Suggestion on the recent spam issue

Questions, comments, and suggestions about this site should go here.
davidv1992
Member
Member
Posts: 223
Joined: Thu Jul 05, 2007 8:58 am

Suggestion on the recent spam issue

Post by davidv1992 »

As many here probably noticed, the forums have recently be engulfed in a rather large wave of spam. As all of the accounts used for this seem to be new accounts, I would like to suggest at least discussing the option of implementing the requirement that new users first posts need to be approved by a moderator.

I fully understand that some of the regulars here will be uncomfortable with this, especially in light of the still somewhat recent problems around moderator power abuse. However, this could, in my opinion at least, be countered by implementing a policy of only rejecting posts through this system for being blatant spam, dealing with everything else in accordance with the normal policies here.

The draw of a system such as this is that it drastically decreases the visibility of the spam, which hopefully will then decrease the influx of it, keeping the load on the moderators also reasonable. We could even return to the current policy once the spammers have moved on if we really want to.

In short, I think the potential gains are big enough that we should at least discuss this option, and whether we, as a community, find the drawbacks worth it.
User avatar
Solar
Member
Member
Posts: 7615
Joined: Thu Nov 16, 2006 12:01 pm
Location: Germany
Contact:

Re: Suggestion on the recent spam issue

Post by Solar »

Another option would be to "up the ante" on the captcha. Right now (or rather, last time I looked) we're asking for a specific assembler instruction. There are other, more sophisticated captcha schemes out there, I just don't know about their effectiveness (web security isn't my strong suit).
Every good solution is obvious once you've found it.
User avatar
f2
Member
Member
Posts: 311
Joined: Mon Jun 15, 2009 10:01 am
Location: France

Re: Suggestion on the recent spam issue

Post by f2 »

+1 for the captcha, but I would suggest to use Google ReCaptcha on both login and register pages, which is very efficient although sometimes boring (are you tired of clicking on all traffic lights? :P). I guess there are extensions to add Google Recaptcha to phpBB.

I would also suggest to update both PHP and phpBB on the server. Through Wappalyzer, I have noticed that the server is running an old version of PHP which is unsupported on the latest version of phpBB. Same thing for the HTTP server!

And, last but not least, it's a bad thing that everyone can know the OS running on the server, the HTTP server and it's version, and the version of PHP,. These informations should be hidden to prevent most of attacks.
"Open source seems to embrace the dark side of human nature." - Ville Turjanmaa
User avatar
Candy
Member
Member
Posts: 3882
Joined: Tue Oct 17, 2006 11:33 pm
Location: Eindhoven

Re: Suggestion on the recent spam issue

Post by Candy »

All valid points, but all up to Chase to actually do... let's hope he reads this topic soon.
User avatar
bzt
Member
Member
Posts: 1584
Joined: Thu Oct 13, 2016 4:55 pm
Contact:

Re: Suggestion on the recent spam issue

Post by bzt »

Hi,

I agree with Solar. Although moderating the first post is a better solution, it puts a burden on the moderator's shoulders. We should first try a better captcha, that should do the trick.
Solar wrote:I just don't know about their effectiveness (web security isn't my strong suit).
Well, it heavily depends on the implementation. I wrote a script that can automatically solve 99% of the image captchas, but there's a few that are notoriously hard. I can help with that, I can write a simple, yet sufficiently hard to solve by automation captcha in no time if you need my help. I have more than a decade experience with web security, and I'm also familiar with the forum's phpBB engine.

So hereby I offer my help to make OSDev spam-free, free of charge.

Cheers,
bzt
linguofreak
Member
Member
Posts: 510
Joined: Wed Mar 09, 2011 3:55 am

Re: Suggestion on the recent spam issue

Post by linguofreak »

I don't know how flexible phpBB is or how the moderator interface is set up, but perhaps something like the following?

If one of a user's first N posts is reported by more than M separate users within W days of the initial posting date, it is automatically hidden and kicked into a special queue pending moderator action. If more than X% of a user's first N posts have been so reported, the user is blocked from posting until and unless a moderator intervenes. If more than Y days pass without moderator intervention, the posts are deleted entirely (unless there are existing reasons like legal CYA that all posts ever made to the forum are archived even if not visible), and if more than Z days have past from the last post of a user blocked by this mechanism, the account is automatically closed.

N and W should be low numbers (probably in the range of three to ten), so that proven-human but obnoxious or otherwise unpopular users don't get mob-justiced off of the forum.

M should be low enough that spam gets hidden quickly, but high enough to prevent existing users from abusively blocking new users, maybe also in the 3-10 range.

X should be chosen so that spammers are quickly silenced, but so that new users that legitimately need to be moderated can be set straight before they are banned. I suggest maybe 30 to 50 percent.

