Jump to content

Strategy to stop spambots (from another forum)


Twenty@20

Recommended Posts

So I have been hanging around the Oneplus forums for the past week (recently bought a Oneplus One, no surprises) and I noticed a few good things about that forum.

Firstly it's design is very good. Lightweight, hence fast. Our mobile site is very fast as well but the desktop site is only moderately so. (I stay mostly on 2G network, so I feel it more)

Second point I noticed is the Oneplus forum doesn't have separate mobile and desktop versions. So the site has full functionality. The editor is fully loaded. No need for BBcodes. That's a real boon. Now I know we are expecting a major overhaul of our dear site and its going to have all these features. All I can say I am eagerly awaiting it.

Lastly about the spammers. The Oneplus forum doesn't allow new members to start a discussion or thread. They have to post once in another thread to become eligible for opening a discussion. This set me thinking and I realised it's the very thing we need on our forum to stop spambot because guess what they always open their own threads and never post in another thread. So what do our moderators think. Can this be done?

Link to comment
Share on other sites

Perhaps require a captcha for anyone with a 0 or negative reputation. I don't remember the process I went through to join, but perhaps no posts until they verify their e-mail or until they have been verified by an established member. Maybe give everyone with a reputation over 500 the ability to verify new members as real people. Not sure how hard any of this would be with the available forum software.

Link to comment
Share on other sites

I'm just happy we have active mods who clean up shop every now and then, I'm not sure how feasible some of these suggestions are and some like requiring validation from existing members while effective might also make the site seem a bit scarier and exclusive to prospective new sharders

Link to comment
Share on other sites

So I have been hanging around the Oneplus forums for the past week (recently bought a Oneplus One, no surprises) and I noticed a few good things about that forum.

Firstly it's design is very good. Lightweight, hence fast. Our mobile site is very fast as well but the desktop site is only moderately so. (I stay mostly on 2G network, so I feel it more)

Second point I noticed is the Oneplus forum doesn't have separate mobile and desktop versions. So the site has full functionality. The editor is fully loaded. No need for BBcodes. That's a real boon. Now I know we are expecting a major overhaul of our dear site and its going to have all these features. All I can say I am eagerly awaiting it.

Lastly about the spammers. The Oneplus forum doesn't allow new members to start a discussion or thread. They have to post once in another thread to become eligible for opening a discussion. This set me thinking and I realised it's the very thing we need on our forum to stop spambot because guess what they always open their own threads and never post in another thread. So what do our moderators think. Can this be done?

Firstly, the new site will have responsive design and so the mobile site will be fully featured. (Also, though visual editors are good... I am actually very worried about the removal of BBCode in the new version. I don't trust visual editors if something goes wrong, and they frequently do. It is not inherently better without BBCode.)

The suggestion is not a bad one, but I do worry, because often a member does post in Introduce Yourself when they register. I could have it enabled so new members can post new topics there, but then wouldn't bots just spam there, and then upon them doing that, spam elsewhere?

I guess it is worth thinking about but it seems like a band-aid solution that isn't good to new members. The features I want from something like Twitch chat would be words that ban people for using certain terms. And unfortunately such methods don't exist for some stupid reason. It annoys me to no end.

Also, for the people who are suggesting CAPTCHAs: obviously. We have that. Have had it for a long time...

Link to comment
Share on other sites

...

The suggestion is not a bad one, but I do worry, because often a member does post in Introduce Yourself when they register. I could have it enabled so new members can post new topics there, but then wouldn't bots just spam there, and then upon them doing that, spam elsewhere?

I guess it is worth thinking about but it seems like a band-aid solution that isn't good to new members. The features I want from something like Twitch chat would be words that ban people for using certain terms. And unfortunately such methods don't exist for some stupid reason. It annoys me to no end.

...

Perhaps we could have a trial run for a month or two. New members can post a reply in someone else's topic in Introduce Yourself and then open their own topics there if they want. New members can be informed about this while signing up so there is no confusion.

I agree it's a stop gap measure. However if helps the moderators in fighting spammers then great. If this doesn't work or a better system comes along then it can always be abandoned later.

Edited by Twenty@20
Link to comment
Share on other sites

Perhaps we could have a trial run for a month or two. New members can post a reply in someone else's topic in Introduce Yourself and then open their own topics there if they want. New members can be informed about this while signing up so there is no confusion.

I agree it's a stop gap measure. However if helps the moderators in fighting spammers then great. If this doesn't work or a better system comes along then it can always be abandoned later.

