Log in

View Full Version : Spammers Suck - Are Forum Changes Required?


Mike Temporale
07-25-2006, 02:30 PM
I'm just plain sick and tired of spammers. It has been gradually getting worse for a while now, until last night when it just got ugly. Last night we got hit with about 200 spam forum messages. These posts were not like the rest. This spammer decided to reply to existing posts with his spam. The result is numerous emails being sent out to you, are members, about a reply being posted to a specific thread. I don't know about you but I have over 150 of them in my inbox. :evil: So the spam didn't just hit the server, it hit your inbox too. Rocco spent a incredible amount of time last night cleaning up all the spam. (Thanks Rocco! :way to go: ) So if you clicked on one of those emails and saw a post not found message, that is why.I really like the way the forum is currently setup and run. There's a lot of good people here and I don't like the thought of changing things. However, as I said earlier, I'm just plain sick of the spam. I already spend too much time each day dealing with the spam messages. The more time I spend dealing with spam, the less time I can spend finding news, writing reviews, and answering (attempting, anyway) your questions in the forums. There's a couple things we can change to try and block the spam before it gets into the forum. I would like to know your thoughts on these, or other means you might have in mind to help curb the spam. Try to keep in mind the experience for a first time visitor to the site. We don't want to drive anyone away, except the spammers. ;) I'm not going to make any promises about what if any, changes will be made. But I do want to know how you all feel about this.

zeke009
07-25-2006, 03:03 PM
I don't remember for sure, but can't you ban domain names in phpBB2? I've noticed that the *.ru addresses have been quiet lately with their spam, I'm seeing a lot of *cashette.com addresses hitting the forum I admin. So I added them to the banned address list. We're using IPB, but I am sure that phpBB allows you to someway block addresses of a certain domain.

Unless the script kiddies are using @hotmail.com or another popular address.

That's my $.02 cents, good luck! :wink:

Edit:
Admin Panel - Ban Control (Under User Admin) - Ban one or more email addresses
E-mail address:
To specify more than one email address, separate them with commas. To specify a wildcard username, use * like *@hotmail.com
Might be tedious at first, but if they are using a junk domain name like any *.ru account or cashette.com... might be worth it to just out right ban the email domain.

Not sure if you use this or not, but I found it handy when I admined a phpBB forum:
Admin Userlist - http://www.phpbb.com/phpBB/viewtopic.php?t=117359&highlight=userlist
It worked for me on a the 2.0.17 board.

Jerry Raia
07-25-2006, 03:38 PM
I went with all the above. Rather than try to visit all those posts I just deleted the emails. Will I, or anyone who did what I did, not get notified if new legit posts are made to those threads?

Mike Temporale
07-25-2006, 04:04 PM
I am sure that phpBB allows you to someway block addresses of a certain domain.

But email addresses are a dime a dozen with hotmail and gmail giving out the most. Most of the spam we have run through here are not from the same domain. And if they are, it's from a webmail service like gmail. So it might help a little, but I don't think it's going to do much in the long run. :?

Mike Temporale
07-25-2006, 04:06 PM
I went with all the above.

Oh, BTW, You're part of the "admin" I mentioned. So by selecting all of the above you're voting for adding a lot more work to your plate. ;)

Rather than try to visit all those posts I just deleted the emails. Will I, or anyone who did what I did, not get notified if new legit posts are made to those threads?

Yeah, I think you're right. You won't be notified of a new post in those threads now. :(

Jerry Raia
07-25-2006, 04:09 PM
:lol: It will be worth the extra work. I've been visiting threads I can remember so Ill get notified. What a pain this clown caused us.

