[Split] Using Advanced Block Mod to Prevent Spam

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Scam Warning
Pony99CA
Registered User
Posts: 4783
Joined: Thu Sep 30, 2004 3:13 pm
Location: Hollister, CA
Name: Steve
Contact:

Re: [Split] Using Advanced Block Mod to Prevent Spam

Post by Pony99CA » Sat Apr 02, 2011 9:37 am

KeyCAPTCHA wrote:
Pony99CA wrote:
Callum95 wrote:I (Of course, I'm not taking human spammers into account there. Q&A will probably block very few human spammers, while blacklists will block more.)
What do you mean under "human spammers?
You think bots acting on their own without humans?
For somebody who can't even handle QUOTE tags correctly, you're talking a lot of trash. :roll:

As a professional software developer for 18+ years, I of course know that people are behind the programs. So obviously a "human spammer" is one interacting directly with the Web site.
KeyCAPTCHA wrote: If you speak about humans not using bots then their productivity is negligible and cost is not economically viable for anybody to pay anything.
Really? Have you ever heard of gold farming? Why can't spammers do the same? Except maybe instead of paying people to get WoW items or level up characters that they can sell, they pay people to link to their sites.

If those sites serve malware (like keystroke loggers, banking Trojans or remote control interfaces), the people funding the operation can make their money back by either setting your PC up in their bot net and renting that out or stealing your identity or cash directly from your bank. Or maybe they just get their sites to the top of Google for fake pharmaceuticals so suckers send them money for junk drugs. ("60 Minutes" recently did a piece on the fake pharma industry.)

Is it just possible that maybe you don't know it all?
KeyCAPTCHA wrote:If you think a little bit, then any SEO biz is spamming because its purpose is to promote something nobody really wants, asks or needs.
That's ridiculous. The legitimate SEO industry (not "black hat" SEO like spamming and link farms) is about getting your Web site to the top of search engines. Why? Because when people search for something, they want their site to be looked at first. As the people are searching for something in the first place, they may well want or need what they're searching for.

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.

User avatar
Marshalrusty
Project Manager
Project Manager
Posts: 29253
Joined: Mon Nov 22, 2004 10:45 pm
Location: New York City
Name: Yuriy Rusko
Contact:

Re: [Split] Using Advanced Block Mod to Prevent Spam

Post by Marshalrusty » Sat Apr 02, 2011 11:18 am

KeyCAPTCHA, I have no idea where you are getting your information, but Dogs and things is right, there really are people getting paid to spam blogs and forums. In most cases, humans only assist automated spam scripts by just solving CAPTCHAs, leaving the actual posting to bots. Again, you can find ads for such jobs all over the internet.

Some of the spam posts submitted to this site (which you don't see because of our moderators) is incredibly targeted and sometimes borderline helpful. Just the other day I saw a post linking to an article on using mod_rewrite in a way that was specifically requested by the topic's author. This was clearly written by a person. I have also had PM exchanges with spammers and those were obviously people.

The economics for this work out just fine, considering the wages of people in some parts of the world.

And as for your question about who is paying for such services, the answer is "everyone". There are sleazy "SEO" and "Marketing" companies at every turn and they market their own services via spam. Unknowing business owners agree to pay them money for exposure, not understanding what these companies do to gain such exposure. I see this all the time with clients who end up blacklisted after a short period of increased traffic. They don't understand why it happened until I explain that they actually employed a company using shady practices like link exchanging and spam.
Have comments/praise/complaints/suggestions? Please feel free to PM me.

Need private help? Hire me for all your phpBB and web development needs

User avatar
callumacrae
Former Team Member
Posts: 2662
Joined: Tue Feb 12, 2008 12:28 pm
Location: London, UK
Name: Callum Macrae
Contact:

Re: [Split] Using Advanced Block Mod to Prevent Spam

Post by callumacrae » Sat Apr 02, 2011 11:19 am

This thread has just turned into a very big flame war :(
[Split] Using Advanced Block Mod to Prevent Spam
~Callum
macr.ae = my website. you probably won't like it.
Proud user ofProud user of

User avatar
Marshalrusty
Project Manager
Project Manager
Posts: 29253
Joined: Mon Nov 22, 2004 10:45 pm
Location: New York City
Name: Yuriy Rusko
Contact:

Re: [Split] Using Advanced Block Mod to Prevent Spam

Post by Marshalrusty » Sat Apr 02, 2011 11:26 am

Callum95 wrote:This thread has just turned into a very big flame war :(
I wouldn't go quite that far.