I'm not sold; we shall see.

Link to comment
Share on other sites

. The features I want from something like Twitch chat would be words that ban people for using certain terms. And unfortunately such methods don't exist for some stupid reason. It annoys me to no end.

I would not want a system automatically banning on using certain words, because there are many innocent ways to use them. for example, shall we ban "vashikaran", as it is used only in spambots? well, someone is going to post "hey guys, remember when we had the spam from that vashikaran black magic?" and be banned for it. I don't know any way to make such a system foolproof. furthermore, many spambots will write with grammar errors to go through most censorship systems.

For the same reason I don't like automated word censors to filter out dirty talk. I remember a time when some people argued because some considered a certain term insulting and others did not, and here i wanted to talk  about how the meaning of words change with time so words that were insulting are not anymore and viceversa, but it was practically impossibile with the automatic censor.

And on italian forums there are even funnier instances. the war of Troy, in italian the city name is Troia, except that troia is also an insult (google translate it if you are intersted in the translation, i cannot write it here because it would be deleted), so you can't make references to the iliad without the censor stopping you from posting.

I definitely do not trust automated systems telling people what they can write and what they cannot. well, i don't trust automated systems for anything that a human can do better, but in this field less than in others.

Also, for the people who are suggesting CAPTCHAs: obviously. We have that. Have had it for a long time...

as i remember, i was asked a captcha on joining the site, but not on posting the first time. although i suppose, if whoever manages the spambots can write (or have a bot recognize) a captcha on joining, he can do so on further posts.

Edited by king of nowhere
Link to comment
Share on other sites

I would not want a system automatically banning on using certain words, because there are many innocent ways to use them. for example, shall we ban "vashikaran", as it is used only in spambots? well, someone is going to post "hey guys, remember when we had the spam from that vashikaran black magic?" and be banned for it. I don't know any way to make such a system foolproof. furthermore, many spambots will write with grammar errors to go through most censorship systems.

For the same reason I don't like automated word censors to filter out dirty talk. I remember a time when some people argued because some considered a certain term insulting and others did not, and here i wanted to talk  about how the meaning of words change with time so words that were insulting are not anymore and viceversa, but it was practically impossibile with the automatic censor.

And on italian forums there are even funnier instances. the war of Troy, in italian the city name is Troia, except that troia is also an insult (google translate it if you are intersted in the translation, i cannot write it here because it would be deleted), so you can't make references to the iliad without the censor stopping you from posting.

I definitely do not trust automated systems telling people what they can write and what they cannot. well, i don't trust automated systems for anything that a human can do better, but in this field less than in others.

as i remember, i was asked a captcha on joining the site, but not on posting the first time. although i suppose, if whoever manages the spambots can write (or have a bot recognize) a captcha on joining, he can do so on further posts.

I'm just saying those posts have an excessive amount of symbols and I want a way to have that excessive amount to be automatically hidden, if not banned. It's frankly insane that such abilities don't exist.  

 

Can you ban IP addresses or Just accounts?

Both but they don't do anything against these bots. We obviously ban both.

Link to comment
Share on other sites

Can you ban IP addresses or Just accounts?

Proxies exist.

Ehh if you remove BBCode nothing good will come out of it though? Like BBCode is the easiest coding language I've ever used, if it can be called a "language," and the forums here already have a wysiwyg editor on the desktop so I don't really see an issue. Honestly, I hate visual editors with my heart and soul, and its so much easier if you get nitty gritty with the code instead.

In any case, I do like the idea that new members can't post a new topic, but it does seem unfair to new members to do that.

Chaos, you could try to add your own coding into the site that allows that, if your editor allows for full css/html code control. I myself am unsure how but I think someone's probably done it before.

Edited by LarkoftheRiver
Link to comment
Share on other sites

Proxies exist.

Ehh if you remove BBCode nothing good will come out of it though? Like BBCode is the easiest coding language I've ever used, if it can be called a "language," and the forums here already have a wysiwyg editor on the desktop so I don't really see an issue. Honestly, I hate visual editors with my heart and soul, and its so much easier if you get nitty gritty with the code instead.

In any case, I do like the idea that new members can't post a new topic, but it does seem unfair to new members to do that.

Chaos, you could try to add your own coding into the site that allows that, if your editor allows for full css/html code control. I myself am unsure how but I think someone's probably done it before.

Agreed, I like BBCode a lot. I never use the current visual editor.