Ed Hansberry
07-25-2006, 04:43 PM
what is worse is that sometimes there is a glitch in phpbb and when the last post of a thread is deleted by an admin, everyone is unsubscribed. :(

Jason Dunn
07-25-2006, 05:01 PM
The best solution, I believe, is that posts by new users are held and moderated until they have 5 posts (or something similar). That would STOP the spam problem completely. The problem is that phpBB doesn't support that, and I don't know of any way to hack that in. This issue weighs heavily on me as well, because I spent a good chunk of time dealing with forum spam as well...so believe me, I'm always thinking about how to find a better way of dealing with it.

hotdram
07-25-2006, 05:43 PM
You just have to find what goes well with spam to enjoy it ;)
http://www.riegerweb.com/Packed.JPG
I detest spam just like the rest of you. I voted for "all of the above". I know it is work for the admin/mods, but is it more work to implement the above features or to take care of the spam after it "hits" (like last night)? One forum I belong to won't let you register unless you have an email address that is NOT from one of the usual free places (yahoo, gmail etc). That stinks, since alot of people have those addresses and have had to find a different one (by finding one that site accepts or paying for one). As a sbcglobalnet subscriber, I had one from there I could register with.

~Rob

Pete Paxton
07-25-2006, 06:12 PM
I think whoever spammed everyone should be fined and restricted from all computer use. This should be mandatory for all spammers. Grrr :x

aarcam
07-25-2006, 06:27 PM
On another forum I frequent they do not allow you to register an account with email addresses from hotmail, gmail, aol, yahoo, (the big ones) etc. It has to be from your personal domain, work, your ISP or something along those lines. I am sure there is a technical term for it, but it escapes me. That is the manner in which the deal with it to curb spam.

Good luck and thanks for your vigilance.

raulr
07-25-2006, 06:34 PM
...One forum I belong to won't let you register unless you have an email address that is NOT from one of the usual free places (yahoo, gmail etc). That stinks, since alot of people have those addresses and have had to find a different one (by finding one that site accepts or paying for one). As a sbcglobalnet subscriber, I had one from there I could register with.

~Rob

I agree this kind of option is annoying, but who doesn't get a real email account from the ISP? Everyone I know has one, even if their primary is a gmail or yahoo account. It should help control the spamming. Maybe you can require it for registration, but allow another address for thread notifications.

Rocco Augusto
07-25-2006, 07:30 PM
dont worry! next time those spammers come back, "Rocco the Might Spam Slayer" will be here to stop them. Buffy doesn't have anything on me! ;)

edgar
07-25-2006, 07:56 PM
I had 97 messages :(

I just quickly clicked though them all like a knucklehead.

I voted the moderated approach; But I would also say, you can go to the regulated posting rule and move to the subscriber model of PPCThoughts. Subscribers don't have the 1 message in 5 minutes rule. So its a good go between. I think those that post often here would be happy to subscribe (for a fee or for free).

That would be a good compromise. Otherwise, first five (or even two) moderated, would really cut down on the quick "Nigerian schemes".

Although, are you sure I can't get a unlocked Sidekick III for $25! ;)

edgar
07-25-2006, 07:58 PM
Buffy doesn't have anything on me! ;)

Uhmm, I've seen your picture, and I've seen hers. Dude, she has LOTS on you ;)

Rocco Augusto
07-25-2006, 08:56 PM
Uhmm, I've seen your picture, and I've seen hers. Dude, she has LOTS on you ;)

thats not true, im pretty too! ;) :lol:

anyways, the moral of the story is i hate spam. i hope that guys computer explodes :twisted:

sojourner753
07-25-2006, 10:54 PM
One solution that is can think of is to display an image of characters that a user must rekey before successfully pressing the submit button.

I've seen other sites pair with user name and password, but that may not work here because we have the option to stay logged in.

The image can probably be scaled like any other images for the mobile version.

I'm not sure what the expense to this would be or if there are free versions of this particular verification strategy. But by using this, you don't have to necessarily insert a human (admin) in between the legitimate posters and the community. Plus at most, its maybe 5 extra key strokes.

Rocco Augusto
07-25-2006, 11:24 PM
One solution that is can think of is to display an image of characters that a user must rekey before successfully pressing the submit button.

see the problem with that is it just makes the user do more work. personally i would love to see a method in place where the users of the board are not inconvenienced. i do not mind ding a little more back-end work if it means we can keep the board spam free and the users happy :)

MitchellO
07-26-2006, 12:55 AM
I don't like the idea of 5mins between posts, because if you are somebody like me who comes on to read a board, and respond to a few messages in the space of 5 mins, it would take a lot longer. 5 min/post rule would really drop the support that this forum can give.

