Forums spam bombing - suggestion

Showing 1-71 of 71 messages
Forums spam bombing - suggestion Martimiz 12/1/13 1:46 AM
Hi guys,

Yesterday I removed 91 spams from the SilverStripe forums. This morning, after breakfast, another 32. i know that other moderators are battling alongside. This time it's basically the same person, creating an account, posting 20 to 30 messages, come back sometime later and start again.

In cases like this, where it is obvious this person doesn't post anything serious, we could really use a link in the account settings where we could mark all this users' posts as spam in one go...

I'm not at all familiar with the forum module, would this be acceptable/doable?

Martine

Re: [silverstripe-dev] Forums spam bombing - suggestion Olli 12/1/13 2:34 AM
That doesnt help in the log run.

IMHO the only way to combat spam bots is add caphca, honeypot fields or require confirmation Upon registration.
 
You could add the chckbox or remove user permissions but that still requires moderation and whit a bot spamming you are the only losing time ;)..

:o

Lähetetty iPadista

> Martimiz <mart...@gmail.com> kirjoitti 1.12.2013 kello 11.46:
> Martine
>
> --
> You received this message because you are subscribed to the Google Groups "SilverStripe Core Development" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to silverstripe-d...@googlegroups.com.
> To post to this group, send email to silverst...@googlegroups.com.
> Visit this group at http://groups.google.com/group/silverstripe-dev.
> For more options, visit https://groups.google.com/groups/opt_out.
Re: [silverstripe-dev] Forums spam bombing - suggestion Ingo Schommer 12/1/13 4:14 AM
Hey guys, 

we do both captchas and honeypots already.
Does anybody have experiences how well email confirmations
work to combat spam? In my mind it shouldn’t be a big problem to overcome for spammers either.
Does anybody have recent research on the effectiveness of Recaptcha?
I can’t decide if its just people signing up manually (~30/day would be possible),
or if they’re actually cracking the captcha and we should look for a better alternative.

I think a batch-marking of spam for a specific account would be a great
feature for the forum module, and I’ll happily deploy that onto ss.org.
Anybody keen to write a pull request? Keep in mind it needs to be 2.4 compatible,
since we haven’t upgraded ss.org to 3.x yet - shoemakers own shoes…:D.

Ingo

P.S.: I’ve been talking about this issue with our community manager Cam as well yesterday.


To unsubscribe from this group and stop receiving emails from it, send an email to silverstripe-dev+unsubscribe@googlegroups.com.

To post to this group, send email to silverst...@googlegroups.com.
Visit this group at http://groups.google.com/group/silverstripe-dev.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [silverstripe-dev] Forums spam bombing - suggestion Martimiz 12/1/13 8:32 AM
I'm not sure if this really is a bot. A new batch came in over a period of about 30 mins, that were minutes apart, so either a slowbot or some individual. in the latter case email confirmatin/honeypot won't really work... Recaptcha might, just because it is sooo annoying :)

 That button shouldn't be so very hard to accomplish - basically a copy of the one in the forum post, with an extra bit of query added...

Martine




Op 1 dec. 2013 om 13:14 heeft Ingo Schommer <in...@silverstripe.com> het volgende geschreven:

Re: [silverstripe-dev] Forums spam bombing - suggestion Ralph Slooten 12/1/13 8:54 AM


On 2/12/2013 1:15 am, "Ingo Schommer" <in...@silverstripe.com> wrote:
> I can’t decide if its just people signing up manually (~30/day would be possible),
> or if they’re actually cracking the captcha and we should look for a better alternative.

Generally a fairly reliable way to tell would be to look in the web server's log files. Look for things like the time between actions. If a "person" is signing up and submitting all within seconds then it's probably automated. Another telltale is repeated fast form submissions where captcha fields are present (fail &  retries). Another telltale is changing ips in a spamming session and/or the use of the Tor network.

I also find it hard to believe their ip isn't registered on the httpbl database (they are pretty good),  but you could also integrate with the stopforumspam database too (simple api) for things like sign up page. It may first pay though to do a manual check of the ip (or ips) of this spammer first.

Cheers,
Ralph

Re: [silverstripe-dev] Forums spam bombing - suggestion Cameron Spiers 12/1/13 2:46 PM
I'm wondering what the text based content within the posts looks like? How obvious is it that it is spam?

I have been working on a classifier written in PHP for some time, and I have recently deployed it to combat spam in a SilverStripe site with good success.

Classification works by putting existing content into categories, (e.g. spam, ham) and using that content to train the classifier. The trained classifier can then be used to classify new content into a category. It is the same type of approach that most email providers use to combat spam. 

Whether or not this particular library is the right approach, I recommend having a look into using classification to deal with spam. It is less intrusive to the user (e.g. no captcha) and offers flexibility with how you use it.

Cam




--

Cameron Spiers Senior Developer
Ph. 04 831 5130   heyday.co.nz

Heyday is a digital agency based in Wellington, New Zealand. It employs 35 staff and drives the online presence of brands through insight, ideas, design, delivery and improvement. Clients include Weta, Meridian Energy, GIB, Ecoya, ANZ, Trilogy, Gallagher Group and Z Energy. Please visit our website for further information.





--
You received this message because you are subscribed to the Google Groups "SilverStripe Core Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to silverstripe-d...@googlegroups.com.
To post to this group, send email to silverst...@googlegroups.com.
Visit this group at http://groups.google.com/group/silverstripe-dev.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [silverstripe-dev] Forums spam bombing - suggestion swaiba 12/2/13 1:34 AM
Hi Cam,

It is so obvious it is spam it is ridiculous... but as I messaged Ingo the worst part is that it is *no longer* restricting their account after I mark them as a spammer.
That drains my motivation to mark them as spam as I just see the user I've just marked as a spammer continue to spam.

