Page 1 of 1

The Care and Feeding of Spambots

Posted: 29 Nov 2011, 14:45
by ividyon
There's been an awful lot of spambots recently. I have no clue how they manage to bypass both reCaptcha and specific questions tailored for this forum, but I'll be further looking into dispatching them. If anyone experienced with forums has any ideas how to further improve security (besides enforcing that all new accounts must be approved by the administrator), I'd appreciate any help I can get.

Until then, here's how you, as a user, should handle spambots:

Image

Please use the Image Image Image report button Image Image Image when you spot a spambot or otherwise unsavory post. This will make a huge report icon Image pop up on my screen whenever I browse through new posts, and therefore will alert me to spam bots or other terrible things (that you report).

This is the optimal way of making the staff aware of bad things. Yes!


How to NOT report a spambot:

Before you is the work of a spambot. This spambot. This spambot is an eyesore. It shouldn't exist. I have to post about it.

Image

NO! You don't have to post about it. All that means is that the staff has to not only deal with the spambot, but also clean up your comments and funny remarks afterwards. You also don't have to respond to somebody's spambot comment by telling him that he shouldn't be commenting on spam bots; that just creates a longer chain of posts we have to delete! Please don't do that.


And that's all. Please use the report function and avoid commenting on spam bots so that we can get rid of them as quickly as possible. Thank you for reading!

Re: The Care and Feeding of Spambots

Posted: 29 Nov 2011, 19:45
by Mister_Prophet
Heh, your post made me laugh :lol: but I haven't noticed spambots lately. I suppose you must be catching them before I browse.

Re: The Care and Feeding of Spambots

Posted: 29 Nov 2011, 19:51
by UB_
So much fun reporting!

Re: The Care and Feeding of Spambots

Posted: 29 Nov 2011, 22:17
by salsaSkaarj
Basically, I hardly ever have spambots.
Registration doesn't need admin activation, only confirmation through the link in the activationmail.
Most Captchas and Recaptchas seem to fail a couple of weeks after being widely used (OCR), and making them more difficult to read creates problems for humans also.
From what I have read there are 2 almost failsafe ways to block spambots: 1 is to have captcha questions (a problem in multilingual situations and with not native speakers) or a mathematical equation (using words, not symbols), and 2 having an Audio Captcha (spelling out 2 words) (problem with deaf or hardhearing people).

You could always resort to adding IPs and domains to the banned list (http://www.stopforumspam.com/spamdomainsandips) but it takes a few weeks before new bots are identified.

Still, bear in mind that many so called spambots are in fact humans and won't be stopped by any Catpcha.

A system which I installed on a friend's forum is by having each new registration in the new registrations group (adjust the configurations), once logged in they can only see 1 forum (not visible to users without the necessary privileges ) in which they have to post something about themselves (e.g. answer to WTF do you want from unrealsp.org). Spambots will be recognised immediately (ban them) and so will genuine users (delete them from the new registrations group). Disadvantage is a bit of extra work for the moderators (or admin only). Up to now (configured it ± 6 months ago) no spambot has been able to post in the legit areas (but a couple of spamhumans have).

Re: The Care and Feeding of Spambots

Posted: 30 Nov 2011, 08:33
by TheIronKnuckle
captchas audio or otherwise might not even be fool proof. apparently there's places in india where the spambots send the captcha and an actual person solves it. Sounds infeasible to me though. surely the amount of spambots is greater than the population of india...

Re: The Care and Feeding of Spambots

Posted: 30 Nov 2011, 16:25
by Buff Skeleton
TheIronKnuckle wrote:captchas audio or otherwise might not even be fool proof. apparently there's places in india where the spambots send the captcha and an actual person solves it. Sounds infeasible to me though. surely the amount of spambots is greater than the population of india...

Over a billion spam bots? I dunno about that!

Re: The Care and Feeding of Spambots

Posted: 01 Dec 2011, 10:10
by ebd
imo phpbb could use a more convenient way to deal with bots other than "manually ban IP, then administrate user -> delete user & delete posts, then manually delete threads (if they had replies)

This spambot is impossible. It just can't exist. I want to wipe it from my eyes. I want to scream and shove my face into a prehistoric tar pit.

Re: The Care and Feeding of Spambots

Posted: 01 Dec 2011, 13:02
by salsaSkaarj
ebd wrote:imo phpbb could use a more convenient way to deal with bots other than "manually ban IP, then administrate user -> delete user & delete posts, then manually delete threads (if they had replies)

This spambot is impossible. It just can't exist. I want to wipe it from my eyes. I want to scream and shove my face into a prehistoric tar pit.


There is no forum software which can identify a spambot without an admin doing something. It is either trying to block spambots with captchas, IPlists or lists of browseragents (e.g. indexingbot identification) or trying to identify them with their first post. In the latter case (in the system I used), only one action has to be done: deleting the user (post can be deleted automatically, and topics also), or (in the case the user is not a spambot), removing the user from 1 group).

What sana wants from us is basically the same principle as my system but for the fact that spambots will post in legit areas and that users can respond. Is that a problem? Not for me, but if users can't refrain from showing that they identified a spambot ... then they're just acting as spambots themselves.

Re: The Care and Feeding of Spambots

Posted: 01 Dec 2011, 13:43
by ividyon
ebd wrote:imo phpbb could use a more convenient way to deal with bots other than "manually ban IP, then administrate user -> delete user & delete posts, then manually delete threads (if they had replies)


Recently I realized that, when you administer users, there's a quick IP-banning tool available in the ACP already. So you could basically do all steps from there (save for the threads).

Anyway, I replaced reCaptcha with Q&A Captcha now, adding a bunch of Unreal-related questions. If any spammers get through those, I'm 100% certain they're actual people, not bots.

Re: The Care and Feeding of Spambots

Posted: 29 Dec 2011, 04:52
by redeye
Questions, yes

those funky letters, no, like trying to explain a Picasso.

Re: The Care and Feeding of Spambots

Posted: 29 Dec 2011, 08:47
by TheIronKnuckle
So confused