|Forums spam bombing - suggestion||Martimiz||12/1/13 1:46 AM|
Yesterday I removed 91 spams from the SilverStripe forums. This morning, after breakfast, another 32. i know that other moderators are battling alongside. This time it's basically the same person, creating an account, posting 20 to 30 messages, come back sometime later and start again.
In cases like this, where it is obvious this person doesn't post anything serious, we could really use a link in the account settings where we could mark all this users' posts as spam in one go...
I'm not at all familiar with the forum module, would this be acceptable/doable?
|Re: [silverstripe-dev] Forums spam bombing - suggestion||Olli||12/1/13 2:34 AM|
That doesnt help in the log run.
IMHO the only way to combat spam bots is add caphca, honeypot fields or require confirmation Upon registration.
You could add the chckbox or remove user permissions but that still requires moderation and whit a bot spamming you are the only losing time ;)..
> You received this message because you are subscribed to the Google Groups "SilverStripe Core Development" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to silverstripe-d...@googlegroups.com.
> To post to this group, send email to silverst...@googlegroups.com.
> Visit this group at http://groups.google.com/group/silverstripe-dev.
> For more options, visit https://groups.google.com/groups/opt_out.
|Re: [silverstripe-dev] Forums spam bombing - suggestion||Ingo Schommer||12/1/13 4:14 AM|
we do both captchas and honeypots already.
Does anybody have experiences how well email confirmations
work to combat spam? In my mind it shouldn’t be a big problem to overcome for spammers either.
Does anybody have recent research on the effectiveness of Recaptcha?
I can’t decide if its just people signing up manually (~30/day would be possible),
or if they’re actually cracking the captcha and we should look for a better alternative.
I think a batch-marking of spam for a specific account would be a great
feature for the forum module, and I’ll happily deploy that onto ss.org.
Anybody keen to write a pull request? Keep in mind it needs to be 2.4 compatible,
since we haven’t upgraded ss.org to 3.x yet - shoemakers own shoes…:D.
P.S.: I’ve been talking about this issue with our community manager Cam as well yesterday.
|Re: [silverstripe-dev] Forums spam bombing - suggestion||Martimiz||12/1/13 8:32 AM|
I'm not sure if this really is a bot. A new batch came in over a period of about 30 mins, that were minutes apart, so either a slowbot or some individual. in the latter case email confirmatin/honeypot won't really work... Recaptcha might, just because it is sooo annoying :)
That button shouldn't be so very hard to accomplish - basically a copy of the one in the forum post, with an extra bit of query added...
|Re: [silverstripe-dev] Forums spam bombing - suggestion||Ralph Slooten||12/1/13 8:54 AM|
Generally a fairly reliable way to tell would be to look in the web server's log files. Look for things like the time between actions. If a "person" is signing up and submitting all within seconds then it's probably automated. Another telltale is repeated fast form submissions where captcha fields are present (fail & retries). Another telltale is changing ips in a spamming session and/or the use of the Tor network.
I also find it hard to believe their ip isn't registered on the httpbl database (they are pretty good), but you could also integrate with the stopforumspam database too (simple api) for things like sign up page. It may first pay though to do a manual check of the ip (or ips) of this spammer first.
|Re: [silverstripe-dev] Forums spam bombing - suggestion||Cameron Spiers||12/1/13 2:46 PM|
I'm wondering what the text based content within the posts looks like? How obvious is it that it is spam?
I have been working on a classifier written in PHP for some time, and I have recently deployed it to combat spam in a SilverStripe site with good success.
Classification works by putting existing content into categories, (e.g. spam, ham) and using that content to train the classifier. The trained classifier can then be used to classify new content into a category. It is the same type of approach that most email providers use to combat spam.
Whether or not this particular library is the right approach, I recommend having a look into using classification to deal with spam. It is less intrusive to the user (e.g. no captcha) and offers flexibility with how you use it.
