Anyone else notice the increase of spam around here? Like what's up, and can't we do something to make it harder to spam? Maybe don't allow users to post in the first hour after they sign up. I doubt it will happen but anyone have any good suggestions?
We got to know who is the culprit behind all these....
I Don't Know.
the Other Forums I go to there is a lot of spam lately too
I'm pretty sure there's something called an IP-ban?
The Statics Module that comes with drupal has the power to do that.
Anyone here a member of LifeHacker? If your not you sign up but when you post it's only viewable to staff members. So if you're not an idiot they okay you. If you are an idiot they either deny you or ban you depending on the circumstances. I'm sure we could EASILY implement a user acceptance team...or maybe just have the release team/mods do it.
Release Team Member
like a time limit delay on Lifehacker as well? Where your posts aren't displayed immediately, but delayed for example, like 30 minutes. The webs version of the 5 second tape delay of t.v.? Maybe a Mod could catch it during that specified delay?
that's what i was thinkin, like don't allow them to post within the first hour or something, which would force them to sit there and read/search the forums, and maybe not say something stupid
Lead, Follow, or get out of the way.
unless they're just bots set up by some spam company, in that case they would move on somewhere else.
I was thinking about posting the 1-hour no-post time, but you beat me to it I can see it working quite well actually.
(possibly also a notice on the signup page with "If you are signing up to ask for support, IRC may be a better option as you will get it quicker. https://portableapps.com/support/chat/live")
But there’s no sense crying over every mistake,
You just keep on trying till you run out of cake.
The spammers are all from "Afghanistan" and their prefered app language is Afrikaans so ban the Afghanistan :P.
"Afghanistan" is the first Location in the location chooser and "Afrikaans" is the first language in the language chooser. This could be anyone.
May the Shwartz be with you
Did you noticed the ( ).
I'd say going from maybe one, if any, spam topics a month to over 10 in less than 2 days is a substantial increase. I've noticed that the spam posts are all about 3-5 hours apart, so if I am correct we could expect a new one anytime within the next 2 hours.
*dramatically* There must be something done to bring these spammers to justice!!! *raises fist into air commandingly*
Well seriously, cant we get enable something that was mentioned above, or at least get a captcha on the create account page?
BTW, this should be in the general discussion forum, it'll get more attention (Rumor has it John avoids OT ;).
Rather than causing delays I think captchas would be better. Still gives security and doesn't hamper discussion.
PortableApps.com Advocate
Captchas exclude visually impaired visitors and are not an option.
Sometimes, the impossible can become possible, if you're awesome!
I hadn't thought of that. Maybe have a logical question that any human can answer but a computer cannot and have it plain text for a screen reader to interpret. Could think of it as a logicial and pro-accessibility type captcha?
Could be anything from Q: How to spell portableapps? A: portableapps - to - Q: Two plus two = ? A: 4 or four
PortableApps.com Advocate
Actually, one Drupal module available from the Drupal site is the captcha module, and captcha extras, that include several extra captchas, including the ones you say in the middle. As said below, these are easier to break, but, will limit the spam a little bit. This together with the report spam button below (although I don't know any Drupal module that does that yet) could work very well to limit spam on these troubled periods.
Also, I think it ism ore important to get to the root of the problem, and see if we can figure out who, and more importantly, why (if for same reason as all spammers or for a specific reason) are we getting more spam. Cutting the problem on the root may be the solution (although a lot more hard).
Blue is everything.
you could always try recaptha which does have a function to sound out the captcha for the visually impaired
your friendly neighbourhood moderator Zach Thibeau
also, it would be good if accounts required administrator permission to be activated. althogh it would be a hassle, it would be a fool proof way to nab a lot of spammers. and may i suggest a throwaway account that all admins/mods can accsess daily.
Zoop
I think a reCapacha module for the site would be great.
Imagine if somebody created a bot and posted about 1000 posts?
Hey, I've ran a board before, though not one using the software this board uses.
An IP ban is a good quick solution but not without fault. As many of you know the IP is four numbers from 0 to 255 separated by three periods. You can ban an IP explicitly, but this is only good for banning one person with cable internet and a static IP. Everyone else (with dialup and DSL) has a dynamic IP. Their IP changes every time they connect to the Internet, from a pool assigned to their ISP. So you can ban the pool by replacing the last number (or for large ISPs, the last two numbers) with stars. But this bans not just the offender, but the offender's neighbors.
Captchas are good but Mr. Haller said they're out, so they're out.
The math problem or spelling problem ideas are good, but like the most basic captchas, they can be defeated by spammers. Spammers don't use the web like you do. They have tools which facilitate the process. They probably have a program that they feed forum URLs to and it goes to work. Work from home, they tell you. Let your computer make your money while you sleep. That's spam recruitment right there.
My solution, but I'm not sure if your board supports it. Might have to code it in. You already have at least three classes of members: Banned, Members, Admins. Maybe you also have Mods who can do some things Members can't but not everything Admins can. And maybe you even have Developers who have a private forum for discussing development. I don't know, but it seems like every board out there has classes.
