Home › Forums › Site Feedback › spambots
- This topic has 20 replies, 13 voices, and was last updated 16 years, 9 months ago by Anonymous.
-
AuthorPosts
-
-
08/07/2007 at 4:19 am #6113AnonymousInactive
I signed up to another forum before where they had you answer a question to register. Like what shape is the world? (sphere, line, box) ..or what is 4 plus 4 for example.
Might be the way to go?
-
08/07/2007 at 7:51 am #37598AnonymousInactive
There already is one of those question things, we turned it on when it got really bad a few months ago. The next step is to turn on moderator approval, which has been discussed briefly, but really isnt our preferred option :(
Dave
-
08/07/2007 at 1:34 pm #37600AnonymousInactive
By moderator approval do you mean approving new members, Dave? I can’t see how that would work as it’s impossible to tell if a member is genuine or not. What I wouldn’t mind so much is to have the first X number of posts to be approved by a moderator. Say the first 2 or 3. Another forum I used to regular has used this system very effectively.
-
08/07/2007 at 2:09 pm #37602AnonymousInactive
Most of the time its fairly easy to spot the spam bots from the real problem – the problem is the delay in allowing people to post their first post. Spam bots sign up for a reason – either to post threads or to have a profile that links to a particular site to abuse the google page rank algorithm. If they dont have the dodgy links, its generally possible to guess with 90+% accuracy whether they are real using the username, email address etc – someone registering from an @eircom.net Email address is far more likely to be real than someone with a @no-ip.org.ru for example. I am open to all ideas though, so keep em coming and I’ll get around to something in the next while (Aphra has been on my case about allowing her update the courses, and it sounded like I was going to get disowned if that didnt get completed soon on friday :) )
Dave
-
08/07/2007 at 9:50 pm #37603AnonymousInactive
I signed up to another forum before where they had you answer a question to register. Like what shape is the world? (sphere, line, box) ..or what is 4 plus 4 for example.
Might be the way to go?
[/quote:51d2ef125d]Or, requiring people to enter a randomly generated word or alphanumeric sequence, similar to the registration process, when posting in the forums?
But I guess if there are bots able to pass those Turing (can’t remember the proper term, but it’s what those random warped letters in an image are) test yokes in registration, it may only be a temporary measure.
-
08/07/2007 at 9:55 pm #37604AnonymousInactive
Judging from one of the posts one of these bots posted over the weekend…preventing posting images in posts might be worth thinking about. Links to porn sites are one thing, images in posts are another…
-
09/07/2007 at 9:28 am #37605AnonymousInactive
But I guess if there are bots able to pass those Turing (can’t remember the proper term, but it’s what those random warped letters in an image are) test yokes in registration, it may only be a temporary measure.[/quote:bcdb440335]think they’re called ‘captchas’
-
09/07/2007 at 10:17 am #37607AnonymousInactive
Captchas are already enabled, there’s a possibility that the bots are using an exploit in PHPBB to get in a different way to usual
-
09/07/2007 at 4:57 pm #37622AnonymousInactive
it is possible that the bot is using human computation to solve the Captchas.
assuming whoever is using the bots has access to some random users who are willing to answer Captchas to get at whatever they serving.
-
15/02/2008 at 2:07 pm #40159Aphra KKeymaster
Can I ask other moderators and Dave when we delete the porn spam is there something else we can/should do in admin to prevent that particular IP posting again….We should probably all be doing the same thing?
we can discuss this off forum but if others have suggestions….feel free
Aphra.
-
15/02/2008 at 2:26 pm #40160AnonymousInactive
I signed up to another forum before where they had you answer a question to register. Like what shape is the world? (sphere, line, box) ..or what is 4 plus 4 for example.
Might be the way to go?[/quote:db90972ad6]
Another idea also might be to make the user answer a few multi-choice perceptual type questions; machines are no good at perception and understanding. You could pick a random picture from a database and ask the user to identify what that picture is by clicking on a radio button corresponding to it’s name.
