Suggestion on the recent spam issue
-
- Member
- Posts: 223
- Joined: Thu Jul 05, 2007 8:58 am
Suggestion on the recent spam issue
As many here probably noticed, the forums have recently be engulfed in a rather large wave of spam. As all of the accounts used for this seem to be new accounts, I would like to suggest at least discussing the option of implementing the requirement that new users first posts need to be approved by a moderator.
I fully understand that some of the regulars here will be uncomfortable with this, especially in light of the still somewhat recent problems around moderator power abuse. However, this could, in my opinion at least, be countered by implementing a policy of only rejecting posts through this system for being blatant spam, dealing with everything else in accordance with the normal policies here.
The draw of a system such as this is that it drastically decreases the visibility of the spam, which hopefully will then decrease the influx of it, keeping the load on the moderators also reasonable. We could even return to the current policy once the spammers have moved on if we really want to.
In short, I think the potential gains are big enough that we should at least discuss this option, and whether we, as a community, find the drawbacks worth it.
I fully understand that some of the regulars here will be uncomfortable with this, especially in light of the still somewhat recent problems around moderator power abuse. However, this could, in my opinion at least, be countered by implementing a policy of only rejecting posts through this system for being blatant spam, dealing with everything else in accordance with the normal policies here.
The draw of a system such as this is that it drastically decreases the visibility of the spam, which hopefully will then decrease the influx of it, keeping the load on the moderators also reasonable. We could even return to the current policy once the spammers have moved on if we really want to.
In short, I think the potential gains are big enough that we should at least discuss this option, and whether we, as a community, find the drawbacks worth it.
Re: Suggestion on the recent spam issue
Another option would be to "up the ante" on the captcha. Right now (or rather, last time I looked) we're asking for a specific assembler instruction. There are other, more sophisticated captcha schemes out there, I just don't know about their effectiveness (web security isn't my strong suit).
Every good solution is obvious once you've found it.
Re: Suggestion on the recent spam issue
+1 for the captcha, but I would suggest to use Google ReCaptcha on both login and register pages, which is very efficient although sometimes boring (are you tired of clicking on all traffic lights? ). I guess there are extensions to add Google Recaptcha to phpBB.
I would also suggest to update both PHP and phpBB on the server. Through Wappalyzer, I have noticed that the server is running an old version of PHP which is unsupported on the latest version of phpBB. Same thing for the HTTP server!
And, last but not least, it's a bad thing that everyone can know the OS running on the server, the HTTP server and it's version, and the version of PHP,. These informations should be hidden to prevent most of attacks.
I would also suggest to update both PHP and phpBB on the server. Through Wappalyzer, I have noticed that the server is running an old version of PHP which is unsupported on the latest version of phpBB. Same thing for the HTTP server!
And, last but not least, it's a bad thing that everyone can know the OS running on the server, the HTTP server and it's version, and the version of PHP,. These informations should be hidden to prevent most of attacks.
"Open source seems to embrace the dark side of human nature." - Ville Turjanmaa
Re: Suggestion on the recent spam issue
All valid points, but all up to Chase to actually do... let's hope he reads this topic soon.
Re: Suggestion on the recent spam issue
Hi,
I agree with Solar. Although moderating the first post is a better solution, it puts a burden on the moderator's shoulders. We should first try a better captcha, that should do the trick.
So hereby I offer my help to make OSDev spam-free, free of charge.
Cheers,
bzt
I agree with Solar. Although moderating the first post is a better solution, it puts a burden on the moderator's shoulders. We should first try a better captcha, that should do the trick.
Well, it heavily depends on the implementation. I wrote a script that can automatically solve 99% of the image captchas, but there's a few that are notoriously hard. I can help with that, I can write a simple, yet sufficiently hard to solve by automation captcha in no time if you need my help. I have more than a decade experience with web security, and I'm also familiar with the forum's phpBB engine.Solar wrote:I just don't know about their effectiveness (web security isn't my strong suit).
So hereby I offer my help to make OSDev spam-free, free of charge.
Cheers,
bzt
-
- Member
- Posts: 510
- Joined: Wed Mar 09, 2011 3:55 am
Re: Suggestion on the recent spam issue
I don't know how flexible phpBB is or how the moderator interface is set up, but perhaps something like the following?
If one of a user's first N posts is reported by more than M separate users within W days of the initial posting date, it is automatically hidden and kicked into a special queue pending moderator action. If more than X% of a user's first N posts have been so reported, the user is blocked from posting until and unless a moderator intervenes. If more than Y days pass without moderator intervention, the posts are deleted entirely (unless there are existing reasons like legal CYA that all posts ever made to the forum are archived even if not visible), and if more than Z days have past from the last post of a user blocked by this mechanism, the account is automatically closed.
N and W should be low numbers (probably in the range of three to ten), so that proven-human but obnoxious or otherwise unpopular users don't get mob-justiced off of the forum.
M should be low enough that spam gets hidden quickly, but high enough to prevent existing users from abusively blocking new users, maybe also in the 3-10 range.
X should be chosen so that spammers are quickly silenced, but so that new users that legitimately need to be moderated can be set straight before they are banned. I suggest maybe 30 to 50 percent.
Y and Z should be set so that moderators have time to see and deal with false positives, but can just let threads with Cyrillic titles advertising "порн", and the users that posted them, get bit-bucketed by software when the timer runs out.
