Fighting Spam..Thoughts?

R

ryanvade

Guest
Okay, the spam on the forums and groups is getting ridiculous. I spend more time fighting the spam then actually helping users.

I have a few proposed anti-spam forum addons that I think should be used and I want to know what the community thinks.

1. Integration with Stop Forum Spam .com which is a list of known spammers IP, email, and usernames. When someone creates an account on the forums, their information is checked with the list. If they are a known spammer, either the forum can stop them from creating an account or an Admin is notified.
http://www.stopforumspam.com/

2. Only long-time members can make groups. Simple enough.

3. Longer "new user" status. From what I have seen, the spammers are getting around the new-user status by posting a non-spam post; then they spam.

4. Each IP can only have one account. This is a bit harder to accomplish and is probably not a good idea. But it is an option.

5. ZB Block.
This php security script is designed to detect certain behaviors detrimental to websites, or known bad addresses attempting to access your site. It then will send the bad robot (usually) or hacker an authentic 403 FORBIDDEN page with a description of what the problem was. If the attacker persists, then they will be served up a permanently reccurring 503 OVERLOAD message with a 24 hour timeout.
http://www.spambotsecurity.com/zbblock.php

If anyone knows of other good Anti-spam tools, please post a link bellow.

If enough "likes" or posts get in this thread, maybe we can convince the higher-ups to get better anti-spam.

:)
 


L

lobo

Guest
1. Integration with Stop Forum Spam .com which is a list of known spammers IP, email, and usernames. When someone creates an account on the forums, their information is checked with the list. If they are a known spammer, either the forum can stop them from creating an account or an Admin is notified.
http://www.stopforumspam.com/
Bad idea as users with dynamic IP addresses which spammers have been using, or tor users (like me) get banned as well.
2. Only long-time members can make groups. Simple enough.
Putting a post/join date limit on that seems acceptable.
3. Longer "new user" status. From what I have seen, the spammers are getting around the new-user status by posting a non-spam post; then they spam.
At least they reveal themselves early on? Otherwise you would have e.g. 10 posts of inane crap before the ads appear...
4. Each IP can only have one account. This is a bit harder to accomplish and is probably not a good idea. But it is an option.
Unenforceable and see my comments regarding dynamic IP ranges / tor above.
They probably use it on their own site and it blocks tor as well - so more IP banning. I don't see xenforo mentioned anyway?
If anyone knows of other good Anti-spam tools, please post a link bellow.
Better captcha, more controls on who can post links, etc, makes spammers more manageable, without locking out innocent users.
 
M

MikeyD

Guest
A captcha would definitely help cut down and would probably be more cost-effective to implement. I also don't have a problem with #2, new users shouldn't need the right to create groups or if they need to just let people know they can PM an admin to request it be created.

I found a post listing some steps other hosts used:

1. To post on my site you have to register.
2. Activated email verification
3. Activate Image Verification
4. Banned 'free' email domains many spammers use
5. To post they have to type in the image verification image.
6. I stopped showing the option to use [urlwww.here.html[/url] and still they managed to post with their spam links

Heres the link:
http://www.vbulletin.com/forum/forum/vbulletin-legacy-versions-products/legacy-vbulletin-versions/vbulletin-3-6-questions-problems-and-troubleshooting/223670-how-to-stop-spam-bots

In the last post he mentions the above steps didn't work right away but within 5 months he was spam-free. If you can track the traffic to see if its coming from a specific domain or area that may help, but with the amount of traffic this site gets I figure that may be difficult.
 
R

ryanvade

Guest
I just got a PM from @Rob . Some new anti-spam changes have been made. So far I am not seeing any changes...
 
R

Rob

Guest
yeah - we'll be working on this today.. also tired of the spammers.. they've stepped it up! heh
 
M

mike

Guest
All groups should be spam free later today. Rather then just wiping them, we are going though each one to make sure the spammer is IP banned. We also put into place higher restrictions to be able to create a new group.
 
L

lobo

Guest
we are going though each one to make sure the spammer is IP banned
Which will not help as they will never post from the same IP addresses. As I explained above these types of spam countermeasures will just block a lot of innocent users.
 
D

DevynCJohnson

Guest
Okay, the spam on the forums and groups is getting ridiculous. I spend more time fighting the spam then actually helping users.