Fix that please before adding anything fancy.
Re: Forums spam bombing - suggestion schellmax 12/2/13 2:19 AM
slightly off topic, but at this point i'd just like to repost my suggestion on moving Q&A topics over to stackoverflow.com (instead of struggling with forum issues?). it's so much easier to get an overview of relevant information (say, accepted/upvoted answers/comments...)
Re: [silverstripe-dev] Forums spam bombing - suggestion Martimiz 12/2/13 2:39 AM
Hi Cam,
as Swbaiba says: it is really really really obvious, see description bjelow. Confirmed: accounts are no longer suspended!!!!! (also on 'mark as spam' the page no longer redirects, maybe the bug stems from there). You guys really need to help us out here,, because this is definitely tno lunger funny :(

- one account, 16 to 32 posts
- title plus long story about non silverstripe issue
- a jpg download
- some sort of e-mailaddres
- no links

We used to have others before, like kitchenguy:
- one account, one post (zillion times)
- one (or two) links

Or others:
- one account, 1 post
- zillion links

Or answers to old posts (not so often)

Martinep

Re: [silverstripe-dev] Forums spam bombing - suggestion swaiba 12/2/13 4:14 AM
>>You guys really need to help us out here,, because this is definitely tno lunger funny :(

Seconded - it is indeed NOT funny to see the spammers adding more and more messages from the same accounts that I've just marked50+ posts as spam :( :(
Re: [silverstripe-dev] Forums spam bombing - suggestion swaiba 12/2/13 6:22 AM
Does anybody have experiences how well email confirmations
work to combat spam?

Marijn Kampf created a module for this...
Re: [silverstripe-dev] Forums spam bombing - suggestion Ingo Schommer 12/2/13 9:19 AM
Hey guys, 

had a bit of a look in the ss.org logs and DB:
In the last 48h, there were 935 registration form submissions
resulting in 6 signups, two of which were identified by stopforumspam.org
and subsequently blocked.

Most of these submissions will be bots, and a few
of them have dozens of requests coming from the same IP.
None of those excessive repeated signup attempts did actually 
make it through though, judging from the IPs tracked for registration. 

So my hunch is that we’re dealing with manual spammer signups here,
which won’t be defeated by honeypots or captcha. To confirm that
would require a larger sample set than 48h, but I don’t have time for that. Maybe Cam F. does?

I doubt that email verification will hinder spammers either,
or has anybody had good success with that measure?

Content classification sounds interesting, but we’d need
somebody in the community to own getting this working
and fine tuning the training. Cam S., how much processing
time does it use? Unfortunately we don’t have good spam
training data since we delete spammy posts rather than just flag them.
That’d be a first step I guess: Implement post flagging + filtering in 
the forum module (or store the spam content somewhere before deletion).

@Martimiz: Member suspension by clicking “Mark as spam” on a page
still works for me, do you have a specific example where it didn’t work for you?
Can you send me a link to your member profile on ss.org so I can check your permissions?

Ingo

--
You received this message because you are subscribed to the Google Groups "SilverStripe Core Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to silverstripe-d...@googlegroups.com.
To post to this group, send email to silverst...@googlegroups.com.
Visit this group at http://groups.google.com/group/silverstripe-dev.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [silverstripe-dev] Forums spam bombing - suggestion Martimiz 12/2/13 9:49 AM
@ingo:
 it hasn't been working for me the last 200+ times or so, first noticed it the day before yesterday. It used to, but doesn't anymore. Same goes for swaiba.

Link to my profile: http://www.silverstripe.org/ForumMemberProfile/show/3377

as I said before, this is most likely a manual spammer, judging by the time intervals at least.

Re: [silverstripe-dev] Forums spam bombing - suggestion Simon Welsh 12/2/13 8:22 PM
I’m also seeing that the accounts aren’t being suspended and the page isn’t redirecting. I’m getting a 500 when marking something as spam (URL: http://www.silverstripe.org/upgrading-silverstripe/markasspam/326232). My ID’s 480.
>--
>You received this message because you are subscribed to the Google Groups "SilverStripe Core Development" group.
>To unsubscribe from this group and stop receiving emails from it, send an email to silverstripe-d...@googlegroups.com.
>To post to this group, send email to silverst...@googlegroups.com.
>Visit this group at http://groups.google.com/group/silverstripe-dev.
>For more options, visit https://groups.google.com/groups/opt_out.
>

---
Simon Welsh
Admin of http://simon.geek.nz/
Re: [silverstripe-dev] Forums spam bombing - suggestion Ingo Schommer 12/3/13 3:18 AM
Alright, think I’ve tracked this down. We’ve installed a module to track
errors through raygun.io on the 20th of November, and the error reporting
had a bug (how meta…). I’ve signed up with a test spam and test moderator
account, and confirmed I can mark users posts as spam and actually suspend them.
Once you hit more spam, would be cool if you can quickly respond here if that
fixes it for you as well. Sorry for the inconvenience here, I think this calls
for some Behat tests ;) But first we’d need to upgrade ss.org to 3.x...
Re: [silverstripe-dev] Forums spam bombing - suggestion Martimiz 12/3/13 4:19 AM
That's great! Will do.

Btw: there is one thing I have absolutely never seen, and that's a user that poses a serious question or two, and then starts spamming like this. So i personally think there would be nothing against removing all messages from the thread (be it temporary) for users that are marked as spam. 

For users that do spam a bit by accident, you could just delete the offending message. 

Questions: 

- why can moderators delete entire messages, but not edit them to maybe remove an offending bit, but leave the good bit of a post intact?

- When this spamming situation comes up, lots of people respond by saying we should abandon the forums for StackOverflow. What are your thoughts on this matter?

