Author Topic: Forum Spammers  (Read 10879 times)

Infinity

  • Global Moderator
  • Hero Member
  • ****
  • Posts: 11175
    • View Profile
Re: Forum Spammers
« Reply #30 on: October 15, 2010, 09:43:42 am »
Hi Arfon. Thanks that may deter some of the bots. So it is worth a try. ;)

Geoff

  • Hero Member
  • *****
  • Posts: 11892
  • The history of astronomy is a history of receding horizons. - Hubble.
    • View Profile
Re: Forum Spammers
« Reply #31 on: October 15, 2010, 11:02:23 am »
The number of members was 327001 at 8:30 this morning. There are now 327209 at 12:00, so about 200 new users in 3 1/2 hours. Wonder how many were generated by the spambot?
  Sometimes I think we're alone. Sometimes I think we're not. In either case, the prospect is staggering!- Arthur C. Clarke

zookeeperChris

  • Admin
  • Hero Member
  • *****
  • Posts: 723
    • View Profile
Re: Forum Spammers
« Reply #32 on: October 15, 2010, 12:33:17 pm »
We're busy with Old Weather too, so it's probably a mixture of the two. We'll go back and strip out spam accounts once we've closed the door. Thanks for your patience.

Chris

EigenState

  • OotD posters
  • Hero Member
  • *****
  • Posts: 1334
    • View Profile
Re: Forum Spammers
« Reply #33 on: January 15, 2011, 02:54:25 am »
Greetings,

It has been three months now, and the infestation remains.  I do not need my breasts enlarged, nor coupons from WalMart, etc, etc, ad nausium.

With all due respect, have mercy on us!  There is simply no excuse for allowing this to continue.

Best regards,
ES

Alice

  • Global Moderator
  • Hero Member
  • ****
  • Posts: 31782
    • View Profile
Re: Forum Spammers
« Reply #34 on: January 15, 2011, 08:53:19 am »
We're doing our best and waste a lot of many days banning them; but we can't actually prevent people from registering. If they actually send you any messages or post adverts, please report them immediately!

EigenState

  • OotD posters
  • Hero Member
  • *****
  • Posts: 1334
    • View Profile
Re: Forum Spammers
« Reply #35 on: January 15, 2011, 02:49:42 pm »
Greetings Alice,

We're doing our best and waste a lot of many days banning them; but we can't actually prevent people from registering. If they actually send you any messages or post adverts, please report them immediately!

I do understand your dilemma.  But there are indeed very effective ways to prevent registrations of this kind, especially if they are via bots which is rather likely the case.

Best regards,
ES 

Alice

  • Global Moderator
  • Hero Member
  • ****
  • Posts: 31782
    • View Profile
Re: Forum Spammers
« Reply #36 on: January 15, 2011, 02:51:55 pm »
Sadly the zookeepers report that they're real people! :(


Furiat

  • Newbie
  • *
  • Posts: 21
    • View Profile
Re: Forum Spammers
« Reply #38 on: January 16, 2011, 09:59:43 pm »
1. ReCaptcha should stop spammers altogether. Also you might want to have a custom captcha system, which involves galaxies :P and clicking the correct part of an image (i've seen that one on a silly thing called "Neopets" waaayyy back).
2. mail.ru is a common e-mail domain for spambots. I don't know if you are capable of blacklisting all mail.ru addresses (because of the global and welcoming nature of the zoo), but if you are that's worth at least 30% of the spambots.
3. IP address bans are worthless. I've developed a custom method of "browser contamination" with highly contagious characteristics, but when used on real users it might occasionally pull up false-positives. It's really a simple bit with easy override, but you have to know where to look to get past it. If you're interested - drop me a PM.
4. Custom restrictions on new accounts are also a very solid method.

Overall this discussion tended towards a theory, that "spammers measure their success rates". I think that it's utterly wrong. Spammers target forum engines and simply attack anywhere that a particular forum engine has been detected. Customizing some form fields, forms in general, page addresses, queries etc. that are essential to registration, login and profile modification is worth a try. I think the best would be combining captcha with a randomized rename of form fields that are deemed critical. Randomized in a sense, that they are re-generated every (relatively small) time period - such as 2-3 hours. That way you should be 98% spam-safe and only vulnerable when a real human starts spamming.