Y and Z should be set so that moderators have time to see and deal with false positives, but can just let threads with Cyrillic titles advertising "порн", and the users that posted them, get bit-bucketed by software when the timer runs out.
User avatar
iansjack
Member
Member
Posts: 4700
Joined: Sat Mar 31, 2012 3:07 am
Location: Chichester, UK

Re: Suggestion on the recent spam issue

Post by iansjack »

I'm in favour of pre-moderation of all posts by new users. It doesn't seem to me that there are so many new users each day that this would be a great load on the moderators. As it is they have the load of checking and deleting all the spam - this would change that to the load of checking all new posters and OKing the few each week who are genuine. I would have thought this was less work than the suggestions of modifying the forums to automatically reduce the amount of spam, with the attendant possible problems of false positives. Surely it takes just as much time to check reported spam as to pre-moderate new posters. The disadvantage of new users' posts being delayed by a few hours would, to my mind, be far offset by the advantage of not having the forums clogged up with spam.

Perhaps a moderator could comment on the amount of work currently involved in deleting spam and the number of posts per day by genuine new users.
User avatar
Schol-R-LEA
Member
Member
Posts: 1925
Joined: Fri Oct 27, 2006 9:42 am
Location: Athens, GA, USA

Re: Suggestion on the recent spam issue

Post by Schol-R-LEA »

While I can say for certain, I am guessing that this isn't a new problem at all, but rather than for some reason the majority of the mods are too otherwise occupied to deal with this with the pace and vigor we've gotten accustomed to. Life happens, so this is something that eventually becomes unavoidable on any smallish forum.

Keep in mind that for every legit post here, there are probably 100 spam posts - and that's a fairly conservative estimate, but this is a rather obscure group after all. Most larger and better-known fora have a signal-noise ratio closer to 100,000:1, but they also have more automation and more mods.
Rev. First Speaker Schol-R-LEA;2 LCF ELF JAM POEE KoR KCO PPWMTF
Ordo OS Project
Lisp programmers tend to seem very odd to outsiders, just like anyone else who has had a religious experience they can't quite explain to others.
klange
Member
Member
Posts: 679
Joined: Wed Mar 30, 2011 12:31 am
Libera.chat IRC: klange
Discord: klange

Re: Suggestion on the recent spam issue

Post by klange »

Schol-R-LEA wrote:While I can say for certain, I am guessing that this isn't a new problem at all, but rather than for some reason the majority of the mods are too otherwise occupied to deal with this with the pace and vigor we've gotten accustomed to. Life happens, so this is something that eventually becomes unavoidable on any smallish forum.

Keep in mind that for every legit post here, there are probably 100 spam posts - and that's a fairly conservative estimate, but this is a rather obscure group after all. Most larger and better-known fora have a signal-noise ratio closer to 100,000:1, but they also have more automation and more mods.
No, it's a new problem, we've never been hit by spambots like this.
User avatar
Solar
Member
Member
Posts: 7615
Joined: Thu Nov 16, 2006 12:01 pm
Location: Germany
Contact:

Re: Suggestion on the recent spam issue

Post by Solar »

I guess temporarily closing new user registration (after kicking the current offenders) is in order until a better spambot protection is in place; the forum is getting swamped... :shock:
Every good solution is obvious once you've found it.
User avatar
Candy
Member
Member
Posts: 3882
Joined: Tue Oct 17, 2006 11:33 pm
Location: Eindhoven

Re: Suggestion on the recent spam issue

Post by Candy »

Yes please. Usually by the time I find spam posts, they're being deleted, this time I got a whole couple dozen spam posts still around.
User avatar
iansjack
Member
Member
Posts: 4700
Joined: Sat Mar 31, 2012 3:07 am
Location: Chichester, UK

Re: Suggestion on the recent spam issue

Post by iansjack »

Solar wrote:I guess temporarily closing new user registration (after kicking the current offenders) is in order until a better spambot protection is in place; the forum is getting swamped... :shock:
Temporarily implementing pre-moderation for new users would be a less harsh version of that. I'm wary of anything that might discourage genuine new users.

You could even create a number of new moderators from different parts of the world who only had the ability to act on the pre-moderation queue. (I don't know if phpbbs could enforce such a setup, but any abuse of privilege could be dealt with fairly easily.)
User avatar
Solar
Member
Member
Posts: 7615
Joined: Thu Nov 16, 2006 12:01 pm
Location: Germany
Contact:

Re: Suggestion on the recent spam issue

Post by Solar »

Right now it does not look like a forum where a genuine newcomer would WANT to register. Of course the other solutions are better; I just wanted to say that perhaps chase would be well-advised to close down the doors until better solutions are in place. To avoid the moderators getting over-saturated with spam removal, and to not scare away newcomers but put them on a hopefully short wait queue.
Every good solution is obvious once you've found it.
User avatar
Octacone
Member
Member
Posts: 1138
Joined: Fri Aug 07, 2015 6:13 am

Re: Suggestion on the recent spam issue

Post by Octacone »

Maybe just add some sort of a plugin that blocks Cyrillic and everything that contains "sexual words"?
OS: Basic OS
About: 32 Bit Monolithic Kernel Written in C++ and Assembly, Custom FAT 32 Bootloader
alexfru
Member
Member
Posts: 1111
Joined: Tue Mar 04, 2014 5:27 am

Re: Suggestion on the recent spam issue

Post by alexfru »

Octacone wrote:Maybe just add some sort of a plugin that blocks Cyrillic and everything that contains "sexual words"?
Including this post of yours? :)
And some language/Unicode/font-related ones too?
Post Reply