Martine




Op 3 dec. 2013 om 12:18 heeft Ingo Schommer <in...@silverstripe.com> het volgende geschreven:

Re: [silverstripe-dev] Forums spam bombing - suggestion Martimiz 12/3/13 5:24 AM
@ingo: yep, it is working again :) thanks!
Re: [silverstripe-dev] Forums spam bombing - suggestion Martimiz 12/3/13 5:24 AM
Re: [silverstripe-dev] Forums spam bombing - suggestion Cam Findlay 12/3/13 12:28 PM
@ingo, thanks for sorting this. Finally have had time to chime in on this (still finding my feet in this new role, lots going on!).

Please keep any spam related stuff on my radar so I can look to advocate for more resource on ss.org improvements (as well as looking at ways we can work on it more as a community :) ).

Agree... we need to make a move to 3.x as a move towards greater ss.org improvements.

Behat tests... I approve :)
Re: [silverstripe-dev] Forums spam bombing - suggestion Cam Findlay 12/3/13 12:44 PM
@Martimiz, 

Here are my thoughts on your questions:

- why can moderators delete entire messages, but not edit them to maybe remove an offending bit, but leave the good bit of a post intact?

Suspect that we just simply don't have this functionality in the forum module, raises a bigger question of where could we take future versions of the forum module.
I wonder if it is possible to allow edit access in a certain security group in the backend? something to find out about, Ingo any ideas?


- When this spamming situation comes up, lots of people respond by saying we should abandon the forums for StackOverflow. What are your thoughts on this matter?
I am in two minds on this and actually can see merits of both. Dropping the forum module on ss.org also means we are not 'eating our own dog food' so to speak. It is also nice to have a clear place to go for new people coming into the community, we welcome them in rather than telling them to go elsewhere to talk to people about their silverstripe cms related issues.

I think there is place for both, however I would like to see a few things for the forum module such as being able to mark the version number of SS that the post refers to, marking posts as an accepted answer and an improved advanced search/filtering (I have been receiving feedback to this effect from a few community members via the comm...@silverstripe.org email). 

Strategically though I think we need to get to 3.x version of stable code first to make working on improvements more inline with where SS CMS is now and valuable to the community in terms of any resulting code contributions. 

I grew up on a diet of 2.3/2.4 but would really like to have a taste of 3.x on our community site.

Just a few thoughts there anyway, nothing set in stone as I would like to start a dialog and work with the community and SilverStripe internally to get a workable set of steps forward in the new year.


Thanks mods that got onto the spam recently too... I know how much of a pain it is (I jumped in and cleaned a bunch too) and I really appreciate it :)

I'm checking a number of channels at the moment which can get a bit info overload so if there is anything you think should really be on my radar please tweet, private message, email me to keep me aware.


Love your work ++100

'Community' Cam Findlay
Re: [silverstripe-dev] Forums spam bombing - suggestion Martimiz 12/4/13 1:13 AM
I get what you're saying, and I kind of hover in that direction too. Still - this morning again 107 spams removed during breakfast, one account had 57 spamming posts, so that option to remove all at once would have really made a difference.

One other detail: the rss feed is still caching yesterdays removals, so that's no longer usable to track spams

Martine

Re: [silverstripe-dev] Forums spam bombing - suggestion Ingo Schommer 12/4/13 4:07 AM
The relevant “markasspam” feature is here: https://github.com/silverstripe/silverstripe-forum/blob/0.4/code/Forum.php#L574
The phpdoc is actually inaccurate, but deleting all posts seems to have been the original intention of the feature.

I think for that to happen we need one of the two additions to the forum module:
- A confirmation screen with a list of all posts about to be deleted (eaiser = my preference)
- “Soft deletes” of forum posts where we just set Deleted=1 and filter them out everywhere.
Otherwise its just too easy to mistakenly click “mark as spam” on a valid user,
e.g. in Will’s case that’d delete his entire 5500 posts, which will be very hard to restore.

As usual, its mostly a matter of somebody actually sending a pull request for it (with tests).
Waiting until a shift to 3.x is putting unnecessary blockers in the way, that’s not going
to happen soon since we need to migrate a lot of custom code on ss.org,
and any upgrade work will likely be tied to our long-planned ss.org restructuring.

RSS caching is set up to 1h (see ForumHolder_Controller->rss()). 
Do you see it being cached for longer than that?
Cam, could you find out if Nginx is doing some caching on top of that?

Ingo 

--
You received this message because you are subscribed to the Google Groups "SilverStripe Core Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to silverstripe-d...@googlegroups.com.
To post to this group, send email to silverst...@googlegroups.com.
Visit this group at http://groups.google.com/group/silverstripe-dev.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [silverstripe-dev] Forums spam bombing - suggestion Martimiz 12/4/13 5:26 AM
@ingo
Oh yes :( Maybe a remove-all isn't such a good idea after all. It's real easy to push that link, happens to me on ipad by just accidentally moving my thumb - at that point your'd be one click away from disaster. A slight panic, and aaaargh... You'd have to trust your moderators an awful lot :)

Maybe astrologer-guy will give in at some time. We've neve before had a moron like this...

The cache has been refreshed. Maybe it's just my problem with new zealand time again, where your yesterday isn't mine. Since all 'yesterday' posts were deleted, I assumed...

Martine



Op 4 dec. 2013 om 13:07 heeft Ingo Schommer <in...@silverstripe.com> het volgende geschreven:

Re: [silverstripe-dev] Forums spam bombing - suggestion swaiba 12/4/13 7:25 AM
Hi,

thanks for fixing the mark spam issue Ingo! :)

regarding the mass deletion - I was under the impression that the post never actually gets deleted - as martine pointed out previously with kitchen - but now you coudl see with http://www.silverstripe.org/search/?q=baba 
it being the case that they are not deleted the confirmation page could be more of an "undo" page - just reporting on what you have just done (e.g. posts where markedas spam and DATE(lasteditted) = DATE(NOW()) or something a bit tighter)

I'll have a go if there is exact information on the code to use and I'd obviously prefer to do it for SS3 only
Re: [silverstripe-dev] Forums spam bombing - suggestion Simon Welsh 12/4/13 9:52 AM
They're deleted. The search is a google custom search, so you need to wait for google to purge them from its index before they stop showing up. 