Silly example: a picture of an apple is chosen. The user is asked what it is. There are say 6 possible answers and radio buttons for each one: apple, orange, lemon, pineapple, coconut, and banana, If the user selects the apple checkbox everything is ok. A few of these questions might be needed because this would be quite easy to hack, being a 1/6 chance of getting the right answer.
-
15/02/2008 at 3:21 pm #40161AnonymousInactive
I would also suggest something a bit more radical, the forum as far as I know is running PhpBB, not very secure at the best of times, and a fairly old version too, it might make sense to at least upgrade to a newer version, or change forum software to something like SMF which in my experience is less vulnerable to spam bots.
-
15/02/2008 at 4:17 pm #40162AnonymousInactive
The question system is in place and worked for a while, less so recently though. I’ve been working on a revision of the site which is still a good distance off but whose goal would be to customise some of the phpbb, meaning the automated systems (which they are) don’t understand the changes. I have a feeling that even changing some of the basic urls would change things significantly. We have changed the forum software to something different in the past, which was a heavy chunk of work to say the least (mostly on the css and design side).
The other short term solution is to require manual approval of all new profiles, though this is something that has been discussed isn’t really the way we would prefer to go.
Dave
-
19/02/2008 at 9:11 pm #40187AnonymousInactive
I’ve noticed that a lot of the spam posts are made within a couple minutes of one another. For example, you’ll get 10 posts made between 9:00 and 9:02. Perhaps you could have it so that a user can only make a new post 60 seconds after his last post? I don’t think any other user posts that fast.
I know that it’s a feature on some forums, not sure how easy it would be to implement on this forum.
-
19/02/2008 at 9:21 pm #40188AnonymousInactive
Maybe have a report/vote system?
So admins dont have to work so hard. -
19/02/2008 at 10:53 pm #40195AnonymousInactive
i used to have a phpbb forum. what I did was just have a simple custom field on the registration page… e.g "Type GameDevelopers.ie" into this box.
simple and worked. easily available from the phpbb site ;)
-
20/02/2008 at 4:50 am #40194AnonymousInactive
I’ve noticed that a lot of the spam posts are made within a couple minutes of one another. For example, you’ll get 10 posts made between 9:00 and 9:02. Perhaps you could have it so that a user can only make a new post 60 seconds after his last post? I don’t think any other user posts that fast.
I know that it’s a feature on some forums, not sure how easy it would be to implement on this forum.[/quote:f173156f31]
Surely this would be as easy as placing a timestamp alongside every forum post record in the DB and when a user attempts to post, checks the last forum post record from the DB(if it exists) and gets the difference between now and then, if this difference is < 60 seconds, don’t post. Timestamps are there already as each post has the date and time on it. Still won’t stop the original spam post though, will stop the repeated ones
-
22/02/2008 at 11:06 am #40249AnonymousInactive
Would an enforced 24 hour lurking period be any use for this issue?
-
22/02/2008 at 12:28 pm #40243AnonymousInactive
Probably…its getting a little silly at the moment
-
22/02/2008 at 12:40 pm #40242AnonymousInactive
Would an enforced 24 hour lurking period be any use for this issue?[/quote:7915ff9157]
There is an option to have moderators approve all accounts before which they cant post, this was an option that has been decided against simply on the principle that we want to get people involved and allow them post quickly. I’ve also monitors a spam bot in the process of posting, and they do wait 30 seconds between each post, this is to get around the default post limit speed for phpbb (this was actually turned off because Omen was complaining he couldn’t post fast enough :) )I’m going to give it a bit of time over the weekend and see what solutions I can come up with.
Dave
-
22/02/2008 at 12:52 pm #40241AnonymousInactive
I thought it was still on!…I’m sure I had it complaining that I reposted too quickly not to long ago.
I recant and would ask that it be turned back on…I’ve been converted to the side of patience.
Besides, no one listened to me before…
-
-
AuthorPosts
- The forum ‘Site Feedback’ is closed to new topics and replies.