Cameron Spiers Senior Developer
Ph. 04 831 5130 heyday.co.nz
Heyday is a digital agency based in Wellington, New Zealand. It employs 35 staff and drives the online presence of brands through insight, ideas, design, delivery and improvement. Clients include Weta, Meridian Energy, GIB, Ecoya, ANZ, Trilogy, Gallagher Group and Z Energy. Please visit our website for further information.
|Re: [silverstripe-dev] Forums spam bombing - suggestion||swaiba||12/2/13 1:34 AM|
It is so obvious it is spam it is ridiculous... but as I messaged Ingo the worst part is that it is *no longer* restricting their account after I mark them as a spammer.
That drains my motivation to mark them as spam as I just see the user I've just marked as a spammer continue to spam.
Fix that please before adding anything fancy.
|Re: Forums spam bombing - suggestion||schellmax||12/2/13 2:19 AM|
slightly off topic, but at this point i'd just like to repost my suggestion on moving Q&A topics over to stackoverflow.com (instead of struggling with forum issues?). it's so much easier to get an overview of relevant information (say, accepted/upvoted answers/comments...)
|Re: [silverstripe-dev] Forums spam bombing - suggestion||Martimiz||12/2/13 2:39 AM|
as Swbaiba says: it is really really really obvious, see description bjelow. Confirmed: accounts are no longer suspended!!!!! (also on 'mark as spam' the page no longer redirects, maybe the bug stems from there). You guys really need to help us out here,, because this is definitely tno lunger funny :(
- one account, 16 to 32 posts
We used to have others before, like kitchenguy:
Or answers to old posts (not so often)
|Re: [silverstripe-dev] Forums spam bombing - suggestion||swaiba||12/2/13 4:14 AM|
>>You guys really need to help us out here,, because this is definitely tno lunger funny :(
Seconded - it is indeed NOT funny to see the spammers adding more and more messages from the same accounts that I've just marked50+ posts as spam :( :(
|Re: [silverstripe-dev] Forums spam bombing - suggestion||swaiba||12/2/13 6:22 AM|
|Re: [silverstripe-dev] Forums spam bombing - suggestion||Ingo Schommer||12/2/13 9:19 AM|
had a bit of a look in the ss.org logs and DB:
In the last 48h, there were 935 registration form submissions
resulting in 6 signups, two of which were identified by stopforumspam.org
and subsequently blocked.
Most of these submissions will be bots, and a few
of them have dozens of requests coming from the same IP.
None of those excessive repeated signup attempts did actually
make it through though, judging from the IPs tracked for registration.
So my hunch is that we’re dealing with manual spammer signups here,
which won’t be defeated by honeypots or captcha. To confirm that
would require a larger sample set than 48h, but I don’t have time for that. Maybe Cam F. does?
I doubt that email verification will hinder spammers either,
or has anybody had good success with that measure?
Content classification sounds interesting, but we’d need
somebody in the community to own getting this working
and fine tuning the training. Cam S., how much processing
time does it use? Unfortunately we don’t have good spam
training data since we delete spammy posts rather than just flag them.
That’d be a first step I guess: Implement post flagging + filtering in
the forum module (or store the spam content somewhere before deletion).
@Martimiz: Member suspension by clicking “Mark as spam” on a page
still works for me, do you have a specific example where it didn’t work for you?
Can you send me a link to your member profile on ss.org so I can check your permissions?
|Re: [silverstripe-dev] Forums spam bombing - suggestion||Martimiz||12/2/13 9:49 AM|
it hasn't been working for me the last 200+ times or so, first noticed it the day before yesterday. It used to, but doesn't anymore. Same goes for swaiba.
Link to my profile: http://www.silverstripe.org/ForumMemberProfile/show/3377
as I said before, this is most likely a manual spammer, judging by the time intervals at least.
|Re: [silverstripe-dev] Forums spam bombing - suggestion||Simon Welsh||12/2/13 8:22 PM|
I’m also seeing that the accounts aren’t being suspended and the page isn’t redirecting. I’m getting a 500 when marking something as spam (URL: http://www.silverstripe.org/upgrading-silverstripe/markasspam/326232). My ID’s 480.