Sent from my phone
Re: [silverstripe-dev] Forums spam bombing - suggestion Martimiz 12/13/13 1:21 AM
Just to let you know: this is still going on, day by day. Just removed another 90. Is there really nothing that can be done in this special case? Filter on some words maybe? Just call the guy and shout at him?  it's really getting stale :(

Martine

Re: [silverstripe-dev] Forums spam bombing - suggestion Daniel Hensby 12/13/13 1:22 AM

Sorry to join this party late, but maybe mollom would help as it actually analyses the content of the submissions and then shows the captcha if it's ambiguous or straight rejects certain spam.

Dan

On 13 Dec 2013 09:21, "Martimiz" <mart...@gmail.com> wrote:
Just to let you know: this is still going on, day by day. Just removed another 90. Is there really nothing that can be done in this special case? Filter on some words maybe? Just call the guy and shout at him?  it's really getting stale :(

Martine

--
You received this message because you are subscribed to the Google Groups "SilverStripe Core Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to silverstripe-d...@googlegroups.com.
To post to this group, send email to silverst...@googlegroups.com.
Visit this group at http://groups.google.com/group/silverstripe-dev.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [silverstripe-dev] Forums spam bombing - suggestion Daniel Hensby 12/13/13 1:23 AM

Also, perhaps this guy's account has been compromised, why not force a password change?

Dan

Re: Forums spam bombing - suggestion Ingo Schommer 12/13/13 1:36 AM

Which guy are we talking about here? (forum profile URL)
I suppose you marked some of his posts as spam already,
so they should have a SuspendedUntil date set in the database
and no longer be allowed to post.

In general, when you suspect bugs in the forum operation,
can you please try to reproduce them on a clean install
with the forum module and see if you can patch anything?
In this case on a 2.4 install with forum 0.4.

I'm hesitant to put an external service dependency like Mollom
onto every forum post submission. We had pretty mixed experience with its
availability, its a free service after all. And its free offering of 50 legitimate posts
per day would artificially limit our throughput on the forums.
We could limit it to first posts only, but given the spammers can
already get around the pretty sophisticated Recaptcha I don't think that'll detract them.

Thanks
Ingo

Re: Forums spam bombing - suggestion Daniel Hensby 12/13/13 3:07 AM
Mollom is only free if you choose the free option.

Any effective anti-spam system that uses crowd sourced machine learning to identify spam(mers) is going to come with a price.
Re: Forums spam bombing - suggestion swaiba 12/13/13 7:09 AM
Which guy are we talking about here? (forum profile URL)

multiple, now they are creating profiles and posting ~30 messages at a time about "baba magic love skills" or whatever - if you look at the forum roughly every 3/4 hours you will see them

>>Just removed another 90

 
I've also removed around that number today

>>In this case on a 2.4 install with forum 0.4.

great so if I make any patch for this you'll review - as previously said I cannot/will not do phpunit sorry

I think that something to limit you to x posts would be step one, but something better like Cam was suggesting "classifying" posts would work in combo with this
e.g. if nothing flags then let them post
but if they mention a certain web address, email or telephone number (as all the serious spammers seem to) then this along with x posts per day on signup would get rid of this really annoying cases


Re: [silverstripe-dev] Re: Forums spam bombing - suggestion Dan Rye 12/13/13 7:14 AM
What about new account posts have to be approved by a moderator?  I don't know the volume of new accounts, but 1/new account seems better then 30/new account.

Dan



--
You received this message because you are subscribed to the Google Groups "SilverStripe Core Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to silverstripe-d...@googlegroups.com.
To post to this group, send email to silverst...@googlegroups.com.
Visit this group at http://groups.google.com/group/silverstripe-dev.
For more options, visit https://groups.google.com/groups/opt_out.

Re: Forums spam bombing - suggestion Opticblaze 12/13/13 2:25 PM
Hi Guys,

I was wondering if normal forum members cant help with the spam issue. What about creating a voting button that every forum user can click if he thinks a post is a spam. We then set a threshold lets say if a post registers 10 spam votes for example, then the system generates a list which i think will be easier to manage. It will still rely on moderators but because more of us are able to help notify the admins/moderators i think it might make your work a bit easier. I suppose we could even run a fancier query that check if the same account has been flagged in multiple posts for spam by multiple users. If you really want to pimp the system out you give normal forum members with a certain amount of good posts under their belt the ability to have a weighted vote. So forum members who have completed their profile and posted at least 30 posts gets 2 votes, forum members with more than 100 posts get 3 votes and so on. The more active you are in the community the more responsibility you will be given.... just an idea






On Sunday, December 1, 2013 11:46:06 AM UTC+2, Martimiz wrote:
Hi guys,

Yesterday I removed 91 spams from the SilverStripe forums. This morning, after breakfast, another 32. i know that other moderators are battling alongside. This time it's basically the same person, creating an account, posting 20 to 30 messages, come back sometime later and start again.

In cases like this, where it is obvious this person doesn't post anything serious, we could really use a link in the account settings where we could mark all this users' posts as spam in one go...

I'm not at all familiar with the forum module, would this be acceptable/doable?

Martine

Re: Forums spam bombing - suggestion Opticblaze 12/14/13 12:08 AM
Adding to my previous post..... if normal members could vote it  would be easy to target a guy like this: http://www.silverstripe.org/ForumMemberProfile/show/38278

We could just vote the whole profile as a spam profile and then delete all his posts in one shot instead of one by one
Re: Forums spam bombing - suggestion Ingo Schommer 12/15/13 1:48 PM
Voting would be a great addition to the forum, but it strikes me as an afterthought for this situation. If a spammer has gotten dozens posts on the forum already, the damage is done in terms of cluttering the user experience for legitimate users. We'll need a reasonable amount of votes (3-10 depending on status) before blocking a user, I think by the time we have those votes a moderator could've already sorted things out.

