Anti-Spam Thread!

The 2.0.x discussion forum has been locked; this will remain read-only. The 3.0.x discussion forum has been renamed phpBB Discussion.
User avatar
Dave Bean
Registered User
Posts: 210
Joined: Thu Jul 12, 2001 4:55 am
Location: Denver, Colorado
Contact:

Post by Dave Bean » Mon Jun 05, 2006 12:25 am

I don't mind helping to promote valuable members with links to their websites - just don't like helping the spammers that don't contribute anything meaningful to the discussion.

That is why we do not list members with 0 posts or newestmember with posts - now the battle is shifting to the posts themselves and need a trusted vs non-trusted status.
Last edited by Dave Bean on Mon Jun 05, 2006 2:22 pm, edited 1 time in total.
Building Internet Communities
www.ColoradoHealth.info

User avatar
Ramon Fincken
Registered User
Posts: 4835
Joined: Thu Oct 14, 2004 1:04 am
Location: NL, The Netherlands Amsterdam area @GMT +1
Contact:

Post by Ramon Fincken » Mon Jun 05, 2006 8:57 am

rraisley, read this one : http://www.phpbbinstallers.com/board/viewpost.php?p=151

and your questions will be answered :)

or search for 'active users only'

Rfn
Dutch quality fully managed WordPress hosting - ManagedWPHosting.nl

Before changing a file, some code or installing a MOD >> Make a backup first!

Do you like my mods? paypal me $1 :) forumsoftware[AT}creativepulses[DOT}nl [/size]
PhpBBantispam.com || Instant find your mod here

User avatar
EXreaction
Former Team Member
Posts: 5666
Joined: Sun Aug 21, 2005 9:31 pm
Location: Wisconsin, U.S.
Name: Nathan

Post by EXreaction » Tue Jun 06, 2006 7:13 pm

Updated Initial post(with the new link below).

The new location of the [BETA] Instant Ban - Spam Bots registration is here:
http://www.phpbb.com/phpBB/viewtopic.php?t=396855
And is now named [BETA] Anti-spam bots registration.

8)

Zarkow
Registered User
Posts: 75
Joined: Sat Sep 14, 2002 5:21 pm

Post by Zarkow » Wed Jun 07, 2006 4:51 am

As I mentioned in another thread, with user-activation of accounts (they have to verify registration via having valid email) and killing all registration-attempts that include any website-data (field removed from signup-page, but not profile-page) I haven't had the need for any instantban or the likes. Will ofcourse always keep an eye out for users that register and then add website-data (haven't added any postlimit for adding this, could even be a simple thing to do to easily detect users that clearly aren't interested in the topic at hands and making one-word-posts or the likes) but sofar, none.

Have had perhaps 10-12 adaptive registrations over the spread of 4 forums, i.e. they retry to register after failing and this time removing _all_ field-data. But then they have to log in and wierd usernames usually stick out from the 'users last 24h'-list and are caught manually.

But, knock on wood, not one website-url in the memberlist has been added sofar...(seen a few russian bots register and verify the emails though, but not yet adding any data on their first login).

User avatar
espicom
Registered User
Posts: 17905
Joined: Wed Dec 22, 2004 1:14 am
Location: Woodstock, IL

Post by espicom » Wed Jun 07, 2006 5:03 am

Might as well add ConfusaBOT ACP to the released MODs list. The "lite" version remains, for those who don't want to get involved in database or ACP modifications. And, as always, support for the respective versions is only in their support topics! :wink:
Jeff
Fixing 1016/1030/1034 Errors | (obsolete link) | MySQL 4.1/5.x Client Error | phpBBv2 Logo in ACP
Support requests via PM are ignored!
"To be fully alive is to feel that everything is possible." - Eric Hoffer

User avatar
EXreaction
Former Team Member
Posts: 5666
Joined: Sun Aug 21, 2005 9:31 pm
Location: Wisconsin, U.S.
Name: Nathan

Post by EXreaction » Wed Jun 07, 2006 4:43 pm

espicom wrote: Might as well add ConfusaBOT ACP to the released MODs list. The "lite" version remains, for those who don't want to get involved in database or ACP modifications. And, as always, support for the respective versions is only in their support topics! :wink:


I have added it to the first post. :mrgreen:

macinta
Registered User
Posts: 2
Joined: Wed Jun 07, 2006 6:44 pm
Location: Greater Boston
Contact:

Some anti-spam ideas

Post by macinta » Wed Jun 07, 2006 6:47 pm

I have a few ideas for potential ways to stop bulletin board spam that I'd like to throw out there to see what others think. I don't know if I'll necessarily be working on them, though there is a small chance that I will, but maybe others would be interested in implementing them. My apologies if these have been suggested already - I tried skimming the more recent anti-spam posts and didn't see these ideas mentioned.