Admin of http://simon.geek.nz/
|Re: [silverstripe-dev] Forums spam bombing - suggestion||Ingo Schommer||12/3/13 3:18 AM|
Alright, think I’ve tracked this down. We’ve installed a module to track
errors through raygun.io on the 20th of November, and the error reporting
had a bug (how meta…). I’ve signed up with a test spam and test moderator
account, and confirmed I can mark users posts as spam and actually suspend them.
Once you hit more spam, would be cool if you can quickly respond here if that
fixes it for you as well. Sorry for the inconvenience here, I think this calls
for some Behat tests ;) But first we’d need to upgrade ss.org to 3.x...
|Re: [silverstripe-dev] Forums spam bombing - suggestion||Martimiz||12/3/13 4:19 AM|
That's great! Will do.
Btw: there is one thing I have absolutely never seen, and that's a user that poses a serious question or two, and then starts spamming like this. So i personally think there would be nothing against removing all messages from the thread (be it temporary) for users that are marked as spam.
For users that do spam a bit by accident, you could just delete the offending message.
- why can moderators delete entire messages, but not edit them to maybe remove an offending bit, but leave the good bit of a post intact?
- When this spamming situation comes up, lots of people respond by saying we should abandon the forums for StackOverflow. What are your thoughts on this matter?
|Re: [silverstripe-dev] Forums spam bombing - suggestion||Martimiz||12/3/13 5:24 AM|
@ingo: yep, it is working again :) thanks!
|Re: [silverstripe-dev] Forums spam bombing - suggestion||Martimiz||12/3/13 5:24 AM|
|Re: [silverstripe-dev] Forums spam bombing - suggestion||c...@silverstripe.com||12/3/13 12:28 PM|
@ingo, thanks for sorting this. Finally have had time to chime in on this (still finding my feet in this new role, lots going on!).
Please keep any spam related stuff on my radar so I can look to advocate for more resource on ss.org improvements (as well as looking at ways we can work on it more as a community :) ).
Agree... we need to make a move to 3.x as a move towards greater ss.org improvements.
Behat tests... I approve :)
|Re: [silverstripe-dev] Forums spam bombing - suggestion||Cam Findlay||12/3/13 12:44 PM|
Here are my thoughts on your questions:
Suspect that we just simply don't have this functionality in the forum module, raises a bigger question of where could we take future versions of the forum module.
I wonder if it is possible to allow edit access in a certain security group in the backend? something to find out about, Ingo any ideas?
I am in two minds on this and actually can see merits of both. Dropping the forum module on ss.org also means we are not 'eating our own dog food' so to speak. It is also nice to have a clear place to go for new people coming into the community, we welcome them in rather than telling them to go elsewhere to talk to people about their silverstripe cms related issues.
I think there is place for both, however I would like to see a few things for the forum module such as being able to mark the version number of SS that the post refers to, marking posts as an accepted answer and an improved advanced search/filtering (I have been receiving feedback to this effect from a few community members via the comm...@silverstripe.org email).
Strategically though I think we need to get to 3.x version of stable code first to make working on improvements more inline with where SS CMS is now and valuable to the community in terms of any resulting code contributions.
I grew up on a diet of 2.3/2.4 but would really like to have a taste of 3.x on our community site.
Just a few thoughts there anyway, nothing set in stone as I would like to start a dialog and work with the community and SilverStripe internally to get a workable set of steps forward in the new year.
Thanks mods that got onto the spam recently too... I know how much of a pain it is (I jumped in and cleaned a bunch too) and I really appreciate it :)
I'm checking a number of channels at the moment which can get a bit info overload so if there is anything you think should really be on my radar please tweet, private message, email me to keep me aware.
Love your work ++100
'Community' Cam Findlay
|Re: [silverstripe-dev] Forums spam bombing - suggestion||Martimiz||12/4/13 1:13 AM|
I get what you're saying, and I kind of hover in that direction too. Still - this morning again 107 spams removed during breakfast, one account had 57 spamming posts, so that option to remove all at once would have really made a difference.