I'm not sure how helpful this topic will be for someone finding it in the future, but the different kinds of spam techniques and their intricacies and very important when analyzing the effectiveness of various spam-prevention features. With all sorts of unlikely claims flying left and right, I think it's helpful to see who actually know what they're talking about.
Have comments/praise/complaints/suggestions? Please feel free to PM me.

Need private help? Hire me for all your phpBB and web development needs

User avatar
Dogs and things
Registered User
Posts: 2114
Joined: Fri Sep 01, 2006 9:04 am
Location: Spain
Contact:

Re: [Split] Using Advanced Block Mod to Prevent Spam

Post by Dogs and things » Sat Apr 02, 2011 12:38 pm

Callum95 wrote:
Dogs and things wrote:I discovered them because I have a spanish language board and use a picture/Q&A CAPTCHA.
The answer came in select dropdowns, one of ten possible answers was correct. Limit for retry on error was set to 3.

For years this combo kept spam registrations to zero.

Some months ago I noticed how spam registration started to get through.
For a low-cost human spammer it is not very hard to google for answers, if the question is known and simple, more so if the answer is shown in a dropdown list. In my case they had to use google translater, and apparently there are people out there doing this as a job.

I then changed the dropdown select list to a text input field. Users now have to fill in the answer.
This had a devastating effect on the human spam registrations. They fell back to zero.

I feel that having a non-english board definitely gives me an advantage when it comes top fighting spam.
That doesn't sound specifically like a human spammer to me - bots can use google, too :) they've improved a lot recently.

~Callum
You could be right, but, you aren´t. ;)

Because, as I stated, I am using a combination of image and Q&A.

The thing is that the questions are related to the picture.

Like for instance:
- How many stars do you see in this picture?
The answer could be found in a select dropdown with ten possible answers.

A bot would never be able to pick the right one, not even if he has somehow been able to translate the spanish question into his own language. He would not be able to because he would not understand the relation between the question and the correct answer.

I am convinced that one of the trends in modern-day spamming is low-cost humans doing the registration part of the job, and possibly more.

Once the account is created several scenarios are possible:

- Feeding the accounts into a bot that will use them for spamming directly.
- The spammer that created the account starts posting some innocent-looking posts and later come back to edit those, and/or create a signature containing spam.

As I have not kept those accounts active I don´t know what they would have developed into but I guess the second possibility is the most likely.

Mind you, on my board I have limited the time within which a user can edit his posts, require a minimum number of posts before urls can be posted and signatures can´t contain urls before a set number of posts is reached.

This means that it is not easy for human spammers to do any harm.

But as I said before, since I removed the select dropdown and put a text input in it's place I have zero spam registrations and zero spam posts. And that's without account activation. It's register and start posting, without further ado.
For phpBB2 support visit phpBB2refugees.

ckwalsh
Former Team Member
Posts: 1837
Joined: Wed Mar 15, 2006 1:50 am
Location: Seattle, USA
Name: Cullen Walsh
Contact:

Re: [Split] Using Advanced Block Mod to Prevent Spam

Post by ckwalsh » Sat Apr 02, 2011 5:04 pm

If anyone is interested in reading how CAPTCHAs are being bypassed by humans and some of the organization behind it, here's a paper from UCSD describing CAPTCHA economics.
Where to post what | Forum Rules | The Dos and Don'ts of General Discussion
In Seattle and want to meet, chat, or have a coffee? Drop me a PM.

Pony99CA
Registered User
Posts: 4783
Joined: Thu Sep 30, 2004 3:13 pm
Location: Hollister, CA
Name: Steve
Contact:

Re: [Split] Using Advanced Block Mod to Prevent Spam

Post by Pony99CA » Sat Apr 02, 2011 11:26 pm

ckwalsh wrote:If anyone is interested in reading how CAPTCHAs are being bypassed by humans and some of the organization behind it, here's a paper from UCSD describing CAPTCHA economics.
That's an interesting article. I didn't read the whole thing, but section 6 on the workforce contained lots of interesting information.

With the Top 100 "spam helpers" making an average of about $106 per month (before the payout decrease :!: ), I'm not going to give up my day job to solve CAPTCHAs. :lol:

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.

Pony99CA
Registered User
Posts: 4783
Joined: Thu Sep 30, 2004 3:13 pm
Location: Hollister, CA
Name: Steve
Contact:

Re: [Split] Using Advanced Block Mod to Prevent Spam

Post by Pony99CA » Sat Apr 02, 2011 11:28 pm

Marshalrusty wrote:
Callum95 wrote:This thread has just turned into a very big flame war :(
I wouldn't go quite that far.