EDIT:
I also thought that form labels should be customized as well for the sake of more complex spambots. I'd use css + "DOM spaghetti" to get the job done. It would of course increase the load on critical forms by a factor, but not a large one. If anyone would get past that whole mess - that is a bot that cannot be stopped with normal methods and we should abandon hope and go for manual bans. Or "browser contamination"...
« Last Edit: January 16, 2011, 10:11:21 pm by Furiat »

Alice

  • Global Moderator
  • Hero Member
  • ****
  • Posts: 31782
    • View Profile
Re: Forum Spammers
« Reply #39 on: January 16, 2011, 10:01:53 pm »
Hi folks, I'll point Arfon to this discussion - however he is a tad distracted at the moment - the size of his family just increased by 1 late last night! ;D ;D ;D ;D ;D ;D ;D

I love the idea of having to correctly classify a galaxy before appearing on the forum . . . :D

EigenState

  • OotD posters
  • Hero Member
  • *****
  • Posts: 1334
    • View Profile
Re: Forum Spammers
« Reply #40 on: January 16, 2011, 10:12:31 pm »
Greetings,

Captcha was suggested long ago.  It is easy and effective when dealing with bots, and not really intrusive to legitimate users. 

The problem here is that this forum has clearly been defined as a soft target for the spammers, be they bots or actual individuals.  The question becomes when do they begin to constitute a more serious threat to the forum users than just being a nuisance?

And while I fully support the concept of making registration open and facile, this is getting to be rather much.

Best regards,
ES

Furiat

  • Newbie
  • *
  • Posts: 21
    • View Profile
Re: Forum Spammers
« Reply #41 on: January 16, 2011, 10:23:47 pm »
ES:
That's why I suggested some complex, custom methods that impede automatic processing while leaving no directly visible trace for the human user. If captcha is not an option - there are more than one ways to make it really hard on spambots.

Alice:
Yes - that would definitely be an awesome idea, but there's always a likely chance that a pure classification check would be easy to pass by random selection. I would say that "click the galaxy on this picture" or something alike would be better.

EigenState

  • OotD posters
  • Hero Member
  • *****
  • Posts: 1334
    • View Profile
Re: Forum Spammers
« Reply #42 on: January 16, 2011, 10:37:14 pm »
Greetings,

Captcha was suggested, but I have no idea of whether it was even considered for use let alone tried.  While it is a bit intrusive, it really is not all that bad.

Any mechanism implemented to preclude bots requires that a registrant read and respond to a dynamic variable.  Identifying a galaxy suffers from two obvious problems.  Does the identification need to be correct?  If not there is not point to it.  Also, what do you do with a legitimate user who makes a classification error?  Surely you do not want to block such people.

The correct classification can be achieved via repetitive trial and error methods.  Too easy.

The real question that needs to be addressed here is whether or not management feels this problem is sufficient to do anything at all.

Best regards,
ES

elizabeth

  • Hero Member
  • *****
  • Posts: 33783
    • View Profile
Re: Forum Spammers
« Reply #43 on: January 17, 2011, 12:49:59 am »
Hi folks, I'll point Arfon to this discussion - however he is a tad distracted at the moment - the size of his family just increased by 1 late last night! ;D ;D ;D ;D ;D ;D ;D

I love the idea of having to correctly classify a galaxy before appearing on the forum . . . :D
;D Well Alice was it a girl or a boy. Gosh leave us in suspense over here. ::)

Alice

  • Global Moderator
  • Hero Member
  • ****
  • Posts: 31782
    • View Profile
Re: Forum Spammers
« Reply #44 on: January 17, 2011, 10:22:08 am »
I do hope you don't mind, Arfon. For those wondering, he tweeted about it . . . ;D ;D

Anyway, I'm sure you'll all forgive him if he's away for a while! We can ignore the spammers for a few more days, surely? :)