I've ditched the Mollom spam filtering module that we were experimenting with. While it did block some spam over and above the bots we catch with reCapctha (used on account signups) we had users getting false positives and being blocked from posting. Unfortunately, Mollom is a closed-loop service with no ability to train it when it's wrong, which makes it pretty useless for our purposes. It's far better to let a few spammers through and have us mods deal with it than to block legitimate content without any way of fixing the situation. Add to that the fact that the free version only allows 100 posts a day and we're right at the limit, meaning we'd have to pay nearly $600 a year for the service.
New: Wise Force Deleter (Apr 25, 2024), Platform 29.5 (Apr 24, 2024)
1,000+ portable packages, 1.1 billion downloads
Please donate today
Visit the Community page
Join our forums
Subscribe to our email newsletter
Subscribe with RSS
Follow us on Facebook
Follow us on LinkedIn
Follow us on Twitter
Follow us on Mastodon
Follow us on BlueSky
I know it isn't your place to explain it but since you've had exposure to it maybe you have some insight: Can you explain to me how a business expects to thrive by essentially ignoring its customers? I can't fathom their mentality, it would be like McAfee (or pick your fav anti-virus company) saying that they weren't taking virus analyses from users any more. The mind boggles!
Who would mollom's intended target audience be? Huge corporations that don't care about one or two of the "little guys" that get upset because their posts don't get through?
I appreciate I'm preaching to the choir, just curious as to thoughts.
Not accepting feedback or any kind of training data is a bad decision. It would be surprising if Mollom goes under unless they implement a way to curb false positives. Are there any other promising anti-spam services out there?
Vintage!
I'm sorry to hear that, in your experience, your experimentation with Mollom didn't go well. If you're willing to give it another shot, and let us know in detail what problems you may be experiencing, we'll be happy to try to work through any rough spots in your installation that you may have.
As one of the Mollom folks who directly work the support queue there, I took a look at the statistics for your site, I see that it was active on your site for about five days, during which the vast majority of comments it processed were "ham" (good comments). You should be congratulated for having that high of a signal to noise ratio.
You mention in your email that Mollom is "closed loop" and does not learn from its mistakes; according to our most recent statistics on mollom.com/scorecard, our average efficiency is 99.94% (in other words, only 6 in 10,000 spam messages were not caught). Mollom has caught 261,149,474 spam messages since it started processing spam worldwide. It certainly isn't a closed loop service, however, as all site administrators have the ability to report an incorrectly classified spam message back to Mollom, which helps it detect new trends and "learn" from that experience.
As far as blocking users, only very seldom does Mollom absolutely block someone, and then the block is much more likely to be related to a user's ip address, and only then when Mollom may have detected spam content from across all of the Mollom sites tied to that address. In general, except in that situation, the most severe action it should take is simply request a posting user to answer a CAPTCHA challenge if, after analyzing the content, the content resembles something Mollom classifies as spam. Over your trial, it appears that Mollom considered only 37 messages as potential spam.
As far as the 100 posts per day, Mollom Free does have a 100 per day "limit" on correct CAPTCHA challenges, which is sufficient for a huge majority of our users. That limit is a "soft" one, though, and we know that many sites will exceed that on occasion, especially when experiencing a traffic surge. I do see that in two of the five days Mollom tracked your site, you slightly exceeded the 100 correct CAPTCHA limitation. As you know, we didn't block or restrict your Mollom access at that point, though you may have received an automated email. When this happens, we usuually assume it's a temporary thing; if your site exceeds the 100 correct CAPTCHA limit over a length of time, we may indeed suggest that you upgrade your plan to make sure you have access to our paid subscriber backend network, which provides additional performance benefits for active sites (such as yours).
In regard to the price of a Mollom Plus plan, you mentioned a cost of nearly $600 per year. At current exchange rates, 30 euros per month works out to about $468/year if you were to upgrade. Mollom Plus allows 1000 legitimate CAPTCHA responses per day, significantly more than Mollom Free's 100 legitimate response per day limitation.
I hope you reconsider trying Mollom for a longer period of time, and if you do so and I can help, please contact the Mollom support queue at http://mollom.com/support.
Thanks!
Hi Keith and thanks for the post. We have a high signal to noise ratio as we require accounts with an associated valid email address for posts and use reCaptcha on account signups. That alone kills off most forum spam. We were left with a handful of manual spam messages here and there (handful a day) with an occasional power-spammer posting 20 or so messages in a short period of time. We have several moderators and the spam is usually deleted and the user banned within about 15 or 30 minutes.
We first tried http:bl as a backup, which blocks compromised PCs sending email and comment spam. Unfortunately, we immediately had at least one longtime user blocked because he was on a blacklisted shared IP address.