Approval by moderator sounds really annoying from a user perspective: You sign up because you have a question, and you want that question seen and ideally answered right now. Even waiting for 30min approval is a significant dent in this experience IMHO. And we're a small community, so any more busywork added for the few moderators mean they have less bandwidth to deal with other things like sending pull requests, answering forum posts, etc.

Flood control (limiting number of posts by new users) sounds like the best straightforward idea to me. Most users will start out with a single post after registration.
Anything beyond 3-5 posts is an anomaly that we could catch by asking users to contact moderators directly. Anybody keen to write this feature?

@swabia: Thanks for patching! Are there any specific blockers in terms of getting started with PHPUnit that I can help with?
We'd really prefer stuff to be tested, but given the situation any code is a good starting point.

Thanks
Ingo

On Saturday, December 14, 2013 9:08:21 AM UTC+1, Opticblaze wrote:
Adding to my previous post..... if normal members could vote it  would be easy to target a guy like this: http://www.silverstripe.org/ForumMemberProfile/show/38278

We could just vote the whole profile as a spam profile and then delete all his posts in one shot instead of one by one
Re: Forums spam bombing - suggestion Opticblaze 12/15/13 10:39 PM
@Ingo,

Ok makes sense....
1) What about at least giving forum members the ability to flag in-appropriate posts, that should help moderators target these guys quicker?
2) Flood control sounds like an excellent idea


Re: [silverstripe-dev] Re: Forums spam bombing - suggestion Simon Welsh 12/15/13 10:47 PM
From my point of view, the problem isn't discovery (which is what a flagging system's for) but removing a large amount of posts from a single user. Rate limiting or a "delete all posts" button on a profile would be much more useful. 

Sent from my phone
--
You received this message because you are subscribed to the Google Groups "SilverStripe Core Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to silverstripe-d...@googlegroups.com.
To post to this group, send email to silverst...@googlegroups.com.
Visit this group at http://groups.google.com/group/silverstripe-dev.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [silverstripe-dev] Re: Forums spam bombing - suggestion Will Rossiter 12/16/13 7:47 PM
Ingo / Cam with access to the live database might be able to answer this but how many posts per week are from new users (i.e first posts). If it's 3-5 then I think your first post could be moderated. If your first post has not been moderated yet then you cannot post another message. Mod's would just need to approve that users first post to have it appear on the site which I'm sure is a small list. Also allows the mods a chance to review common issues that are first coming in.
Re: [silverstripe-dev] Re: Forums spam bombing - suggestion Dan Rye 12/16/13 7:51 PM
Will, that is what I was suggesting, though your description is a bit more clear.  I do like Ingo's idea of rate limiting, perhaps you can only post one new post within 24 hours of creating a new account.  I'd imagine this will just increate the number of bad accounts being created.

Dan

Re: [silverstripe-dev] Re: Forums spam bombing - suggestion Martimiz 12/17/13 6:17 AM
From my moddy experience, the overall amount of spam on the forums  has typically been small and not hard to manage (which says nothing about the future I know). I hope with available (third party) tools they can be filtered out even further. It's just that this last guy is such a pain...

We've two types of multi-spammers: multiple-accounts-one-message-each,  like kitchenguy a while ago, and multiple-accounts-multiple-messages, like the current  Indian astrologer. In both cases though, the messages have always been really similar, so if they come through, once spotted, they could easily be filtered out for the future using some list (that a mod could maybe add to).

Then to remove what has been posted. In the situation of multiple posts per account, we would be helped with that button to remove all remaining spam for an account. To prevent erasing all Will's 5000+ posts by accident, as Ingo fears might happen, the button could be placed in the user account, appear only after the account has been suspended already, and remove a max number of posts, starting with the oldest to cause least damage. A very basic practical solution that would have saved an awful lot of time - in this case.

I hope we can stay away from options that restrict first time users still. To me  the forums are formost a low-level first stop for new silverstripe users, trying to get in touch with core devs and the community. In that way they may have a role in building the community. To put restrictions here would not appear very friendly and might even send them away again. QuestIons are often answered within just a couple of hours. For me that's a great thing and I personally would really like to keep it that way! And with something like the above, i think we could keep spam under control for now.

Also, when first posts are to be approved first: please consider that mods are not always 'on duty' and working hours may or may not overlap, I think a couple of the  mods listed aren't even active any more. Once you implement this, you'd have to make sure all post are always(!) moderated within a strict timeframe.

Martine

Re: [silverstripe-dev] Re: Forums spam bombing - suggestion swaiba 12/17/13 8:47 AM
@ingo

Thanks for the offer of help - that applies to windows 7 machines? (or maybe win 8 if santa comes early)
My issue has been that, in the past whenever I've tried, the instal through PEAR is arkward (and fails), then the silverstripe wrapper is incompatible with the verion of PHPUnit I've eventually got running.

I am considering going direct to UNIX now web dev is my life, and I've no qualms it installs / runs fine on there

@martimiz

Yes I agree the main worry is that all the posts get lost.
I was thinking that I could just read the posts before deleting, serialize and gzcompress and store in a "rollback" table
then these could always been restored if there was a serious mistake

but I also agree that "mark ALL as spam" should be conceptually at a different point and on the he profile, after account suspended sounds perfect

what do you think?
Re: [silverstripe-dev] Re: Forums spam bombing - suggestion Martimiz 12/18/13 1:06 AM
HELP :(

Indian guy has now posted 94 spams on one account: http://www.silverstripe.org/ForumMemberProfile/show/38336

To remove means some 400+ page requests, which is slowly costing me my indexfinger... Anyone with access to the backend/database willing to pick this up? Please?