One other detail: the rss feed is still caching yesterdays removals, so that's no longer usable to track spams
|Re: [silverstripe-dev] Forums spam bombing - suggestion||Ingo Schommer||12/4/13 4:07 AM|
The relevant “markasspam” feature is here: https://github.com/silverstripe/silverstripe-forum/blob/0.4/code/Forum.php#L574
The phpdoc is actually inaccurate, but deleting all posts seems to have been the original intention of the feature.
I think for that to happen we need one of the two additions to the forum module:
- A confirmation screen with a list of all posts about to be deleted (eaiser = my preference)
- “Soft deletes” of forum posts where we just set Deleted=1 and filter them out everywhere.
Otherwise its just too easy to mistakenly click “mark as spam” on a valid user,
e.g. in Will’s case that’d delete his entire 5500 posts, which will be very hard to restore.
As usual, its mostly a matter of somebody actually sending a pull request for it (with tests).
Waiting until a shift to 3.x is putting unnecessary blockers in the way, that’s not going
to happen soon since we need to migrate a lot of custom code on ss.org,
and any upgrade work will likely be tied to our long-planned ss.org restructuring.
RSS caching is set up to 1h (see ForumHolder_Controller->rss()).
Do you see it being cached for longer than that?
Cam, could you find out if Nginx is doing some caching on top of that?
|Re: [silverstripe-dev] Forums spam bombing - suggestion||Martimiz||12/4/13 5:26 AM|
Oh yes :( Maybe a remove-all isn't such a good idea after all. It's real easy to push that link, happens to me on ipad by just accidentally moving my thumb - at that point your'd be one click away from disaster. A slight panic, and aaaargh... You'd have to trust your moderators an awful lot :)
Maybe astrologer-guy will give in at some time. We've neve before had a moron like this...
The cache has been refreshed. Maybe it's just my problem with new zealand time again, where your yesterday isn't mine. Since all 'yesterday' posts were deleted, I assumed...
|Re: [silverstripe-dev] Forums spam bombing - suggestion||swaiba||12/4/13 7:25 AM|
thanks for fixing the mark spam issue Ingo! :)
regarding the mass deletion - I was under the impression that the post never actually gets deleted - as martine pointed out previously with kitchen - but now you coudl see with http://www.silverstripe.org/search/?q=baba
it being the case that they are not deleted the confirmation page could be more of an "undo" page - just reporting on what you have just done (e.g. posts where markedas spam and DATE(lasteditted) = DATE(NOW()) or something a bit tighter)
I'll have a go if there is exact information on the code to use and I'd obviously prefer to do it for SS3 only
|Re: [silverstripe-dev] Forums spam bombing - suggestion||Simon Welsh||12/4/13 9:52 AM|
They're deleted. The search is a google custom search, so you need to wait for google to purge them from its index before they stop showing up.
Sent from my phone
|Re: [silverstripe-dev] Forums spam bombing - suggestion||Martimiz||12/13/13 1:21 AM|
Just to let you know: this is still going on, day by day. Just removed another 90. Is there really nothing that can be done in this special case? Filter on some words maybe? Just call the guy and shout at him? it's really getting stale :(
|Re: [silverstripe-dev] Forums spam bombing - suggestion||Daniel Hensby||12/13/13 1:22 AM|
Sorry to join this party late, but maybe mollom would help as it actually analyses the content of the submissions and then shows the captcha if it's ambiguous or straight rejects certain spam.
On 13 Dec 2013 09:21, "Martimiz" <mart...@gmail.com> wrote:
Just to let you know: this is still going on, day by day. Just removed another 90. Is there really nothing that can be done in this special case? Filter on some words maybe? Just call the guy and shout at him? it's really getting stale :(--
|Re: [silverstripe-dev] Forums spam bombing - suggestion||Daniel Hensby||12/13/13 1:23 AM|
Also, perhaps this guy's account has been compromised, why not force a password change?
|Re: Forums spam bombing - suggestion||Ingo Schommer||12/13/13 1:36 AM|
Which guy are we talking about here? (forum profile URL)
In general, when you suspect bugs in the forum operation,
I'm hesitant to put an external service dependency like Mollom
|Re: Forums spam bombing - suggestion||Daniel Hensby||12/13/13 3:07 AM|
Mollom is only free if you choose the free option.