Make a new class called New Members, and by default any newly created accounts are New Members. New Members' posts aren't posted directly, but are put into a queue to be reviewed and approved by mods and/or admins. During the review, the mod or admin can ban a New Member, deny/delete the post, approve the post, or promote the New Member to a Member.
You might also allow new accounts to be promoted straight to Members if they use their ISP email. If they use their ISP email you can send an email to ABUSE [at] [their domain] with their IP and put them in some hot water in addition to banning them, whereas you have much less recourse if they use Hotmail, Gmail, or Yahoo.
I'd been moderating some Yahoo and Google groups before. Of course it works, but it is too time-consuming, so you must first find volunteers for it. If no volunteers are found, an alternative way is to implement a [Report as SPAM] button, everyone can click on. If a post reaches a specific number of clicks, it's removed automatically. The disadvantage of this is, that a bot can be used to delete complete forums by continuously "reporting as SPAM" all posts! Maybe this could be combined with the member classes and moderation in a way that the mods just decide to grant or not to grant the status change from new member to member, based on the number of "survived" post from that user. This is much less work than reading each new post and evaluating it (may even be automated). Being accepted as a member lets then using the SPAM Report button.
No. You never put a button that, if pressed enough times, invokes moderation. That's just asking for trouble, as you pointed out.
GameFAQs is highly secretive about how its proprietary forum technology (coded by founder CJayC and others) works, but loose-lipped moderators and other staff have let enough slip that some things are known while others are assumed. It's quite impressive. Their reporting system is quite remarkable. Moderators have access to a report queue and most members have access to a report function. When reporting, they can choose from about half a dozen "topics" to report for. Illegal activities, such as posting warez links; or trolling, such as saying "PortableApps.com sucks, use CeeDo instead" here. There's also a space for a comment that can be used regardless of what you check, to elaborate. The category helps determine how high up on the queue it goes - for example, on a basis of first come, first serve, by default something would go to the bottom, but we might send it to the top if it's, say, illegal activities. And if you have a troublesome user who just reports messages because he doesn't like someone, well in that case every user has a secondary Karma they call MMA (marked message accuracy) which means that the higher your MMA is, the more likely your marks will be seen. If it's terribly low, your marks will be ignored.
Of course, a slick system like that is probably more work than y'all want to do, but that might be among the most perfect ways of implementing a snitch system.
Last fall a new 'bot was developed that could read CAPTCHAs and as such was running thru the major forums. As a result forums had to create expanded Ban lists, IP and email, and then they acquired newer CAPTCHAs so the 'bots have been pushed to newer forums on which to prey.
One source of SPAM comes from InternetServices IPs and a quick search will show many seemingly scattered IP addresses.
A pattern was found with one bot where there was always a Z between the first and last names of email addresses. And there was a limited number of first and last names being used. So addresses like email@example.com could get trapped with filters emai*@* and *ail@*. I think I had about a dozen 1st and last names filtered. One SPAMmer was creating email addresses in China, so for a while *.@*.cn addresses were banned. And massive amounts of SPAM have gmail.com addresses so it got banned also. Both of these were removed when the new CAPTCHA was implimented.
Many CAPTCHA apps provide for handicap overrides so dismissing them out of hand is short sighted. Of course it's possible Drupal doesn't support the higher level CAPTCHA apps.
Banning individual member names is limited but can help. *p*rn* and *viagara* being the two that come to mind.
Banning individual IP addresses is only effective if the same address is found to be used repeatedly. Usually that's not the case.
[Fake email address changed to example address - JTH]
Ed
It was a spammer's fake address. No need to change it.
Ed
Yeah, but that domain could have real email accounts on it. Or it could change hands a year from now. And having that address here could cause someone else problems. Always best to use email@example.com, personally.
Sometimes, the impossible can become possible, if you're awesome!
What if anyone who could "fix" the website stopped developing apps and focused on that?
I don't have a short attention span. I just...oh look a kitty!
Why not put all new account on "probation", I mean that all new posts from a user would need to be approved by a super-user until the account has reached a certain time (4 days)?
After that time, I'm pretty sure all the spammers would get intercepted before they do any harm to the community. A human supervision will always be better than an automated system.
Hmm, thats a good idea.
What you're suggesting is what NathanJ79 already wrote:
Make a new class called New Members, and by default any newly created accounts are New Members. New Members' posts aren't posted directly,...
I've implemented a text-based math CAPTCHA that should snag any automated account creation attempts. Unfortunately, it looks like we're dealing with a smalltime manual spammer, so that won't really help.
I also implemented rel="nofollow" on all forum links. It hadn't been setup quite correctly before and should have been enabled since we upgrade to Drupal 6 but hadn't been due to the order of the filtering on forum posts and comments. Not it is enabled. What this means is that any links will gain a spammer nothing in terms of Google PageRank or similar search engine rankings. So, the only reason that the spamming would continue is if the spammer is dumb and doesn't realize that he gets nothing (not pagerank, not visits) by posting. Of course, spammers are dumb...