I'm not sure how helpful this topic will be for someone finding it in the future, but the different kinds of spam techniques and their intricacies and very important when analyzing the effectiveness of various spam-prevention features. With all sorts of unlikely claims flying left and right, I think it's helpful to see who actually know what they're talking about.
I agree that the information is useful, but much of it has nothing to do with the topic (Using the Advanced Block MOD). Maybe we should split this into a new Economics of Spamming topic.

Steve
Silicon Valley Pocket PC (http://www.svpocketpc.com)
Creator of manage_bots and spoof_user (ask me)
Need hosting for a small forum with full cPanel & MySQL access? Contact me or PM me.

User avatar
bonelifer
Community Team Member
Community Team Member
Posts: 3479
Joined: Wed Oct 27, 2004 11:35 pm
Name: William
Contact:

Re: [Split] Using Advanced Block Mod to Prevent Spam

Post by bonelifer » Sun Apr 03, 2011 2:11 am

KeyCAPTCHA, Marshalrusty is completely right. On another forum where I'm an administrator, we get between 1 - 3 posts a month via our Contact US form trying to sell us their SEO services to get our keywords, etc up. None of this has ever been solicited by the forum staff.

Marshalrusty wrote:And as for your question about who is paying for such services, the answer is "everyone". There are sleazy "SEO" and "Marketing" companies at every turn and they market their own services via spam. Unknowing business owners agree to pay them money for exposure, not understanding what these companies do to gain such exposure. I see this all the time with clients who end up blacklisted after a short period of increased traffic. They don't understand why it happened until I explain that they actually employed a company using shady practices like link exchanging and spam.
Knowledge Base | phpBB Board Rules | Search Customisation Database
Image
Please don't contact me via PM or email for phpBB support .

User avatar
KeyCAPTCHA
Registered User
Posts: 66
Joined: Sun Nov 14, 2010 8:32 am
Contact:

Re: [Split] Using Advanced Block Mod to Prevent Spam

Post by KeyCAPTCHA » Sun Apr 03, 2011 10:23 am

Dogs and things wrote:I discovered them because I have a spanish language board and use a picture/Q&A CAPTCHA.
The answer came in select dropdowns, one of ten possible answers was correct. Limit for retry on error was set to 3.

For years this combo kept spam registrations to zero.

Some months ago I noticed how spam registration started to get through.
For a low-cost human spammer it is not very hard to google for answers, if the question is known and simple, more so if the answer is shown in a dropdown list. In my case they had to use google translater, and apparently there are people out there doing this as a job.

I then changed the dropdown select list to a text input field. Users now have to fill in the answer.
This had a devastating effect on the human spam registrations. They fell back to zero.

I feel that having a non-english board definitely gives me an advantage when it comes top fighting spam.
What you wrote really proves that you had stopped unsophisticated,
read - cheap or amateur-made or professional, but very ancient and non-updated (update , again, costs money) - bots which previously managed to directly pass your combobox-captcha without using laundry attacks
Professional bots would still pass it using laundry attack
(which is, outsourcing CAPTCHAs, that they cannot pass, to human solvers sweatshops clueless about origins of captchas).
KeyCAPTCHA prevents laundry attacks.
bonelifer wrote:KeyCAPTCHA, Marshalrusty is completely right. On another forum where I'm an administrator, we get between 1 - 3 posts a month via our Contact US form trying to sell us their SEO services to get our keywords, etc up. None of this has ever been solicited by the forum staff
This proves that it was not done by human spammers.
Human spammers value their time and understand well
that it is a waste of time to spam about something unsolicited

Even if they're human, 1-3 a month is not what create ubiquitous spamming problem
These just underline my thesis - cut off the bots and see results after that
Last edited by KeyCAPTCHA on Sun Apr 03, 2011 10:43 am, edited 1 time in total.

User avatar
callumacrae
Former Team Member
Posts: 2662
Joined: Tue Feb 12, 2008 12:28 pm
Location: London, UK
Name: Callum Macrae
Contact:

Re: [Split] Using Advanced Block Mod to Prevent Spam

Post by callumacrae » Sun Apr 03, 2011 10:41 am

KeyCAPTCHA wrote:What you wrote really proves that you had stopped unsophisticated,
read - cheap or amateur-made or professional, but very ancient and non-updated (update , again, costs money) - bots which previously managed to directly pass your combobox-captcha without using laundry attacks
Professional bots would still pass it using laundry attack
(which is, outsourcing CAPTCHAs, that they cannot pass, to human solvers sweatshops clueless about origins of captchas).
KeyCAPTCHA prevents laundry attacks.
Are you saying that KeyCAPTCHA cannot be outsourced? Of course it can, but the bots do not support it yet. All it would require is for the bots to include JavaScript support, then send the CAPTCHA and inject the corresponding JavaScript calls. I can't really remember exactly how your modification works from when I validated it, but I can guarantee that it can be outsourced. The reason that no boys have JavaScript support at the moment is because there aren't any CAPTCHAs that have a large market share that use JavaScript, and is therefore not cost effective.