Any effective anti-spam system that uses crowd sourced machine learning to identify spam(mers) is going to come with a price.
|Re: Forums spam bombing - suggestion||swaiba||12/13/13 7:09 AM|
Which guy are we talking about here? (forum profile URL)
multiple, now they are creating profiles and posting ~30 messages at a time about "baba magic love skills" or whatever - if you look at the forum roughly every 3/4 hours you will see them
>>Just removed another 90
great so if I make any patch for this you'll review - as previously said I cannot/will not do phpunit sorry
I think that something to limit you to x posts would be step one, but something better like Cam was suggesting "classifying" posts would work in combo with this
e.g. if nothing flags then let them post
but if they mention a certain web address, email or telephone number (as all the serious spammers seem to) then this along with x posts per day on signup would get rid of this really annoying cases
|Re: [silverstripe-dev] Re: Forums spam bombing - suggestion||Dan Rye||12/13/13 7:14 AM|
What about new account posts have to be approved by a moderator? I don't know the volume of new accounts, but 1/new account seems better then 30/new account.
|Re: Forums spam bombing - suggestion||Opticblaze||12/13/13 2:25 PM|
I was wondering if normal forum members cant help with the spam issue. What about creating a voting button that every forum user can click if he thinks a post is a spam. We then set a threshold lets say if a post registers 10 spam votes for example, then the system generates a list which i think will be easier to manage. It will still rely on moderators but because more of us are able to help notify the admins/moderators i think it might make your work a bit easier. I suppose we could even run a fancier query that check if the same account has been flagged in multiple posts for spam by multiple users. If you really want to pimp the system out you give normal forum members with a certain amount of good posts under their belt the ability to have a weighted vote. So forum members who have completed their profile and posted at least 30 posts gets 2 votes, forum members with more than 100 posts get 3 votes and so on. The more active you are in the community the more responsibility you will be given.... just an idea
On Sunday, December 1, 2013 11:46:06 AM UTC+2, Martimiz wrote:
|Re: Forums spam bombing - suggestion||Opticblaze||12/14/13 12:08 AM|
Adding to my previous post..... if normal members could vote it would be easy to target a guy like this: http://www.silverstripe.org/ForumMemberProfile/show/38278
We could just vote the whole profile as a spam profile and then delete all his posts in one shot instead of one by one
|Re: Forums spam bombing - suggestion||Ingo Schommer||12/15/13 1:48 PM|
Voting would be a great addition to the forum, but it strikes me as an afterthought for this situation. If a spammer has gotten dozens posts on the forum already, the damage is done in terms of cluttering the user experience for legitimate users. We'll need a reasonable amount of votes (3-10 depending on status) before blocking a user, I think by the time we have those votes a moderator could've already sorted things out.
Approval by moderator sounds really annoying from a user perspective: You sign up because you have a question, and you want that question seen and ideally answered right now. Even waiting for 30min approval is a significant dent in this experience IMHO. And we're a small community, so any more busywork added for the few moderators mean they have less bandwidth to deal with other things like sending pull requests, answering forum posts, etc.
Flood control (limiting number of posts by new users) sounds like the best straightforward idea to me. Most users will start out with a single post after registration.
Anything beyond 3-5 posts is an anomaly that we could catch by asking users to contact moderators directly. Anybody keen to write this feature?
@swabia: Thanks for patching! Are there any specific blockers in terms of getting started with PHPUnit that I can help with?
We'd really prefer stuff to be tested, but given the situation any code is a good starting point.
|Re: Forums spam bombing - suggestion||Opticblaze||12/15/13 10:39 PM|
Ok makes sense....
