Next wave of spam: Be prepared!

Discussion of non-phpBB related topics with other phpBB.com users.
Forum rules
General Discussion is a bonus forum for discussion of non-phpBB related topics with other phpBB.com users. All site rules apply.
calande
Registered User
Posts: 37
Joined: Wed Sep 20, 2006 10:29 pm

Next wave of spam: Be prepared!

Post by calande »

From the recent evolution of spam in forums, everything indicates that forum spam is using more and more techniques of e-mail spam. Filters and addons used for forums and going to be more and more like SpamAssassin rather than just a keyword blocking addon. I am pretty sure that in a near future, spam forum will be like this: non sense garbage in the subject line or words like "V1AGRA", "P0RN", "phaarmaccy" to by-pass filters, and in the message, just one large clickable image, just like spam that you get in your Gmail account.

A possible solution to this problem would be having a "Report" button on each post, linked to a backend central server used by many forums in the world, to list all blacklisted IP addresses. If spammer Jack sends a gambling spam on Bob's forum, Jim clicks the "Report" button to report Jack's IP address to the central server. Bill also has a forum which system knows the blacklisted IP right away, and when Jack tries to post his spam on Bill's forum, he gets an error message because his IP address is blacklisted. After 3 people click the "Report" button, the user is erased, his message as well, and his original IP address is sent to the central server.

Forums spammers will do their best for messages to get through, they will be as carried away as for e-mail spam. We just have to be prepared. No good built-in protection will ruin the forum experience the same way spam killed Usenet that once was very popular.
Natan
Registered User
Posts: 217
Joined: Wed Dec 03, 2003 3:49 am
Location: Baltimore

Post by Natan »

The report feature is going to be available in phpBB 3.0

The problem with the three-click rule is that if there are a bunch of posters who don't agree with one person's viewpoint, it can be abused.
"You may only be one person to the world, but you may also be the world to one person."
calande
Registered User
Posts: 37
Joined: Wed Sep 20, 2006 10:29 pm

Post by calande »

Shalom, yes, I somewhat agree with you, it could be increased a little bit, for instance anything between 5 to 10 clicks.

However I think that if the person is going to post a controversy topic, he/she should take care how he/she is expressing himself/herself so that anybody who disagrees will still not be offended to be point of pushing the button.
gravedodger
Registered User
Posts: 4
Joined: Mon Sep 25, 2006 10:05 am

Post by gravedodger »

Another problem is the IP address .... here in the UK and many other countries IP address' are renewed frequently.

I'm on ADSL and mine is new/different everytime I connect so blocking IP's is not really an answer.
calande
Registered User
Posts: 37
Joined: Wed Sep 20, 2006 10:29 pm

Post by calande »

Ok, but I doubt spambots change IP address very often. They probably have a large pipe with a fixed IP address...

And if they ever changed IP address all the time, at one time they would use the same previous IP addresses all over again.
Natan
Registered User
Posts: 217
Joined: Wed Dec 03, 2003 3:49 am
Location: Baltimore

Post by Natan »

calande wrote: Shalom, yes, I somewhat agree with you, it could be increased a little bit, for instance anything between 5 to 10 clicks.

This can still be abused :)
calande wrote: However I think that if the person is going to post a controversy topic, he/she should take care how he/she is expressing himself/herself so that anybody who disagrees will still not be offended to be point of pushing the button.

Whoever is posting the topic doesn't always have control over that. For example, in politics, things get heated very quickly. If someone posts something pro-Democrat, you may get 10 people who happen to be pro-Republican 'reporting' this person, or vice-versa.

The best thing is to do what is already being implemented...have a report feature, and when someone reports something, a moderator/admin takes a look at it and they can decide for themselves.
"You may only be one person to the world, but you may also be the world to one person."
DarkD45
Registered User
Posts: 8
Joined: Mon Dec 05, 2005 3:01 am
Contact:

Post by DarkD45 »

maybe it should just delete the users post that was reported and ban the user.... that way if its abused the person can just get unbanned and their infromation is not lost :)
User avatar
drathbun
Former Team Member
Posts: 12204
Joined: Thu Jun 06, 2002 3:51 pm
Location: TOPICS_TABLE
Contact:

Post by drathbun »

Standards vary from one community to another. As a result, I don't see any way that a central system can ever work. There is way too much potential for abuse, as has already been mentioned.
I blog about phpBB: phpBBDoctor blog
Still using phpbb2? So am I! Click below for details
Image
calande
Registered User
Posts: 37
Joined: Wed Sep 20, 2006 10:29 pm

Post by calande »

How a central server can be abused? What do you suggest instead?
User avatar
drathbun
Former Team Member
Posts: 12204
Joined: Thu Jun 06, 2002 3:51 pm
Location: TOPICS_TABLE
Contact:

Post by drathbun »

as has already been stated, if I don't like you (for example ;-)) I can simply follow you around and start "reporting" every post you do. There might be nothing wrong with you, but I can still get you banned from phpBB boards worldwide.

Who manages the server? Who investigates reports of the activity like what I described? What controls are in place to ensure that the reported spammers really are spammers, and not a victim of a "smear" attack?

As much as I would like to believe that such a system would work, I just can't. :-)
I blog about phpBB: phpBBDoctor blog
Still using phpbb2? So am I! Click below for details
Image
calande
Registered User
Posts: 37
Joined: Wed Sep 20, 2006 10:29 pm

Post by calande »

There could be a middle-man, which would be moderators of each forum, for instance if a few guys want to ditch some guy, their request would go to the moderator who, in turn would validate the report and release it to the central server, or reject the report.
Natan
Registered User
Posts: 217
Joined: Wed Dec 03, 2003 3:49 am
Location: Baltimore

Post by Natan »

calande wrote: There could be a middle-man, which would be moderators of each forum, for instance if a few guys want to ditch some guy, their request would go to the moderator who, in turn would validate the report and release it to the central server, or reject the report.

That's what I said above, and will be done on a forum by forum basis, with each individual forum having its own moderators/admin who get these reports. This is a feature in phpBB 3.0, IPB, vBulletin, etc.
"You may only be one person to the world, but you may also be the world to one person."
calande
Registered User
Posts: 37
Joined: Wed Sep 20, 2006 10:29 pm

Post by calande »

Yes, this should help already, but if the daily amount of spam grows dramatically, moderators will have a hard job. With the help of a central server, moderators would help each other and ban on an IP basis.
User avatar
RATT
Registered User
Posts: 734
Joined: Fri Aug 19, 2005 6:27 am

Post by RATT »

yea but we're talkin about millions of boards going, there is noway that a handful group of people would actually sit down from day to day to for countless hours just to review report submissions.
You would have to have these kind of people recruited to start with then hoping they wouldnt get bored with it as time passes from day to day and just start using a ban/or denied ban on everyone report they are gettin from where they're gettin tired of having to go through so many reports.If this was anywhere from 20 to 30 a day i could see that happening but as dratburn has stated, someone could merely follow another individual around from board to board and getting his buddies to follow also and end up getting someone banned for merely spite.
User avatar
drathbun
Former Team Member
Posts: 12204
Joined: Thu Jun 06, 2002 3:51 pm
Location: TOPICS_TABLE
Contact:

Post by drathbun »

What you would have is a "guilty until proven innocent" sort of system, where you could be "banned" quite easily and it would take a major effort to get your permissions back. For that and other reasons, I see a system such as this being extremely difficult to create / monitor / manage.
I blog about phpBB: phpBBDoctor blog
Still using phpbb2? So am I! Click below for details
Image
Locked

Return to “General Discussion”