For people who have made some suggestions, note the following:
- We can't create a new class of user that doesn't have direct posting abilities and then later gets the ability to post directly after say a week as this feature doesn't exist in any module for Drupal. It would have to be handled manually by admins, so that ain't gonna happen.
- We can't filter out new accounts based on specific criteria as the spammers use the same mail providers as real users (like gmail, etc).
- We can't filter out new accounts based on any other criteria as they also look like normal users (people always leave the defaults for country, pick silly account names, etc).
- We can't put new accounts on hold for administrative review as they look the same as others and this would put another undue burden on admins.
- We can't add a "report spam" button as none of the 3 anti-spam/anti-abuse modules in Drupal have been updated to Drupal 6 stably. As Drupal 6 has been out a year, any modules not yet updated can be considered dead.
Sometimes, the impossible can become possible, if you're awesome!
Actually three of your five "can't" bulleted items are "won't", I think (e.g. "We WON'T filter out new accounts based on specific criteria as the spammers use the same mail providers as real users (like gmail, etc)." but point taken. I was going to say that that's five knocks against the Drupal platform but it's really only two and the other three being a personnel issue. I used to be VERY critical of forum platforms, and, well, I guess I still am.
I would have suggested phpBB, as, like I noted Drupal is, it's open source as well, which fits with PortableApps, but then, looking at phpBB's latest work, the topic view and forum view pages still look cluttered as hell. Drupal seems to present a clean interface, just the facts and nothing more, real elegant and simple. Not a big fan of the indented/tree reply system (and I liked how Invision 2.x would let you switch between that and the flush/uniform/flat view, as well as a third view) but hey, can't win 'em all.
Long story short it sounds like, despite a couple limitations, you got it sorted. It did seem like just one bonehead dropping affiliate links... I don't know, I didn't read the posts, but it seemed to be an isolated incident and that the bigger threat to PA.com and what you guys are trying to accomplish is the portable warez sites, especially that one with the gold PA.com icon trying to pass itself off as the warez arm of this site.
I forgot to mention, I implemented reCaptcha on the registration form soon after I realized the text-based captcha wasn't working and this seems to have handled it quite well. We'll be keeping an eye on things to be sure the forums stay nice and spam free.
Sometimes, the impossible can become possible, if you're awesome!
Good choice.
Ed
Unlike most captchas, reCaptcha implements an alternative audio method for visually impaired users. And unlike most captchas with an audio alternative, it's well thought out, allows you to replay it, and even allows you to download it as an MP3 if you don't have a plugin in your browser to allow audio to be played. Done being a wise ass now?
Sometimes, the impossible can become possible, if you're awesome!
Good choice.
Initially you rejected all CAPTCHAs out of hand. As you have found they are not all alike.
I didn't realize this forum advocated name calling.
Ed
Actually, reCaptcha changed the way they present the audio file, probably from community feedback, between the time I first mentioned it (and rightfully rejected it) and when I implemented it. Originally, it was using a file embed so it was played as Quicktime or whatever else you have configured to play MP3s in the browser (which will not work for a lot of people). Now, they're using a flash object (which is pretty universal) with text links to play it again (which retriggers the flash object) and a link to download it as an MP3 if you can't hear it in the browser, which should let just about everybody hear it no matter their configuration.
Those changes make it the only captcha I've ever seen that properly handles most accessibility issues. And, as there are only a handful of captchas that work with Drupal, it was easy to quickly evaluate them all and realize that, originally, none of them made the cut. reCaptcha is close enough and I added a notice to the registration page about getting email assistance for users who can't use the captcha just in case we get any deaf-blind members.
I thought you were posting those quotes side by side to be a wiseass
Sometimes, the impossible can become possible, if you're awesome!
I'm sorry I don't mean to offend anyone but I must honestly ask this question. Okay I can understand people that don't see well maybe even not at all but seriously deaf and blind? If you have that combination I don't see why the person would need to even have a login. They wouldn't be able to read/hear the forums or interact with them. Again I don't mean to be an ass but I don't think we we need to worry about people that are deaf and blind.
Release Team Member
Such wonderful disability awareness. Some of us are very concerned with deaf and bljnd people; some of us work with/for them.
I really didn't know that people that were deaf & blind (I mean both at once) had any ability to read a webpage or really interact with a computer at this level. I didn't mean to be offensive, again, I apologize.
Release Team Member
There's always the possibility that someone with some disability or another will need to use a resource you've provided. So, if you can do so without impacting other things, I'm all for doing it. Especially since it can wind up benefiting everyone. There are deaf and blind people in the world. It doesn't necessarily mean no sight and hearing, but it can (read more). And, like anyone with sight issues, they can use a refreshable Braille display to gain access to technology. They just don't have audio to go along with it.
Sometimes, the impossible can become possible, if you're awesome!
Hello all... After reading this thread and only signing in an hour a go myself, it makes me feel like I'm walking on egg shells... Been here for a few months but just joined. Must add that the work done here an the programs made possible for the end user is fantastic... Just wanted to say HI to everyone and to let folks know that I'm a good folk meaning no harm to anyone... Look forward to meeting some of the folks here over the coming months...