There's been an awful lot of spambots recently. I have no clue how they manage to bypass both reCaptcha and specific questions tailored for this forum, but I'll be further looking into dispatching them. If anyone experienced with forums has any ideas how to further improve security (besides enforcing that all new accounts must be approved by the administrator), I'd appreciate any help I can get.
Until then, here's how you, as a user, should handle spambots:
Please use the report button when you spot a spambot or otherwise unsavory post. This will make a huge report icon pop up on my screen whenever I browse through new posts, and therefore will alert me to spam bots or other terrible things (that you report).
This is the optimal way of making the staff aware of bad things. Yes!
How to NOT report a spambot:
Before you is the work of a spambot. This spambot. This spambot is an eyesore. It shouldn't exist. I have to post about it.
NO! You don't have to post about it. All that means is that the staff has to not only deal with the spambot, but also clean up your comments and funny remarks afterwards. You also don't have to respond to somebody's spambot comment by telling him that he shouldn't be commenting on spam bots; that just creates a longer chain of posts we have to delete! Please don't do that.
And that's all. Please use the report function and avoid commenting on spam bots so that we can get rid of them as quickly as possible. Thank you for reading!
The Care and Feeding of Spambots
11 posts •
Page 1 of 1
- ividyon
- Administrator
- Posts: 2354
- Joined: 12 Nov 2007, 14:43
- Location: Germany
- Contact:
Subject: The Care and Feeding of Spambots
Post Posted: 29 Nov 2011, 14:45
UnrealSP.org webmaster & administrator
- Mister_Prophet
- Red Nemesis Leader
- Posts: 3099
- Joined: 11 Nov 2007, 23:30
- Location: Lost in Oraghar
Subject: Re: The Care and Feeding of Spambots
Post Posted: 29 Nov 2011, 19:45
Heh, your post made me laugh but I haven't noticed spambots lately. I suppose you must be catching them before I browse.
- UB_
- Nali Priest
- Posts: 7960
- Joined: 11 Nov 2007, 21:00
Subject: Re: The Care and Feeding of Spambots
Post Posted: 29 Nov 2011, 19:51
So much fun reporting!
- salsaSkaarj
- Gilded Claw
- Posts: 1862
- Joined: 21 Apr 2009, 21:54
- Location: on the prowl
Subject: Re: The Care and Feeding of Spambots
Post Posted: 29 Nov 2011, 22:17
Basically, I hardly ever have spambots.
Registration doesn't need admin activation, only confirmation through the link in the activationmail.
Most Captchas and Recaptchas seem to fail a couple of weeks after being widely used (OCR), and making them more difficult to read creates problems for humans also.
From what I have read there are 2 almost failsafe ways to block spambots: 1 is to have captcha questions (a problem in multilingual situations and with not native speakers) or a mathematical equation (using words, not symbols), and 2 having an Audio Captcha (spelling out 2 words) (problem with deaf or hardhearing people).
You could always resort to adding IPs and domains to the banned list (http://www.stopforumspam.com/spamdomainsandips) but it takes a few weeks before new bots are identified.
Still, bear in mind that many so called spambots are in fact humans and won't be stopped by any Catpcha.
A system which I installed on a friend's forum is by having each new registration in the new registrations group (adjust the configurations), once logged in they can only see 1 forum (not visible to users without the necessary privileges ) in which they have to post something about themselves (e.g. answer to WTF do you want from unrealsp.org). Spambots will be recognised immediately (ban them) and so will genuine users (delete them from the new registrations group). Disadvantage is a bit of extra work for the moderators (or admin only). Up to now (configured it ± 6 months ago) no spambot has been able to post in the legit areas (but a couple of spamhumans have).
Registration doesn't need admin activation, only confirmation through the link in the activationmail.
Most Captchas and Recaptchas seem to fail a couple of weeks after being widely used (OCR), and making them more difficult to read creates problems for humans also.
From what I have read there are 2 almost failsafe ways to block spambots: 1 is to have captcha questions (a problem in multilingual situations and with not native speakers) or a mathematical equation (using words, not symbols), and 2 having an Audio Captcha (spelling out 2 words) (problem with deaf or hardhearing people).
You could always resort to adding IPs and domains to the banned list (http://www.stopforumspam.com/spamdomainsandips) but it takes a few weeks before new bots are identified.
Still, bear in mind that many so called spambots are in fact humans and won't be stopped by any Catpcha.
A system which I installed on a friend's forum is by having each new registration in the new registrations group (adjust the configurations), once logged in they can only see 1 forum (not visible to users without the necessary privileges ) in which they have to post something about themselves (e.g. answer to WTF do you want from unrealsp.org). Spambots will be recognised immediately (ban them) and so will genuine users (delete them from the new registrations group). Disadvantage is a bit of extra work for the moderators (or admin only). Up to now (configured it ± 6 months ago) no spambot has been able to post in the legit areas (but a couple of spamhumans have).