I voted for an admin checking all new recruits, but I don't really see how that would work. I mean what can an admin know about a new user?

I should have voted for the last option.....

Rocco Augusto
07-26-2006, 01:34 AM
I mean what can an admin know about a new user?

one thing i noticed about spammers, especially after last night, they like to put the link to the website they are spamming for in their profile. that would be one way we could nip it in the butt. the best solution though would be the one presented by jason, we just moderate the first 5-10 post from a new user. if they're a spammer and they try to spam and see that it won't even show up on the board because it is being moderated then it would deter them from sticking around until we approve them so they can spam.

this really wouldnt be that much more work on the board since you could usually always find either myself, mike, jason, jerry or kris hanging out here doing our thing, so the post would not sit in limbo too long ;)

MitchellO
07-26-2006, 02:05 AM
I mean what can an admin know about a new user?

one thing i noticed about spammers, especially after last night, they like to put the link to the website they are spamming for in their profile. that would be one way we could nip it in the butt. the best solution though would be the one presented by jason, we just moderate the first 5-10 post from a new user. if they're a spammer and they try to spam and see that it won't even show up on the board because it is being moderated then it would deter them from sticking around until we approve them so they can spam.

Yeah thats a good idea.

sojourner753
07-26-2006, 02:36 AM
One solution that is can think of is to display an image of characters that a user must rekey before successfully pressing the submit button.

see the problem with that is it just makes the user do more work. personally i would love to see a method in place where the users of the board are not inconvenienced. i do not mind ding a little more back-end work if it means we can keep the board spam free and the users happy :)

I suppose inconvenience is a potential risk, but in this case its a small one. IMO. I would rather have you guys working the great content of the site than hunting after spammers when there may be a process that can be put on cruise control.

If a take an systems architects perspective how could a 5 post probation scale? We want ThoughtsMedia sites to grow as fast as possible. If we're lucky, there's no way that a person or person(s) could moderate every new member and still keep the community moving.

I say if there's an applications solution, then it should be given weight over any manual solution. Assume the automated solution then determine if there are any "gotchas" lurking.

5 extra keystrokes (or stylus taps) is a much better solution than treating new members like criminals (see DRM) up front. Thats my take anyway.

MitchellO
07-26-2006, 02:54 AM
5 extra keystrokes (or stylus taps) is a much better solution than treating new members like criminals (see DRM) up front. Thats my take anyway.

:lol:

Kris Kumar
07-26-2006, 03:33 AM
Way to go Rocco! 8)

When it comes to suggestions to fight spam:
- I don't think moderating the posts of newbies or anyone is an easy job. :-( But push comes to shove, I like the idea of moderating the initial 5 posts by newbies.

- What I would like to see is that the bulletin board software be smart enough to handle spam. Like for e.g. when a user posts a reply or a new post, the software should check the body of the post with the previous post, if they match then it should block it or queue it up for moderatation. I know spammers might become smart and start enter some jobberish at the end. But it should tackle simple spams, definitely the one that we saw last night.

sojourner753
07-26-2006, 03:43 AM
- What I would like to see is that the bulletin board software be smart enough to handle spam. Like for e.g. when a user posts a reply or a new post, the software should check the body of the post with the previous post, if they match then it should block it or queue it up for moderatation. I know spammers might become smart and start enter some jobberish at the end. But it should tackle simple spams, definitely the one that we saw last night.

I guess best case would be some kind of Bayesian (sp?) algorithm or intelligence like in some email spam solutions. Although the false positves on a forum would probably be more of an annoyance than in someone's personal email inbox.

MitchellO
07-26-2006, 03:45 AM
- What I would like to see is that the bulletin board software be smart enough to handle spam. Like for e.g. when a user posts a reply or a new post, the software should check the body of the post with the previous post, if they match then it should block it or queue it up for moderatation. I know spammers might become smart and start enter some jobberish at the end. But it should tackle simple spams, definitely the one that we saw last night.

I guess best case would be some kind of Bayesian (sp?) algorithm or intelligence like in some email spam solutions. Although the false positves on a forum would probably be more of an annoyance than in someone's personal email inbox.