The editors do have HTML support, including in the new one, but it's a security risk to have people put arbitrary HTML, so this won't be a feature members can have access to, unfortunately.

Link to comment
Share on other sites

Here's the thing: the spammers are no longer just bots. A lot of them go through the verification process, which means it's a real person. If we put such steps in place, they would still get through.

We had one who was rather clever. They would make posts (not just topics) that were generic, but almost fit the topic at hand. Then, one of the characters (I remember one being a period) would be a link to their website.

Sadly, the best option truly is just to hit the report button and have one of us do a ban.

Link to comment
Share on other sites

Here's the thing: the spammers are no longer just bots. A lot of them go through the verification process, which means it's a real person. If we put such steps in place, they would still get through.

We had one who was rather clever. They would make posts (not just topics) that were generic, but almost fit the topic at hand. Then, one of the characters (I remember one being a period) would be a link to their website.

Sadly, the best option truly is just to hit the report button and have one of us do a ban.

Rose, Chaos and all other moderators, you have been associated with this wonderful website way longer than me and I completely trust your judgement on this matter. I know stopping new members from making new topics would hardly deter a determined spammer. The best it would do is cause a temporary decline and after that it would be business as usual for spambots. Therefore count on me to hit the report button regularly. :)

Link to comment
Share on other sites

Here's the thing: the spammers are no longer just bots. A lot of them go through the verification process, which means it's a real person. If we put such steps in place, they would still get through.

We had one who was rather clever. They would make posts (not just topics) that were generic, but almost fit the topic at hand. Then, one of the characters (I remember one being a period) would be a link to their website.

Sadly, the best option truly is just to hit the report button and have one of us do a ban.

So I should stop distributing mallets and spikes whenever I see the word Vashikaraan pop up?

Link to comment
Share on other sites

And not much value would be lost :P

point taken :)

 

So I should stop distributing mallets and spikes whenever I see the word Vashikaraan pop up?

 

hemalurgic love potion. it will steal your heart!

 

now i'm wondering if you could make someone love you by hemalurgy. i don't know, spike out yoour own love for yourself and give it to the desired person, so that person will love you like you loved yourself, but you accidentally become a self-loathing emo in the process...

Link to comment
Share on other sites

Wordpress blogs have a plugin called Akismet that compares every new comment to a database of spam posts, hides detected spam and offers the admins an option to unhide comments in rare cases of false positives. You might be interested by its Invision version (which I haven't tried): https://community.invisionpower.com/files/file/3424-akismet-for-ipboard-10-beta-1/

Link to comment
Share on other sites

That's a good idea. If someone's post gets blocked, they should receive a message explaining why they were blocked and told to reword their post. This way at least if there is a false positive, they can make an informed repost. If there is a simple and automated method of more efficiently blocking the spambots, I'm all for it.

 

This issue is like all security related issues. You want to provide access to people with minimal inconvenience while at the same time blocking unauthorized access. For example, one extreme would be to require a rolling passcode that must be entered along with the users regular password for every post, or requiring every post to be verified by an administrator. That would likely stop all spambots, but that would be such a burden to users that hardly anyone would bother posting to the forums. The other extreme is allowing anybody to just post anonymously at any time, allowing spam galore.

 

I'm just happy we have active mods who clean up shop every now and then, I'm not sure how feasible some of these suggestions are and some like requiring validation from existing members while effective might also make the site seem a bit scarier and exclusive to prospective new sharders

 

Considering the damage done by unauthorized access (which in this case is simply inconvenience/annoyance) the security requirements are adjusted accordingly. While it's somewhat of a judgement call, the way things are right now are reasonable. Our admins delete spam fairly quickly and I doubt anybody actually buys in to what the spamers are selling.

 

Here's the thing: the spammers are no longer just bots. A lot of them go through the verification process, which means it's a real person. If we put such steps in place, they would still get through.

We had one who was rather clever. They would make posts (not just topics) that were generic, but almost fit the topic at hand. Then, one of the characters (I remember one being a period) would be a link to their website.

Sadly, the best option truly is just to hit the report button and have one of us do a ban.

 

This works.

Link to comment
Share on other sites

Wordpress blogs have a plugin called Akismet that compares every new comment to a database of spam posts, hides detected spam and offers the admins an option to unhide comments in rare cases of false positives. You might be interested by its Invision version (which I haven't tried): https://community.invisionpower.com/files/file/3424-akismet-for-ipboard-10-beta-1/

I've seen that plugin. It doesn't work for this version of IPB, much less the new one.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...