If one of a user's first N posts is reported by more than M separate users within W days of the initial posting date, it is automatically hidden and kicked into a special queue pending moderator action. If more than X% of a user's first N posts have been so reported, the user is blocked from posting until and unless a moderator intervenes. If more than Y days pass without moderator intervention, the posts are deleted entirely (unless there are existing reasons like legal CYA that all posts ever made to the forum are archived even if not visible), and if more than Z days have past from the last post of a user blocked by this mechanism, the account is automatically closed.
N and W should be low numbers (probably in the range of three to ten), so that proven-human but obnoxious or otherwise unpopular users don't get mob-justiced off of the forum.
M should be low enough that spam gets hidden quickly, but high enough to prevent existing users from abusively blocking new users, maybe also in the 3-10 range.
X should be chosen so that spammers are quickly silenced, but so that new users that legitimately need to be moderated can be set straight before they are banned. I suggest maybe 30 to 50 percent.
Y and Z should be set so that moderators have time to see and deal with false positives, but can just let threads with Cyrillic titles advertising "порн", and the users that posted them, get bit-bucketed by software when the timer runs out.
Re: Suggestion on the recent spam issue
I'm in favour of pre-moderation of all posts by new users. It doesn't seem to me that there are so many new users each day that this would be a great load on the moderators. As it is they have the load of checking and deleting all the spam - this would change that to the load of checking all new posters and OKing the few each week who are genuine. I would have thought this was less work than the suggestions of modifying the forums to automatically reduce the amount of spam, with the attendant possible problems of false positives. Surely it takes just as much time to check reported spam as to pre-moderate new posters. The disadvantage of new users' posts being delayed by a few hours would, to my mind, be far offset by the advantage of not having the forums clogged up with spam.
Perhaps a moderator could comment on the amount of work currently involved in deleting spam and the number of posts per day by genuine new users.
Perhaps a moderator could comment on the amount of work currently involved in deleting spam and the number of posts per day by genuine new users.
- Schol-R-LEA
- Member
- Posts: 1925
- Joined: Fri Oct 27, 2006 9:42 am
- Location: Athens, GA, USA
Re: Suggestion on the recent spam issue
While I can say for certain, I am guessing that this isn't a new problem at all, but rather than for some reason the majority of the mods are too otherwise occupied to deal with this with the pace and vigor we've gotten accustomed to. Life happens, so this is something that eventually becomes unavoidable on any smallish forum.
Keep in mind that for every legit post here, there are probably 100 spam posts - and that's a fairly conservative estimate, but this is a rather obscure group after all. Most larger and better-known fora have a signal-noise ratio closer to 100,000:1, but they also have more automation and more mods.
Keep in mind that for every legit post here, there are probably 100 spam posts - and that's a fairly conservative estimate, but this is a rather obscure group after all. Most larger and better-known fora have a signal-noise ratio closer to 100,000:1, but they also have more automation and more mods.
Rev. First Speaker Schol-R-LEA;2 LCF ELF JAM POEE KoR KCO PPWMTF
Ordo OS Project
Lisp programmers tend to seem very odd to outsiders, just like anyone else who has had a religious experience they can't quite explain to others.
Ordo OS Project
Lisp programmers tend to seem very odd to outsiders, just like anyone else who has had a religious experience they can't quite explain to others.
Re: Suggestion on the recent spam issue
No, it's a new problem, we've never been hit by spambots like this.Schol-R-LEA wrote:While I can say for certain, I am guessing that this isn't a new problem at all, but rather than for some reason the majority of the mods are too otherwise occupied to deal with this with the pace and vigor we've gotten accustomed to. Life happens, so this is something that eventually becomes unavoidable on any smallish forum.
Keep in mind that for every legit post here, there are probably 100 spam posts - and that's a fairly conservative estimate, but this is a rather obscure group after all. Most larger and better-known fora have a signal-noise ratio closer to 100,000:1, but they also have more automation and more mods.
Re: Suggestion on the recent spam issue
I guess temporarily closing new user registration (after kicking the current offenders) is in order until a better spambot protection is in place; the forum is getting swamped...
Every good solution is obvious once you've found it.
Re: Suggestion on the recent spam issue
Yes please. Usually by the time I find spam posts, they're being deleted, this time I got a whole couple dozen spam posts still around.
Re: Suggestion on the recent spam issue
Temporarily implementing pre-moderation for new users would be a less harsh version of that. I'm wary of anything that might discourage genuine new users.Solar wrote:I guess temporarily closing new user registration (after kicking the current offenders) is in order until a better spambot protection is in place; the forum is getting swamped...
You could even create a number of new moderators from different parts of the world who only had the ability to act on the pre-moderation queue. (I don't know if phpbbs could enforce such a setup, but any abuse of privilege could be dealt with fairly easily.)
Re: Suggestion on the recent spam issue
Right now it does not look like a forum where a genuine newcomer would WANT to register. Of course the other solutions are better; I just wanted to say that perhaps chase would be well-advised to close down the doors until better solutions are in place. To avoid the moderators getting over-saturated with spam removal, and to not scare away newcomers but put them on a hopefully short wait queue.
Every good solution is obvious once you've found it.
Re: Suggestion on the recent spam issue
Maybe just add some sort of a plugin that blocks Cyrillic and everything that contains "sexual words"?
OS: Basic OS
About: 32 Bit Monolithic Kernel Written in C++ and Assembly, Custom FAT 32 Bootloader
About: 32 Bit Monolithic Kernel Written in C++ and Assembly, Custom FAT 32 Bootloader
Re: Suggestion on the recent spam issue
Including this post of yours?Octacone wrote:Maybe just add some sort of a plugin that blocks Cyrillic and everything that contains "sexual words"?
And some language/Unicode/font-related ones too?