My first idea is distributed, collaborative moderation. People who run boards would join together in groups with others who run boards and their moderation would automatically be shared. Each administrator would have the ability to mark a post as spam. Once enough people mark something as spam, it would automatically be hidden for all boards in the group. For example, say there were 100 boards in the group and 3 administrators marked posts coming from IP address 10.10.10.10 as spam - all recent and new posts from that IP address would then automatically be hidden from all boards at that point. The same thing could be applied to URLs. For example, once 3 administrators mark posts containing http://www.example.com/ as spam, all new posts with that URL would be hidden (I wouldn't retroactively hide previous posts in this case given that somebody could set up a Joe Job to censor a post they didn't like).

My other idea is SpamAssassin style scoring for posts. Rather than just relying on a single test (such as bad words) to determine if a post is spam or not, run a plethora of tests which all contribute to a spam score. If the score is above a certain threshold, the post is hidden by default and will require moderator approval to be shown. The threshold would be higher for registered users than for guests and it would be much higher for trusted users. The scoring engine should be biased toward keeping the score very low if there are no URLs in the post or signature. It might actually be worthwhile to pipe the posts through SpamAssassin itself, just to get something working quickly.

Those are my current ideas - I have kind of implemented one of them in a very rudimentary fashion, but I don't want to get into details because it isn't robust enough to withstand spammers with full information at this point. Recently, what has worked well for me was modifying some of the captcha code so that the captchas on my sites are different from other phpBB sites (the spammers can automatically decode the default captchas). The most foolproof spam guard, though, has been just adding code to send me an email alert when there is a new post so that I can review it right away. This lets me catch 100% of the spam fairly quickly, though it can be tedious, so I'm frequently on the lookout for other potential options.

- Tim Macinta

User avatar
Dave Bean
Registered User
Posts: 210
Joined: Thu Jul 12, 2001 4:55 am
Location: Denver, Colorado
Contact:

Post by Dave Bean » Wed Jun 07, 2006 7:02 pm

Seems like a lot of work when 3 basic steps take care of spam:

(1) Continue to improve the basic anti-spam tools such as registration required to post, email / user verification, visual confirmation

(2) Do not display members without posts in the member list or in the newestmember links - this easy mod is available now and eliminates memberlist spam without posts.

(3) Establish Trusted and Non-trusted members as designated by admins and moderators. Trusted members can post immediately, Non-trusted members have their posts reviewed by admins or moderators before being made public. We need a mod for this.

We don't have to make it easy for them, but Spammers will always get around our automated defenses. #3 above limits the adverse impact of the posting limitation and the amount of work we have to do.

Wont' the above take care of the bulk of the spam problem?
Building Internet Communities
www.ColoradoHealth.info

macinta
Registered User
Posts: 2
Joined: Wed Jun 07, 2006 6:44 pm
Location: Greater Boston
Contact:

Post by macinta » Wed Jun 07, 2006 7:17 pm

Wont' the above take care of the spam problem?


Yes, if you're willing to accept that the moderator will be the bottleneck in how quickly conversations progress as all guest posts will need to be approved. That may be fine for most sites, I just want to keep guest posting as immediate as possible to keep the conversation flowing and to prevent any barrier to entry for users who are undecided as to whether they want to register or not.

- Tim

User avatar
Dave Bean
Registered User
Posts: 210
Joined: Thu Jul 12, 2001 4:55 am
Location: Denver, Colorado
Contact:

Post by Dave Bean » Wed Jun 07, 2006 10:31 pm

Yes, if you're willing to accept that the moderator will be the bottleneck in how quickly conversations progress as all guest posts will need to be approved
Good point and not only guest posts, but all posts until we feel the member has gained our trust.

It is still work and maybe some of the tools like the spam filters can help by guessing if it is spam.