So, on the advice of one of our admins using Mollom on his own forum site, I thought we'd try it here. Again, we had one longtime user try to make a a post several times but have it be outright blocked (not greylisted with captcha backup, blocked) due to him posting a couple links to imageshack to show screenshots of a problem he'd encountered. There was no way for him to request a review nor any way for us to review the message and tell Mollom it was not spam. That's basically a closed system in my mind since we have no way to tell Mollom it was wrong, so we wind up with legitimate posts blocked and the whole process entirely out of our control.
Unless I'm missing something, that seems like a pretty big oversight. And it's a dealbreaker for us. We'd rather deal with a couple spam messages a day than have legitimate posts blocked. We need users to be able to post bug reports.
Sometimes, the impossible can become possible, if you're awesome!
Sure. I understand completely, and the situation you described with your legitimate user using a blacklisted IP is an all-to-common situation, not just with Mollom, but with many other services as well.
We have discussed, internally, various ways we could allow site administrators to "clear" or "vouch for" a user posting from an IP from where bad things have happened in the past, but we have to be careful to provide that functionality in a way that doesn't give actual spammers a means to manipulate Mollom's database in a way that works to their own advantage. The Internet being full of smart people, most any mechanism you put in place to adjust reputations like this are likely to eventually be abused by spammers in some form or fashion. That being said, we've discussed at least two avenues in the last day or so as a way to provide this functionality.
But, in terms of your particular site, if you'd be willing to work with us to help resolve your situation, we'd need some Mollom session IDs that are stored in the Drupal watchdog log (or, at least, are stored there by recent Mollom clients in the 6.x branch). If you could open a ticket by sending a note (category "Support") at mollom.com/contact we could explore those session IDs and see what we can determine about your particular situation. I'd rather not follow up here on the specifics of tracking down your blocked user, as it will likely involve session ids and Mollom public/private keys, and its much better to handle those in our support queue rather than here in the open.
Thanks so much for the response, and please know that we certainly recognize the frustration in the situation you describe. Providing a general purpose solution to that problem that doesn't open an attack vector is very high on our list of "to do"s right now.
--ks
The user was blocked based on content, not IP. Specifically, he just couldn't post imageshack URLs: https://portableapps.com/node/24376#comment-155047
With the URL: blocked, no Captcha. Without the URL: works as usual.
I'm not sure if we can really assist in fixing the issues. As 2 longtime users and contributors were experiencing blocking issues, we can't risk re-enabling Mollom again. I re-enabled it for about 10 minutes today just to ensure that there was no report available in the Mollom Statistics with links to specific messages before posting my response to you.
As Mollom blocked 37 spam attempts and at least two of those were false positives, the false positive rate is just too high for us to re-enable it at this time. If there were a way for us to simply monitor things and use Mollom without it actually blocking anything, we'd consider it, but there does not appear to be. As you said, our signal to noise ratio is very high (owing to our use of reCaptcha on signups and working email addresses being required). Other sites with anonymous posting abilities would have a different view on it.
Sometimes, the impossible can become possible, if you're awesome!
I've been e-mailing with Mr. Smith, and he mentioned he may need some things from you, such as session IDs, in order to figure out what happened. I'm willing to give him any information about my account he needs to resolve the problem; could you please send him that kind of stuff? (I've already sent all the relevant info I have access to)
Thanks!
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
Like Keith already mentioned, we actively discussed this very topic internally at Mollom just recently, and we are working on closely related changes in functionality on the Mollom servers and feature enhancements for the Mollom module for Drupal already.
More precisely, we want to do the following changes:
- Allow to perform alternative actions on posts identified as spam (instead of immediately blocking).
- A "dry-run" operation mode, basically as you suggest here.
Just to mention two of the planned improvements that are pretty concrete already. This overall issue is very important for us. We would love to get your feedback on these upcoming changes.
First, I want to say that I appreciate the time & energy that has gone into making Mollom. I also appreciate you joining PortableApps just to provide support for Mollom; it's always nice to see companies actively providing tech support.
Unfortunately, my experience with Mollom was nothing short of awful. Despite the fact that I'm a longtime member here, and a fairly active member, Mollom ate every post I attempted to make. I wasn't offered a CAPTCHA or any other way to get my post through; Mollom simply said "Your post has triggered the spam filter and will not be accepted."
My posts contained no links & very little/no special formatting, so it shouldn't have triggered any filter of any kind.
I attempted to post a topic asking what was going on with the spam filter, but that too was eaten. At this point, I was looking at a de facto ban: I couldn't post a darn thing.
Finally, in sheer frustration, I hopped on IRC and spoke with Chris Morgan, one of the PortableApps admins, who tried to unblock me but was unable to. He suggested I contact Mollom, which I attempted to do using the Contact link on the Mollom site; surprise, surprise, I couldn't even do that because, once again, Mollom's spam filter blocked me. (You can read the IRC log here; the conversation starts at 04:41:44 and ends at 05:31:01)
Despite the fact that I have a solid reputation on several different sites, it occurred to me that my e-mail address or IP could be linked to a spambot. I used a spambot-checking tool to see if my username, e-mail address, or IP was linked to a spambot. Everything came up clean.