Martine

Re: [silverstripe-dev] Re: Forums spam bombing - suggestion Martimiz 12/18/13 2:56 AM
Ok, I decided not to wait because the forums were basically rendered unusable. i removed a grand total of 219 similar spam messages from 10 accounts (lastnight,this morning only), which took some effort. Unless this stops soon, the question whether we should or shouldn't keep the forums alive might become obsolete real soon I fear.

Enough for today for me anyway,

Martine

Re: [silverstripe-dev] Re: Forums spam bombing - suggestion weberho 12/18/13 6:23 AM
I don't think, the messages are posted manually; Posting is too quick, I think (see /ForumMemberProfile/show/38345 ).

I have made good experiances adding a visible field named URL which is hidden per CSS. Robots usually post data in this field; Revoking this posts prevents lots of messages to be posted.

Another simple method is to add a very simple calculation to the form that must be solved by the user to allow posting.

Both methods are very easy to implement and helps a lot.

Best regards,
Johannes

Am 18.12.2013 11:56, schrieb Martimiz:
> Ok, I decided not to wait because the forums were basically rendered unusable. i removed a grand total of 219 similar spam messages from 10 accounts (lastnight,this morning only), which took some effort. Unless this stops soon, the question whether we should or shouldn't keep the forums alive might become obsolete real soon I fear.
>
> Enough for today for me anyway,
>
> Martine
>

--
Johannes Weberhofer
Weberhofer GmbH, Austria, Vienna
Re: Forums spam bombing - suggestion Ingo Schommer 12/19/13 3:08 PM
Just a quick status update: I've integrated https://github.com/mateusz/silverstripe-qacaptcha into forum post submissions,
which should stop automated responses by requesting answers to questions like "What's the third letter in 'SilverStripe'?".
Less annoying to fill out than Recaptcha, right? We could even remove that captcha if a user has more than X posts (so is validated).
It'll make the investment per post higher for spammers, and if we do the questions right won't be able to be automated easily.

Cam is currently testing this approach, and wants to get help in styling it tomorrow at the hackfest.
We could also use some sample questions - anybody keen to write some? They should be easy, unambiguous
and ideally geared towards the SilverStripe or PHP space. Please send them to Cam/me via email rather than
posting here, we don't want to make it too easy for spammers, right? ;)

Ingo


On Sunday, December 1, 2013 10:46:06 AM UTC+1, Martimiz wrote:
Hi guys,

Yesterday I removed 91 spams from the SilverStripe forums. This morning, after breakfast, another 32. i know that other moderators are battling alongside. This time it's basically the same person, creating an account, posting 20 to 30 messages, come back sometime later and start again.

In cases like this, where it is obvious this person doesn't post anything serious, we could really use a link in the account settings where we could mark all this users' posts as spam in one go...

I'm not at all familiar with the forum module, would this be acceptable/doable?

Martine

Re: Forums spam bombing - suggestion Cam Findlay 12/19/13 3:36 PM
Hopefully I don't get any emails from Indian Love Guru's with suggested questions.
Re: Forums spam bombing - suggestion Cam Findlay 12/20/13 3:45 PM
What would be a suitable number of posts before we remove the captcha for posts? 5 perhaps? I might write this check in today before styling it.


On Friday, 20 December 2013 12:08:38 UTC+13, Ingo Schommer wrote:
RE: [silverstripe-dev] Re: Forums spam bombing - suggestion Opticblaze 12/20/13 11:18 PM

@Cam,

 

5 sounds good to me for a start. We can always increase it, if we don't see good results. I don't think the average user will mind typing in the captcha. He would have already spend a good couple of minutes writing his post, and another 10 seconds is not going to make him abandon posting.

 

From: silverst...@googlegroups.com [mailto:silverst...@googlegroups.com] On Behalf Of c...@silverstripe.com
Sent: 21 December 2013 01:45 AM
To: silverst...@googlegroups.com
Subject: [silverstripe-dev] Re: Forums spam bombing - suggestion

--

You received this message because you are subscribed to the Google Groups "SilverStripe Core Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to silverstripe-d...@googlegroups.com.
To post to this group, send email to silverst...@googlegroups.com.
Visit this group at http://groups.google.com/group/silverstripe-dev.
For more options, visit https://groups.google.com/groups/opt_out.

Re: [silverstripe-dev] Re: Forums spam bombing - suggestion Cam Findlay 12/22/13 2:16 PM
Right, I have pushed some code back into our internal git repo for ss.org. Once Ingo reviews we could look at deployment.

Though the Indian love guru seems to have quietened down over the last few days (unless all you mods have been doing a killer job at dumping that spam?).

Still will be interesting to deploy the proposed code and see how that helps.

As Ingo mentioned we need some simple questions and answers (the question and answer allows for 1 question but multiple possible answers if you want to get creative!) for the qacaptcha module, please email through to myself (c...@silverstripe.com) or Ingo. 

Already had a few through which is awesome to see :)
Re: [silverstripe-dev] Re: Forums spam bombing - suggestion Cam Findlay 12/28/13 10:23 AM
Just an update: I'm still jumping on here regularly (as I think many of you mods are too) and cleaning spam off the forums. 

I think Ingo is probably still in the process of moving countries but as soon as he reviews the proposed code to shut this spammer up it will go live.

For now, I'll continue to hang on the front lines with everyone and fight the good fight (against the love guru and his hokem astrological love magic).


I am also thinking whether it would be a good idea to actually completely remove these spammers accounts rather than just suspend them. Even suspended accounts have a public URL and more recently the spammers have started to put spam related details in their profile listing.
Re: [silverstripe-dev] Re: Forums spam bombing - suggestion Martimiz 12/29/13 2:35 AM
Hi Cam,
One up for removing the account - or at least not publicly displaying it anymore, once suspended :) None of the links to profiles seem to have a nofollow, so they might very well get indexed.

He might even be aiming for that, because lately he creates these accounts and then waits for a long time before posting, so we cannot mark them.