Wouldn't it be nice to have the benefit to Spammers stopped and for us to be only looking at how to handle the control most efficiently. I'm fed up with Spammers having the advantage.
Building Internet Communities
www.ColoradoHealth.info

Franck78
Registered User
Posts: 4
Joined: Sun Jun 11, 2006 12:07 pm
Contact:

Post by Franck78 » Sun Jun 11, 2006 12:32 pm

Dave Bean wrote: Seems like a lot of work when 3 basic steps take care of spam:

(3) Establish Trusted and Non-trusted members as designated by admins and moderators. Trusted members can post immediately, Non-trusted members have their posts reviewed by admins or moderators before being made public. We need a mod for this.


Hello,

A variation on (3):

-Establish a trusted team.
-Give the "delete user" permissions to it
-Add according action button on top right of each post (with 'quote','edit',..)

But it is a bit dangerous to only do this. OK. Now the solution:

-each account get a new attribute: "interim or validated account"
-the trusted team can only delete interim users
-move from interim to validated state is done latter manually or automatically. Policies to define!

Life duration of such a user/topic/spam is very short!
Spammers will never be able to pass a human brain filter ;-)


Franck
Franck

Atomo64
Registered User
Posts: 25
Joined: Mon Jun 21, 2004 7:10 pm
Location: /home/raphael
Contact:

Post by Atomo64 » Mon Jun 12, 2006 1:35 am

Also this MOD I wrote can help to stop spam bots by *improving* the CAPTCHA image, it doesn't require any lib, it just makes a few changes on the range of the colours. The mod can be found in my forums. I haven't submited it yet because I have no idea if the ranges I'm making the script use are valid, so if there's anybody who knows about PNG format and all that stuff please check it.
Also, I haven't searched for, but maybe a simple mod that checks if a bot sent any extra values like the ones used when you install the humanizer MOD and if so then ban the ip, could also help.

User avatar
EXreaction
Former Team Member
Posts: 5666
Joined: Sun Aug 21, 2005 9:31 pm
Location: Wisconsin, U.S.
Name: Nathan

Post by EXreaction » Mon Jun 12, 2006 1:59 am

That would be a very dangerous mod for most boards IMHO. If you want anything like that, make is so that a special group can only hide the posts from everyone else, and not delete them.

What you guys want to do is make a lot of people mini moderators basically. The only thing like that that would be good is a report post mod. So that any person could report the post to a moderator(which is anouther thing in 3).

All I would suggest for 2 is to either make a bigger moderator team, and the report posts mod. Because it doesn't really matter if someone posts a few spam posts, they are quite easy to clean up. They only thing that would help in something like cleaning up spam posts is a mass delete mod that would delete every thread the user started, and remove all the text in any other post and replace it with (I am a dirty spammer). Or something like that. :P

I say just wait for 3. :P

User avatar
EXreaction
Former Team Member
Posts: 5666
Joined: Sun Aug 21, 2005 9:31 pm
Location: Wisconsin, U.S.
Name: Nathan

Post by EXreaction » Mon Jun 12, 2006 2:17 am

Dang, this sucks...we are getting a bunch more spam on my board. :(

I am pretty sure that its being entered in manually, but the IP addresses are all different. Would it be possible to fake your IP when you register?

These monsters keep using *@(something poker related).* I wish I could just ban everything that is poker related...I will have to look into Ramon's mod, the Anti-Spam fields mod...hopefully that will help. :)

Franck78
Registered User
Posts: 4
Joined: Sun Jun 11, 2006 12:07 pm
Contact:

Post by Franck78 » Mon Jun 12, 2006 11:28 am

EXreaction wrote: That would be a very dangerous mod for most boards IMHO

Dangerous ? Why?? All existing accounts are by default flagged 'valid'. Only new accounts will be 'interim'. What is dangerous? Loose a new user with one post? Bof...
EXreaction wrote: What you guys want to do is make a lot of people mini moderators basically.
The only thing like that that would be good is a report post mod.


Exactly because every board user don't want to be moderator. And when someone wants to moderate a forum, he wants to make more usefull things than spam tracking.

But a lot of regular trusted users are able to recognize a spam and destroy it immediatly. Rapid, efficient, easy to implement. What more do you want? Why allways think "moderator is god" and "users is brainless" ?

Don't you think that a moderator have more important tasks to do with real users ?

Hide, delete, ban the spammer: the permitted actions is a secondary choice. Depend on developper imagination & time! Same for validating a user: by moderator, by the trusted team, after some messages,....


Bye
Franck

Locked

Return to “2.0.x Discussion”

Who is online

Users browsing this forum: No registered users and 2 guests