Shortly thereafter, Chris Morgan contacted Mollom for me, but my de facto ban continued for another 3 days, until John Haller finally pulled down Mollom. Although it's been 5 days since I complained, I know I'm still on Mollom's blacklist, because I attempted to comment on an article at Gizmo's Freeware and was blocked there too. I had to log out and use a different username in order to post my comment; thank goodness Gizmo's allows guest posting or I would have remained blocked.
During this frustrating session, I learned several things which lead to a very unpleasant conclusion.
Fact #1: When I attempted to contact Mollom and was blocked, I tried changing the e-mail address I provided. Mollom continued to block me.
Fact #2: When I tried to post at Gizmo's Freeware, my IP address didn't change between the time of my first attempt (while I was logged in) and the time of my second attempt (while I was not logged in)
Fact #3: I was not required to provide an e-mail address to guest post at Gizmo's Freeware.
Fact #4: I used an alias for my successful guest posting at Gizmo's Freeware.
Conclusion: Mollom didn't block me based on my e-mail address (from Fact #1) or IP (from Fact #2). It's apparently blocking me based on my username, which is highly unreasonable.
I know some people may be suspicious of me because of my hacker username, but I have created a solid reputation across several sites with this username and there is no longer a reason to suspect me of anything at all.
As a software developer, I know things like this happen. No big deal; the bugs get fixed and life goes on as usual.
I would like to make a couple of suggestions to help avoid problems like this in the future, especially since users who are totally blocked will often leave the site for good (which is something we all want to avoid).
First, Mollom shouldn't be blocking the Mollom contact form. If it absolutely has to be there, at least give us a totally unblocked "Report false positive" link so that we can report problems like this.
Second, Mollom shouldn't be blocking users right off the bat. I never even got a glimpse of a CAPTCHA; Mollom just blocked everything I tried to post. At the very least, give users a chance to input a CAPTCHA to prove they're human and legit.
Third, if Mollom does block a user, the user should be given some instructions for getting his reputation cleared. Right now, users have to figure out the problem themselves, which is a difficult thing to do because the block message doesn't even mention Mollom.
Fourth, website admins should have the ability to clear a user's reputation. IMHO, it's totally ridiculous that even an admin can't unblock a user; the admins are supposed to be in charge of the website, but Mollom doesn't seem to recognize that. (Allowing admins to clear a user's reputation would probably be good for the Mollom team, as well, since they wouldn't have to spend time unblocking legit users)
Fifth, I would appreciate it if I could have my reputation cleared. As of yesterday, I was still on the Mollom blacklist; while that's no longer a problem here, it's a definite problem elsewhere.
Thanks again for taking the time to come here, and thanks for reading my wall of text. I'm sorry about the length of the post, but somebody's got to say something so this won't happen again.
Have a good day!
computerfreaker
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
I can understand from your post that you're very unhappy about this, and frankly, if it had happened to me I would be equally upset. I can't do much about what happened in the past, but I'll commit to do the following things:
1) if you'll help, continue a dialog with you and the site admins here to determine why this happened, namely
was it some fluke occurrence (it doesn't appear to be so), (b) was it tied to an ip address, and if so why, and (c) was it tied to some word, content, or username as you suggest, so that we can make sure that Mollom's text classifiers are trained appropriately.
2) make sure that everyone in Mollom reads this message thread so they can get a sense of exactly how frustrated this made you.
3) after 1 and 2, figure out what changes we need to make to address your situation specifically, or if we find out it wasn't a one-off sort of thing, address it more generally.
Believe me -- it must be incredibly annoying to have a problem and not even be able to post a problem report because of being "blocked" for some reason.
My email address is keith.smith [at] mollom.com. At your convenience, if you could forward me some additional information about the experiences you describe above, including, if possible, the IP addresses you were using at the time, the rest of the Mollom team and I will do our best to provide you and explanation and help solve this issue.
Thanks for helping bring this situation to our attention.
Thank you for your commitments!
I will be more than happy to cooperate to the extent of my abilities so we can get the problem fixed as soon as possible. I'll send you an e-mail immediately, with as much information as possible.
I can't speak for John or any of the other PortableApps users in this matter, but I would be happy to give Mollom another chance once the problem is resolved.
Cheers!
computerfreaker
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
You spammer! }:-)
But seriously, maybe someone in another forum complained to have you blocked. Have you made any enemies?
From the website:
http://mollom.com/how-mollom-works
One of Mollom's key features is that all participating sites can report comment spam that slipped through the cracks. Mollom combines and correlates this information and learns from it to help prevent future abuse.