Use whatever algorithm google uses for spam on Gmail. Its excellent!!

bradmatejo
07-26-2006, 05:11 AM
You just have to find what goes well with spam to enjoy it ;)
http://www.riegerweb.com/Packed.JPG


Shiner Bock rules!!!
http://bradmatejowsky.blogs.com/photos/misc_pics/image_059.html
Oh look what I found in my garage. No idea how it got there ;) Just don't tell the Shiner sheriff!

Kirkaiya
07-27-2006, 07:30 AM
One solution that is can think of is to display an image of characters that a user must rekey before successfully pressing the submit button.

I've seen other sites pair with user name and password, but that may not work here because we have the option to stay logged in.

The image can probably be scaled like any other images for the mobile version.

I'm not sure what the expense to this would be or if there are free versions of this particular verification strategy. But by using this, you don't have to necessarily insert a human (admin) in between the legitimate posters and the community. Plus at most, its maybe 5 extra key strokes.

This is the first thing I thought of when I saw the list of choices, and is the "something else" I voted for.

If it's just a 3-digit number that the user types in a text-box that sits just above the message-box (multi-line textbox) field, then I don't consider it an inconvenience really. There are some other forums I post on that already do this, and it seems to be very effective (most script-kiddies aren't going to run the image-recognition software required to defeat even very plain numbers in an image).

For back-end tactics, another trick is not allowing duplicate posts - that is, if a submitted post is an exact match for another post, deny the post (of course, if spammers just randomly modify their posts with some gibberish, that's not going to work either).

What I'd really like to see is a heuristics-based spam-filter used of the type used in some mail-server software being made available as a php module, or .net library, whatever, so that it could be implemented on forums like this. Come to think of it, that's such a good idea, I think somebody must have done it?

Kirkaiya
07-27-2006, 07:34 AM
wow - i should really read all the responses through to the end before posting, since everything I just wrote above was already posted with better spelling by other people

:oops:

Mike Temporale
07-27-2006, 01:22 PM
wow - i should really read all the responses through to the end before posting, since everything I just wrote above was already posted with better spelling by other people

:oops:

No worries. It helps to see that a lot of you are thinking the same thing. So maybe we should too. ;)

sojourner753
07-28-2006, 12:57 AM
wow - i should really read all the responses through to the end before posting, since everything I just wrote above was already posted with better spelling by other people

:oops:

Great minds ... yada yada yada ... :wink:

Jerry Raia
07-28-2006, 01:09 AM
I think we should just shut down the whole site. That would stop the spamming for sure. :mrgreen:

Rocco Augusto
07-28-2006, 05:24 AM
thats how it starts. first a site, then the whole internet, then the pacel post carriers then the telcom systems and the morse code/telegram systems then the third graders games of telephone and next thing you know we ban fire so the spammers cant send smoke signals. it never ends i tell you!

Jerry Raia
07-28-2006, 06:58 AM
Next we'll have to cut the string between the cans!

Kris Kumar
07-28-2006, 12:14 PM
What are you guys talking about! Mike, can these two get a vacation?

Mike Temporale
07-28-2006, 01:49 PM
What are you guys talking about! Mike, can these two get a vacation?

I don't know. I'll have to split them off into their own thread if this keeps up. :twak:

Rocco Augusto
07-28-2006, 06:03 PM
Next we'll have to cut the string between the cans!

oh no! they'll never take away our string! :(

Rocco Augusto
07-28-2006, 09:07 PM
I don't know. I'll have to split them off into their own thread if this keeps up. :twak:

sorry! 8)

The One Eyed Man
07-31-2006, 08:18 PM
I agree with sojourner753....

Word verification for every post is a slight inconvenience to your users, but effectively eliminates bogus posts (eliminates all automated posts).

This allows the admins to focus on more important things than verifying or moderating new users.

IMHO, 5 minute "throttle" between posts could be annoying. Perhaps you could set a post limit, e.g. 10 per day, and raise that for users that require additional posts. This allows you to manage by exception, greatly reducing admin effort.