1) What about at least giving forum members the ability to flag in-appropriate posts, that should help moderators target these guys quicker?
2) Flood control sounds like an excellent idea
|Re: [silverstripe-dev] Re: Forums spam bombing - suggestion||Simon Welsh||12/15/13 10:47 PM|
From my point of view, the problem isn't discovery (which is what a flagging system's for) but removing a large amount of posts from a single user. Rate limiting or a "delete all posts" button on a profile would be much more useful.
Sent from my phone
|Re: [silverstripe-dev] Re: Forums spam bombing - suggestion||Will Rossiter||12/16/13 7:47 PM|
Ingo / Cam with access to the live database might be able to answer this but how many posts per week are from new users (i.e first posts). If it's 3-5 then I think your first post could be moderated. If your first post has not been moderated yet then you cannot post another message. Mod's would just need to approve that users first post to have it appear on the site which I'm sure is a small list. Also allows the mods a chance to review common issues that are first coming in.
|Re: [silverstripe-dev] Re: Forums spam bombing - suggestion||Dan Rye||12/16/13 7:51 PM|
Will, that is what I was suggesting, though your description is a bit more clear. I do like Ingo's idea of rate limiting, perhaps you can only post one new post within 24 hours of creating a new account. I'd imagine this will just increate the number of bad accounts being created.
|Re: [silverstripe-dev] Re: Forums spam bombing - suggestion||Martimiz||12/17/13 6:17 AM|
From my moddy experience, the overall amount of spam on the forums has typically been small and not hard to manage (which says nothing about the future I know). I hope with available (third party) tools they can be filtered out even further. It's just that this last guy is such a pain...
We've two types of multi-spammers: multiple-accounts-one-message-each, like kitchenguy a while ago, and multiple-accounts-multiple-messages, like the current Indian astrologer. In both cases though, the messages have always been really similar, so if they come through, once spotted, they could easily be filtered out for the future using some list (that a mod could maybe add to).
Then to remove what has been posted. In the situation of multiple posts per account, we would be helped with that button to remove all remaining spam for an account. To prevent erasing all Will's 5000+ posts by accident, as Ingo fears might happen, the button could be placed in the user account, appear only after the account has been suspended already, and remove a max number of posts, starting with the oldest to cause least damage. A very basic practical solution that would have saved an awful lot of time - in this case.
I hope we can stay away from options that restrict first time users still. To me the forums are formost a low-level first stop for new silverstripe users, trying to get in touch with core devs and the community. In that way they may have a role in building the community. To put restrictions here would not appear very friendly and might even send them away again. QuestIons are often answered within just a couple of hours. For me that's a great thing and I personally would really like to keep it that way! And with something like the above, i think we could keep spam under control for now.
Also, when first posts are to be approved first: please consider that mods are not always 'on duty' and working hours may or may not overlap, I think a couple of the mods listed aren't even active any more. Once you implement this, you'd have to make sure all post are always(!) moderated within a strict timeframe.
|Re: [silverstripe-dev] Re: Forums spam bombing - suggestion||swaiba||12/17/13 8:47 AM|
Thanks for the offer of help - that applies to windows 7 machines? (or maybe win 8 if santa comes early)
My issue has been that, in the past whenever I've tried, the instal through PEAR is arkward (and fails), then the silverstripe wrapper is incompatible with the verion of PHPUnit I've eventually got running.
I am considering going direct to UNIX now web dev is my life, and I've no qualms it installs / runs fine on there
Yes I agree the main worry is that all the posts get lost.