- TheIronKnuckle
- Gilded Claw
- Posts: 1967
- Joined: 12 Nov 2007, 07:21
- Location: Riding my bicycle from the highest hill in Sydney to these forums
Subject: Re: The Care and Feeding of Spambots
Post Posted: 30 Nov 2011, 08:33
captchas audio or otherwise might not even be fool proof. apparently there's places in india where the spambots send the captcha and an actual person solves it. Sounds infeasible to me though. surely the amount of spambots is greater than the population of india...
Ignorance is knowing anything
And only idiots know everything
And only idiots know everything
- Buff Skeleton
- >:E
- Posts: 4173
- Joined: 15 Dec 2007, 00:46
Subject: Re: The Care and Feeding of Spambots
Post Posted: 30 Nov 2011, 16:25
TheIronKnuckle wrote:captchas audio or otherwise might not even be fool proof. apparently there's places in india where the spambots send the captcha and an actual person solves it. Sounds infeasible to me though. surely the amount of spambots is greater than the population of india...
Over a billion spam bots? I dunno about that!
- ebd
- Trustee Member
- Posts: 442
- Joined: 05 Apr 2008, 19:08
- Contact:
Subject: Re: The Care and Feeding of Spambots
Post Posted: 01 Dec 2011, 10:10
imo phpbb could use a more convenient way to deal with bots other than "manually ban IP, then administrate user -> delete user & delete posts, then manually delete threads (if they had replies)
This spambot is impossible. It just can't exist. I want to wipe it from my eyes. I want to scream and shove my face into a prehistoric tar pit.
This spambot is impossible. It just can't exist. I want to wipe it from my eyes. I want to scream and shove my face into a prehistoric tar pit.
- salsaSkaarj
- Gilded Claw
- Posts: 1862
- Joined: 21 Apr 2009, 21:54
- Location: on the prowl
Subject: Re: The Care and Feeding of Spambots
Post Posted: 01 Dec 2011, 13:02
ebd wrote:imo phpbb could use a more convenient way to deal with bots other than "manually ban IP, then administrate user -> delete user & delete posts, then manually delete threads (if they had replies)
This spambot is impossible. It just can't exist. I want to wipe it from my eyes. I want to scream and shove my face into a prehistoric tar pit.
There is no forum software which can identify a spambot without an admin doing something. It is either trying to block spambots with captchas, IPlists or lists of browseragents (e.g. indexingbot identification) or trying to identify them with their first post. In the latter case (in the system I used), only one action has to be done: deleting the user (post can be deleted automatically, and topics also), or (in the case the user is not a spambot), removing the user from 1 group).
What sana wants from us is basically the same principle as my system but for the fact that spambots will post in legit areas and that users can respond. Is that a problem? Not for me, but if users can't refrain from showing that they identified a spambot ... then they're just acting as spambots themselves.
- ividyon
- Administrator
- Posts: 2354
- Joined: 12 Nov 2007, 14:43
- Location: Germany
- Contact:
Subject: Re: The Care and Feeding of Spambots
Post Posted: 01 Dec 2011, 13:43
ebd wrote:imo phpbb could use a more convenient way to deal with bots other than "manually ban IP, then administrate user -> delete user & delete posts, then manually delete threads (if they had replies)
Recently I realized that, when you administer users, there's a quick IP-banning tool available in the ACP already. So you could basically do all steps from there (save for the threads).
Anyway, I replaced reCaptcha with Q&A Captcha now, adding a bunch of Unreal-related questions. If any spammers get through those, I'm 100% certain they're actual people, not bots.
UnrealSP.org webmaster & administrator
- redeye
- Banned
- Posts: 1393
- Joined: 08 Dec 2007, 06:55
Subject: Re: The Care and Feeding of Spambots
Post Posted: 29 Dec 2011, 04:52
Questions, yes
those funky letters, no, like trying to explain a Picasso.
those funky letters, no, like trying to explain a Picasso.
Just ban everyone
- TheIronKnuckle
- Gilded Claw
- Posts: 1967
- Joined: 12 Nov 2007, 07:21
- Location: Riding my bicycle from the highest hill in Sydney to these forums
Subject: Re: The Care and Feeding of Spambots
Post Posted: 29 Dec 2011, 08:47
So confused
Ignorance is knowing anything
And only idiots know everything
And only idiots know everything
11 posts •
Page 1 of 1
Who is online
Users browsing this forum: No registered users and 14 guests