Anxiously awaiting your/Ingo's solutions, in the mean ttime wishing all SilverStripers  a great (and hopefully spamfree) 2014!!

Martine


Op 28 dec. 2013 om 19:23 heeft c...@silverstripe.com het volgende geschreven:

Re: [silverstripe-dev] Re: Forums spam bombing - suggestion Ingo Schommer 12/29/13 5:32 AM
Alright, I’ve deployed the QA captcha protection. Thanks to Will for styling+fixes, Cam for testing, and Shaun for providing us with awesome questions.
We’ve only got 20 so far, so the variation/protection isn’t that great. If any of you guys has a bit of downtime to come up with new ones, please send them through by email :)

Its currently set up to require a captcha on the first 7 days after account creation, or for the first 5 posts.
If the spam continues, we can tweak that to the first 20 posts or so. That’s in the custom (non-public)
ssorg codebase by the way, not in the forum or qacaptcha codebase.

Completely removing accounts by moderators has the same issue as completely removing all posts: Its easy to mess up,
and delete valid members without easy recovery options. Hiding the profile will do the trick as well, right?
We still need to show the profile to the own user on login, since he might be mistakenly suspended 
and a message on top of the profile screen is the only way we communicate that suspension at the moment.
So, anybody keen to implement that on the forum? 

External links in forum posts and “Website” links in the profile should have nofollow,

All the best
Ingo
Re: [silverstripe-dev] Re: Forums spam bombing - suggestion swaiba 1/2/14 6:52 AM
I think I see some improvement, but I'm still coming on and seeing 100 posts by baba every now and then, makes the odd kitchen one heavenly.

At one point the messages contina silverstripe type phrases and at another point there was a message with no title that could be seen in the forum, but not opened/spected 


On Sunday, December 29, 2013 1:32:32 PM UTC, Ingo Schommer wrote:
Alright, I’ve deployed the QA captcha protection. Thanks to Will for styling+fixes, Cam for testing, and Shaun for providing us with awesome questions.
We’ve only got 20 so far, so the variation/protection isn’t that great. If any of you guys has a bit of downtime to come up with new ones, please send them through by email :)

Its currently set up to require a captcha on the first 7 days after account creation, or for the first 5 posts.
If the spam continues, we can tweak that to the first 20 posts or so. That’s in the custom (non-public)
ssorg codebase by the way, not in the forum or qacaptcha codebase.

Re: [silverstripe-dev] Re: Forums spam bombing - suggestion Cam Findlay 1/2/14 11:41 PM
Agreed the deployment of the new qacaptcha has slowed them, but it is possible we are dealing with humans solving them.

I have another piece of code I am going to run by Ingo which might finally curb these spammers...

Thanks again all for helping with the spam cleaning, hopefully we get a complete resolve on this soon :)

~Cam
Re: [silverstripe-dev] Re: Forums spam bombing - suggestion Martimiz 1/7/14 7:40 AM

Well, despite all your efforts, it looks like the current spam measures are not really discouraging friend baba. Yesterday I removed about 200 spam from 3(!) accounts and I don't know about the other mods. Just now removed one account with 112 spams attached, posted within a 3 tot 2 hour interal. And another account is already lined up, which I cannot remove because he hasn't posted yet. Possibly waiting till I'm offline... :(

Is there any chance the multi-spam-removal button can be approved? Or maybe a limit to the number of posts an account can post within an hour or a day?

By the way would it be an idea to at least add no-follow to the profile links? Because a lot of these profiles have already been indexed by google as mini adds for this guy...

Thanks, Martine
Re: [silverstripe-dev] Re: Forums spam bombing - suggestion camfindlay 1/8/14 12:01 AM
Hamish has been working on some new code to hopefully sort this out, will be along the lines of ghost/hell banning (making the spammers posts/profile invisible to everyone but them). Once their account is set to this it will hide all the spam from them in one go so no more injured index fingers from clicking delete. I have been testing out the code this afternoon, so far so good. Will require a peer review prior to going live. Hold tight, again thanks for your patices and help in clearing the spam everyone! I really appreciate it.

On a funny note, we have confirmation that we are indeed dealing with humans as one was cheeky enough to actually email our support team today and ask why their account was banned and could we turn it back on please.
Re: [silverstripe-dev] Re: Forums spam bombing - suggestion swaiba 1/9/14 3:47 AM
>>On a funny note, we have confirmation that we are indeed dealing with humans as one was cheeky enough to actually email our support team today and ask why their account was banned and could we turn it back on please.

cheeky monkey
Re: [silverstripe-dev] Re: Forums spam bombing - suggestion Cam Findlay 1/12/14 5:40 PM
Ok forum mods.

We have released some more code to help with spam. You have been emailed the details as we don't want them public for our friends the spammers to stumble across.

If you are a forum mod and haven't got an email from me yet please let me know here or drop me an email and I will forward you the details.

Let's hope this hlep to keep the spammers under control finally!

~Cam
Re: [silverstripe-dev] Re: Forums spam bombing - suggestion Martimiz 1/13/14 4:37 AM
I'm just soooo happy now :)))))) Thanks!


Op 13 Jan 2014 om 02:40 heeft Cam Findlay <c...@silverstripe.com> het volgende geschreven:

--
You received this message because you are subscribed to the Google Groups "SilverStripe Core Development" group.
To unsubscribe from this group and stop receiving emails from it, send an email to silverstripe-d...@googlegroups.com.
To post to this group, send email to silverst...@googlegroups.com.
Visit this group at http://groups.google.com/group/silverstripe-dev.
For more options, visit https://groups.google.com/groups/opt_out.
Re: [silverstripe-dev] Re: Forums spam bombing - suggestion jpalsu 3/7/14 12:10 AM
Hi

in my RSS reader,

I use 2 filters to delete 100 or more spams within Ss forum.