Question for keith.smith: Briefly, is there a threshold of complaint before a human user is flagged, or could one malicious user easily poison accounts across domains?
Hey, you might want to be careful who you call a spammer. According to the site rules, if you get me banned, you have to take over my apps! ALL of them!
}:)
Seriously, I'm not sure what the issue was unless my username was construed as "offensive". Services like Yahoo Mail have done that to me before.
As far as I know, I don't have any enemies anywhere. My comments are usually non-controversial, and I'm often the one who attempts to end flame wars.
I have been involved in a couple of minor incidents, but those were over 6 months ago and I doubt anybody other than me even remembers them anymore. I also doubt the person I was arguing with would have complained just to get me blocked, especially since we've had a peaceful relationship since.
That is an interesting idea, though, which leads me to a question: is there a way to see if somebody complained about me and, if someone did, who complained about me?
"The question I would like to know, is the Ultimate Question of Life, the Universe and Everything. All we know about it is that the Answer is Forty-two, which is a little aggravating."
No, I doubt that another users' feedback contributed to your banning (but that is an interesting idea
).
What I think that FAQ means (and I probably did a poor job writing it at the time), is that Mollom "combines and correlates" the information we derive from a site administrator using the "report this as spam" feature to learn that the message marked as such was spam, even though Mollom didn't think so at the time.
As far as I know, administrators at other sites marking your posts as spam after the fact wouldn't have much impact on your user account reputation, though it could conceivably have an impact on the reputation of the posting ip address if lots of people were reporting trouble with posts from the same ip.
Without the Mollom session ids logged in this site's Drupal log, it is a bit difficult to find out what happened here. Once the site administrator finds those and forwards those to us privately, we can reconstruct what about the post or comment offended Mollom's sensibilities.
And yes, it would take many such reports to negatively impact even an IP address, and that negative reputation should decline back to normal over time, especially if the poster continues to post ham (non-spam) content.
So, the exact cause is still a mystery until we get some of the Mollom log information.
Seems to me that a simple solution would have been for John to be able to pull up the X number of most active posters, and whitelist them -- disable Mollom entirely for them. Their posts don't get checked at all.
Of course, if forum admins could do this, Mollom wouldn't be able to sell premium memberships, if number of posts per day checked is the line.
Also, if Drupal were capable of having tiered membership levels, it would be easier to just put the top Y% of users in a group that can post freely, and everybody else in a group that requires moderator review to post, or something like that.
As for ImageShack, if Mollom has such a problem with it, why not take the URL, download the image, scan it to make sure it's not a script posing as a JPEG, and then re-host it, either back on ImageShack, or on another host, and replace the URL with the new one. Also perhaps the image can be machine analyzed so it's not obscene.
Last I heard, image analysis is crude at best. Any time you send a computer to do a human's job you're bound to run into problems. I don't think we're quite ready to hand over PortableApps to Skynet just yet.
Using "Top posters" is an interesting idea though. In addition, it'd be nice if you could report spam, and if a particular post was reported enough, it was automatically hidden until it received mod approval (or not).
I don't know what the state was half a year ago, but currently it's possible for certain groups of Drupal users to allow them to bypass the Mollom protection. That way one could make a group of trusted users and allow them to post without having to pass Mollom's checks.
I run a small website, with only a few comments every now and then, but that doesn't stop Mollom from stopping around 1000 spam messages per day. I haven't had any complaints from users (most of whom can reach me in person) so far, so I'll just assume they don't have any problems.
The problem is with users who were not on said list. And, as we have 125,000 users, we can't really manually go adding people to lists and then worry about new users being blocked with no recourse.
This is an old topic and Mollom was pretty useless to us at the time functionality-wise. I can see how it would be useful to a smaller site where you can manage all the users manually. I've no idea if things have changed since then, nor do we really have need of it at the moment.
Sometimes, the impossible can become possible, if you're awesome!
Why not have an additional question on a secondary page, with a few optional survey questions?
Captcha can never be too difficult but it should not be open slather either.
I cannot seem to edit my forum topics or make any changes. Sometimes a captcha appears for me to check that "I am not a Robot," which I can click on and check. Unfortunately, previewing or saving does not work; I just receive a message as such: "Your submission has triggered the spam filter and will not be accepted. If you feel this is in error, please report that you are blocked." Occasionally the message will be different. The majority of the time there is no captcha at all. I've reported the problem to Mollom.
Which browser do you use?
And do you allow cookies in your browser?
I think it's a problem due to your browser or something, because I've never been blocked before...
I love PortableApps! ❤❤❤
I'd wager it's because you posted that thread with over a dozen links. That many links in a single forum post is nearly always spam (we used to see a ton of spam with lots of links). That's probably what set Mollom off initially and flagged your IP. That's probably the post you're having trouble editing.
Sometimes, the impossible can become possible, if you're awesome!