since I noticed a lot of spam in RSS which means moderators have tough time keeping it clean.

[VladimirMangos]

no problem, i delte post, but i not see reason ban you

[Unkle Nuke]

The biggest trouble isn't so much the spammers as the methods sometimes used to stop them.

By making the registration process too involved or restricting access until proven that you're a genuine new member, you also restrict the freedom to participate in what is supposed to be an open community for open learning. If signing up for membership becomes too much hassle, then many people would not bother to register.

Having moderators police the spammers is labor-intensive, but it does still allow everyone the freedom to join in the discussions. In weighing options on how to handle the Spam Scourge, would any measures taken place too great a burden on legitimate new members? Are the spam posts disruptive enough to the flow of conversations that any impact from anti-spam measures would be mild by comparison?

Perhaps a simpler, less invasive method would be to present a spambot trap that doesn't seem like one. Add a "Secret Question" to the registration process, for password recovery. Let the user choose from a drop-down list of preset questions and then type in an answer. "What is the name of your favorite pet?", "What is your favorite movie?", is quick and easy to answer, adding minimal impact to registering while making life a little more difficult for the spambots.

[Senpuria]

No, please dont. I really hate those forums where you need to get permission to post or something like that. Simply add a few random custom questions on register - this catches all spambots

This does not actually work anymore.

I setup a forum about two months ago and enabled rechapcha but it didn't have any effect at all. I also enabled confirming of email address before being able to post and this didn't stop any of the spammers at all.

I was only able to stop the spamming with a mod which caught spammers by things they typed, if they changed their signature and if they posted any weird links in the post.

[Unkle Nuke]

By all means, please twist some arms around here until they agree to have a look at your "smart script" for netting those pesky spammers.

Is it some variation on the Bayesian filter used to trap spam in your e-mail inbox?

Finding an acceptable answer reminds me of some technological history. It's like the modern equivalent of the old inventor's saying, "Build a better mousetrap and the world will beat a path to your door!"

[Senpuria]

Haha, indeed.

It was quite weird, I couldn't figure out how they were getting past the original recapcha and email verification before posting, other than..they must actually be manually registering to the forums, thus being able to bypass the security.

After installing the mod the spam went down by 99%, I was getting around 1 per day, but the anti spam was automatically flagging the user after they posted so they could not post again.

The only one that can install the anti spam to the forums is TheLuda so unfortunately until he appears it looks like we will have to keep manually deleting the spam

[void513]

i dont see how get past the rechapcha any way unless someone actualy sighning up the using the account with spambot.are you banning by account name or ip?banning by ip would keep some from signing up and spamming again will other might have to wait till there isp changes their ip.unless they are using a poxy.and this might limit ppl in community but i been to some site the will not let you on if you using a poxy. u can us that here to limit the spamming bots while banning through there ip

[lillecarl]

Adam00: It depends on what company you are using as ISP, as you might know a server has static ip, you can get it to your home aswell, but usually for a fee.

So ip bans are not good, it could result in getting others banned, the chance aint big but it could happen

[void513]

if im not mistaken each isp is given a range of ips to assign to there customers.you can pay to have a static ip.and im not sure how offten they recycle the ips and reuse them.

[Senpuria]

We can't ban IP range because it may ban other people who are on that IP range for some reason.

Most spammers connect to the forums from routers so they can simple reset the router to get a different IP address. All we can do at the moment is keep banning account, email and IP address and make it frustrating for them to keep making new emails and accounts to re-register to the forums just to spam it.

[void513]

sorry i did not mean by ip range that ban alot uncessary ppl.

[antiroot]

To go into detail about the issue with banning IPs, and I think i mentioned this in another forum, are users within a large NAT network with a single WAN IP (school campus networks for example) or users that connect via their ISPs proxy (this is very common for AOL users)

Another idea that i've seen used a few times. during registration (on the site i saw this is was during login) display 4 images in random order with numbers 1,2,3, and 4 next to them, 3 of the images would be objects like a Gear, a Bird, a Bicycle and the 4th object would be a Mango, then the user has to answer which number is the Mango.. this doesn't eliminate spam completely since there's still a 25% chance they can guess it, but at least they can't use OCR or whatever text based means they're using to break captchas

[Senpuria]

This is assuming that the spammers are automatically registering to the forums with some kind of automated bot.

However I've said before that I applied user activation by email to a forum that I have and it did not stop the spam at all, this leads me to believe that the people who are registering are human, not bots.

It could be possible that they have made some kind of program that detects text on the screen, opens their email inbox and automatically clicks the activation link but I'm assuming that would be quite difficult.

[lillecarl]

The forum bot creators are smarter then you think! I think the bot automatically open all links you send to their email. A solution might be to add a "anti bot plugin" which i don't think exists on FluxBB. Or/And add several different capatchas to the registration page, you could make several smart solutions to this.

[Senpuria]

We could definitely implement some kind of anti spam system but like I've said before I have to wait until TheLuda pops up because I don't have immediate access to modify the forums in such a way

[lillecarl]

I understand that, adding multiple capatchas would probably need some coding to the registration function. And i guess you don't have FTP access to the mangos web server?

[Senpuria]

Afraid not, just moderator access on the forums but it doesn't let me access any of the boards features from the MCP.

I'll keep poking TheLuda until he appears.

[void513]

this may or may not help in some way but it a site that keeps a database of known forum spammers including ips and email addresses.

http://www.stopforumspam.com/daily