I have a few proposed anti-spam forum addons that I think should be used and I want to know what the community thinks.

2. Only long-time members can make groups. Simple enough.

3. Longer "new user" status. From what I have seen, the spammers are getting around the new-user status by posting a non-spam post; then they spam.

4. Each IP can only have one account. This is a bit harder to accomplish and is probably not a good idea. But it is an option.

:)
#2 - Maybe the "Groups" should be entirely removed (it looks like it has now). The "Groups" page has not been used much anyway.

I disagree with #4. For example, some universities (like ITT Tech) may have a group of students sign of for a Linux.org account for a Linux class. Since all out going data from the building would be the same IP address, only the first student would get an account. Also, what about people accessing the site and getting an account while at a library or coffee shop with a wifi hotspot?

#3 - Maybe instead of users getting an account instantly, they must get the account approved by a staff member. Maybe the new user will be required to offer some proof of a legitimate desire to use Linux.org (correctly).
 
D

DevynCJohnson

Guest
Many spammers post a web-link on their profile page's status. Can the system flag that user if such activity is seen?
 
D

DevynCJohnson

Guest
I have another idea. Comments and posts should have a set minimum amount of characters and should not just be a web-link.

For example, a post should not just be

"Linux.org"

Instead, the post should look more like

"The answer to your question can be found here on this page (Linux.org). Good luck!"
 
R

Rob

Guest
We've had the following in place (among other things):
1. The forum checks the user's IP address against stopforumspam.com
- This is one of the most widely used spammer databases out there. It also allows for people who may be on a spammer's old IP to clear the IP so that they can register.

2. The forum checks how long it took for the user to fill out the registration form
- If it is too quick (too quick for a human to fill it out) it won't allow registration

We've added:
1. Users with less than 7 days on the forum, less than 10 posts, and less than 1 like are in a 'newbie' group
- The newbie group can't post links or signatures
- Once a user has been registered for 7 days, has 11 or more posts and at least 1 like, they get auto-promoted into the regular user group
- All users currently meeting the 'newbie' standards were set to newbie in the user db

2. Removed the groups section

3. Tweaked some registration settings

4. Added hidden fields to registration form (bots/software will fill them out, and won't be allowed to register)

5. Added more spammer DBs to check for spammer IPs
 
D

DevynCJohnson

Guest
We've had the following in place (among other things):
1. The forum checks the user's IP address against stopforumspam.com
- This is one of the most widely used spammer databases out there. It also allows for people who may be on a spammer's old IP to clear the IP so that they can register.

2. The forum checks how long it took for the user to fill out the registration form
- If it is too quick (too quick for a human to fill it out) it won't allow registration

We've added:
1. Users with less than 7 days on the forum, less than 10 posts, and less than 1 like are in a 'newbie' group
- The newbie group can't post links or signatures
- Once a user has been registered for 7 days, has 11 or more posts and at least 1 like, they get auto-promoted into the regular user group
- All users currently meeting the 'newbie' standards were set to newbie in the user db

2. Removed the groups section

3. Tweaked some registration settings

4. Added hidden fields to registration form (bots/software will fill them out, and won't be allowed to register)

5. Added more spammer DBs to check for spammer IPs

I like the changes. Good thinking!
 
C

Cyber-Berserker

Guest
I like #4. It looks like something that may be effective against bots.
The only problem I have with #1 is the like requirement. A week and ten posts is not too onerous for new members, but why include the need for a like? It is irrelevant.
 
R

Rob

Guest
I liked your post ;)

The 1 like makes sure that the new user isn't just waiting 7 days and posting 10 useless posts..
 
C

Cyber-Berserker

Guest
What if the new member is a newbie and is only asking questions and asking for the answers to be explained further? That person would be unlikely to have any likes.
 
R

Rob

Guest
Then they wouldn't be able to have a sig or post links until they earned a like.. either by helping another user.. posting something productive.. etc..
 
?

|)/-\|)

Guest
What would be really great is if all of the raw programing talent on this sight could get together and build a spam-bot killer....;)
 
D

DevynCJohnson

Guest
What would be really great is if all of the raw programing talent on this sight could get together and build a spam-bot killer....;)
My programming specialty is artificial intelligence, so we already have some feasibility.
 





Top