~Callum
macr.ae = my website. you probably won't like it.
Proud user ofProud user of

User avatar
/a3
Registered User
Posts: 411
Joined: Sun Sep 19, 2010 9:08 am
Location: /dev/random

Re: [Split] Using Advanced Block Mod to Prevent Spam

Post by /a3 » Sun Apr 03, 2011 10:51 am

KeyCAPTCHA wrote:This proves that it was not done by human spammers.
Human spammers value their time and understand well
that it is a waste of time to spam about something unsolicited

Even if they're human, 1-3 a month is not what create ubiquitous spamming problem
These just underline my thesis - cut off the bots and see results after that
What do you define as spam? What about users that post useless posts only so that the links in their signature are published?

I know for a fact that there are humans that do this. I won't post any examples, but there are a lot of users that specifically do this.


Just FYI, I once was signed up to a forum where there was a user who was a regular. He/she seemed alright, but there was something that wasn't right. I eventually search his/her username on the internet and found out that he/she was offering to post x number of posts on websites for money. The board which I was registered to was obviously one of these websites. :x
$ git commit -m "YOLO"

User avatar
KeyCAPTCHA
Registered User
Posts: 66
Joined: Sun Nov 14, 2010 8:32 am
Contact:

Re: [Split] Using Advanced Block Mod to Prevent Spam

Post by KeyCAPTCHA » Sun Apr 03, 2011 10:59 am

/a3 wrote:
KeyCAPTCHA wrote: I know for a fact that there are humans that do this. I won't post any examples, but there are a lot of users that specifically do this
Then, most participants in IT forums (like msdn-forums, forums.asp.net) are spammers.
Most of them, including MVP, reputed users, moderators, users with thousands posts,
have signatures with 1-5 links in them

Including the participants of this thread

User avatar
callumacrae
Former Team Member
Posts: 2662
Joined: Tue Feb 12, 2008 12:28 pm
Location: London, UK
Name: Callum Macrae
Contact:

Re: [Split] Using Advanced Block Mod to Prevent Spam

Post by callumacrae » Sun Apr 03, 2011 11:09 am

KeyCAPTCHA wrote:
/a3 wrote:
KeyCAPTCHA wrote: I know for a fact that there are humans that do this. I won't post any examples, but there are a lot of users that specifically do this
Then, most participants in IT forums (like msdn-forums, forums.asp.net) are spammers.
Most of them, including MVP, reputed users, moderators, users with thousands posts,
have signatures with 1-5 links in them

Including the participants of this thread
Nah, theres a difference between posting useful stuff with a link in your sig and posting with the express purpose of spreading your link.

~Callum
macr.ae = my website. you probably won't like it.
Proud user ofProud user of

User avatar
KeyCAPTCHA
Registered User
Posts: 66
Joined: Sun Nov 14, 2010 8:32 am
Contact:

Re: [Split] Using Advanced Block Mod to Prevent Spam

Post by KeyCAPTCHA » Sun Apr 03, 2011 11:21 am

Callum95 wrote:Are you saying that KeyCAPTCHA cannot be outsourced?
Yeap
This was discussed before so many times
(even with volunteers who promised to practically outsource it),
so lengthily (some for many weeks) that I'm really allergic to this topic.

Unfortunately, almost all exhausting (and bitter battled) discussions
(on impossibility to outsorce KeyCAPTCHA) were in Russian

Interested for references for discussions,
about (im)possibilities of outsourcing KeyCAPTCHA, in Russian?

Anyway, open a separate thread with this question if you are interested to discuss it
because, from my previous experience, I assure it will be quite a discussion with the necessity of many follow-up splits.

Update:
Doesn't
Callum95 wrote: I can guarantee that it can be outsourced
contradict to:
Callum95 wrote:The reason that no boys have JavaScript support at the moment is because there aren't any CAPTCHAs that have a large market share that use JavaScript, and is therefore not cost effective
Let me just to repeat again:
  • currently KeyCAPTCHA cannot be passed with any of existing bots
    including those that outsouce captchas to 3d party humans solvers.
  • KeyCAPTCHA is designed to meet any future advances in spamming technologies, including possibility to replace its type without necesity of old plugin reinstall
Last edited by KeyCAPTCHA on Sun Apr 03, 2011 12:59 pm, edited 3 times in total.

Post Reply

Return to “phpBB Discussion”