So I can keep my Ss forum history clean.

Good Luck for you...

Friendly

jpalsu


Le lundi 13 janvier 2014 13:37:48 UTC+1, Martimiz a écrit :
Re: [silverstripe-dev] Re: Forums spam bombing - suggestion swaiba 3/7/14 6:55 AM
is that "baba" and "kitchen"? :-)

Oh and Cam since you didn't respond on the forum - what about reviewing the mods - as I said I think half simply don't visit the site anymore.

Also can I be a mod of the payment gateways too - it bugs me when I can't weed them out from there... even if they are the more subtle spam mesages...
Re: [silverstripe-dev] Re: Forums spam bombing - suggestion Cam Findlay 3/9/14 1:09 PM
Hey Barry, 

Yes I think reviewing the mods is going to be a good idea. Have you got a list of those you think are no longer around?

I'd be keen to get a few more mods in to replace them in localtion around the world so we can catch most of the spam before it gets out of had (perhaps I need a dashboard with "number of love gurus plans foiled" metric lol).

Happy to add you to the payment gateways forum.
Re: [silverstripe-dev] Re: Forums spam bombing - suggestion swaiba 3/10/14 6:52 AM
Hey Cam,

These are the three I'm thinking are not around that much...

Howard (Last post: 1 year ago)
Ryan M. (Last post: 2 years ago)
biapar (Last post: 2 years ago)

... I could be wrong?  Maybe it is possible to determine internally if someone is marking spam?
Re: [silverstripe-dev] Re: Forums spam bombing - suggestion Cam Findlay 3/10/14 12:56 PM
Thanks, I'll get in touch with these guys and see if they are still around.
Re: [silverstripe-dev] Re: Forums spam bombing - suggestion Cam Findlay 3/30/14 5:17 PM
Have emailed these mods, Ryan is stepping down from being a mod. I might look to find out the geographic regions of our mods to ensure we have mod coverage across as many timezones as possible. 


On Tuesday, 11 March 2014 02:52:05 UTC+13, swaiba wrote:
Re: Forums spam bombing - suggestion Matthew Bonner 8/4/14 8:01 AM
What you want to do is rename the registration page, as it is clearly the registration page being compromised. Somehow the captcha validation is being bypassed, renaming the registration page from time to time helps, even if it causes a few problems, it is still better than spending hours deleting spam posts and registrations.


On Sunday, December 1, 2013 9:46:06 AM UTC, Martimiz wrote:
Hi guys,

Yesterday I removed 91 spams from the SilverStripe forums. This morning, after breakfast, another 32. i know that other moderators are battling alongside. This time it's basically the same person, creating an account, posting 20 to 30 messages, come back sometime later and start again.

In cases like this, where it is obvious this person doesn't post anything serious, we could really use a link in the account settings where we could mark all this users' posts as spam in one go...

I'm not at all familiar with the forum module, would this be acceptable/doable?

Martine

Re: [silverstripe-dev] Re: Forums spam bombing - suggestion jpalsu 8/5/14 11:08 AM
Hi,

This problem is too hard for me,
but If this below can help you...

Honeypot in UserForms » All other Modules » SilverStripe.org - Open Source CMS / Framework
http://www.silverstripe.org/all-other-modules/show/18847


Combatting Spam - Perch CMS documentation
http://docs.grabaperch.com/docs/blog/spam/

Comment spam prevention for your blog - Akismet
https://akismet.com/

User Registration Spam Prevention - WangGuard Anti-Splog
http://www.wangguard.com/

The Web's Largest Community Tracking Online Fraud & Abuse | Project Honey Pot
https://www.projecthoneypot.org/



Bests regards

Friendly,

jpalsu
><((((°> <°))))><
Euskadi, I Love it !
Maite dut Euskal Herria
Le Pays Basque, J'aime

Le 04/08/2014 17:01, Matthew Bonner a écrit :
--
You received this message because you are subscribed to a topic in the Google Groups "SilverStripe Core Development" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/silverstripe-dev/qnIFobIM6Os/unsubscribe.
To unsubscribe from this group and all its topics, send an email to silverstripe-d...@googlegroups.com.

To post to this group, send email to silverst...@googlegroups.com.
Visit this group at http://groups.google.com/group/silverstripe-dev.
For more options, visit https://groups.google.com/d/optout.

Re: Forums spam bombing - suggestion Zenmonkey 8/5/14 11:12 AM
I'd been using a combination of honeypot field and submision time index on my forms for a while. It seemed to only worked as a stop gap. Bots started getting through after a year. I've moved to Akismet and it seems fine so far.


On Sunday, December 1, 2013 4:46:06 AM UTC-5, Martimiz wrote:
Hi guys,

Yesterday I removed 91 spams from the SilverStripe forums. This morning, after breakfast, another 32. i know that other moderators are battling alongside. This time it's basically the same person, creating an account, posting 20 to 30 messages, come back sometime later and start again.

In cases like this, where it is obvious this person doesn't post anything serious, we could really use a link in the account settings where we could mark all this users' posts as spam in one go...

I'm not at all familiar with the forum module, would this be acceptable/doable?

Martine

No Rss from SilverStripe.org, SS.com, SS Forums ? jpalsu 9/20/14 1:17 AM
Hi,

Is ther some Rss 
for SilverStripe.org, SS.com, SS Forums ?

Thanks



Bests regards

Friendly,

jpalsu
><((((°> <°))))><
Euskadi, I Love it !
Maite dut Euskal Herria
Le Pays Basque, J'aime

No more Rss from SilverStripe.org, SS.com, SS Forums ? jpalsu 9/20/14 1:32 AM
Hi Swaiba,

Is there some Rss
No more Rss from SilverStripe.org, SS.com, SS Forums ? jpalsu 9/20/14 1:37 AM
Hi Cam Findlay,
Le Pays Basque, J'aime
More topics »