I was thinking that I could just read the posts before deleting, serialize and gzcompress and store in a "rollback" table
then these could always been restored if there was a serious mistake
but I also agree that "mark ALL as spam" should be conceptually at a different point and on the he profile, after account suspended sounds perfect
what do you think?
|Re: [silverstripe-dev] Re: Forums spam bombing - suggestion||Martimiz||12/18/13 1:06 AM|
Indian guy has now posted 94 spams on one account: http://www.silverstripe.org/ForumMemberProfile/show/38336
To remove means some 400+ page requests, which is slowly costing me my indexfinger... Anyone with access to the backend/database willing to pick this up? Please?
|Re: [silverstripe-dev] Re: Forums spam bombing - suggestion||Martimiz||12/18/13 2:56 AM|
Ok, I decided not to wait because the forums were basically rendered unusable. i removed a grand total of 219 similar spam messages from 10 accounts (lastnight,this morning only), which took some effort. Unless this stops soon, the question whether we should or shouldn't keep the forums alive might become obsolete real soon I fear.
Enough for today for me anyway,
|Re: [silverstripe-dev] Re: Forums spam bombing - suggestion||weberho||12/18/13 6:23 AM|
I don't think, the messages are posted manually; Posting is too quick, I think (see /ForumMemberProfile/show/38345 ).
I have made good experiances adding a visible field named URL which is hidden per CSS. Robots usually post data in this field; Revoking this posts prevents lots of messages to be posted.
Another simple method is to add a very simple calculation to the form that must be solved by the user to allow posting.
Both methods are very easy to implement and helps a lot.
Weberhofer GmbH, Austria, Vienna
|Re: Forums spam bombing - suggestion||Ingo Schommer||12/19/13 3:08 PM|
Just a quick status update: I've integrated https://github.com/mateusz/silverstripe-qacaptcha into forum post submissions,
which should stop automated responses by requesting answers to questions like "What's the third letter in 'SilverStripe'?".
Less annoying to fill out than Recaptcha, right? We could even remove that captcha if a user has more than X posts (so is validated).
It'll make the investment per post higher for spammers, and if we do the questions right won't be able to be automated easily.
Cam is currently testing this approach, and wants to get help in styling it tomorrow at the hackfest.
We could also use some sample questions - anybody keen to write some? They should be easy, unambiguous
and ideally geared towards the SilverStripe or PHP space. Please send them to Cam/me via email rather than
posting here, we don't want to make it too easy for spammers, right? ;)
|Re: Forums spam bombing - suggestion||c...@silverstripe.com||12/19/13 3:36 PM|
Hopefully I don't get any emails from Indian Love Guru's with suggested questions.
|Re: Forums spam bombing - suggestion||Cam Findlay||12/20/13 3:45 PM|
What would be a suitable number of posts before we remove the captcha for posts? 5 perhaps? I might write this check in today before styling it.
|RE: [silverstripe-dev] Re: Forums spam bombing - suggestion||Opticblaze||12/20/13 11:18 PM|
5 sounds good to me for a start. We can always increase it, if we don't see good results. I don't think the average user will mind typing in the captcha. He would have already spend a good couple of minutes writing his post, and another 10 seconds is not going to make him abandon posting.
You received this message because you are subscribed to the Google Groups "SilverStripe Core Development" group.
|Re: [silverstripe-dev] Re: Forums spam bombing - suggestion||Cam Findlay||12/22/13 2:16 PM|
Right, I have pushed some code back into our internal git repo for ss.org. Once Ingo reviews we could look at deployment.
Though the Indian love guru seems to have quietened down over the last few days (unless all you mods have been doing a killer job at dumping that spam?).
Still will be interesting to deploy the proposed code and see how that helps.
As Ingo mentioned we need some simple questions and answers (the question and answer allows for 1 question but multiple possible answers if you want to get creative!) for the qacaptcha module, please email through to myself (c...@silverstripe.com) or Ingo.
Already had a few through which is awesome to see :)
|Re: [silverstripe-dev] Re: Forums spam bombing - suggestion||Cam Findlay||12/28/13 10:23 AM|
Just an update: I'm still jumping on here regularly (as I think many of you mods are too) and cleaning spam off the forums.
I think Ingo is probably still in the process of moving countries but as soon as he reviews the proposed code to shut this spammer up it will go live.
For now, I'll continue to hang on the front lines with everyone and fight the good fight (against the love guru and his hokem astrological love magic).
I am also thinking whether it would be a good idea to actually completely remove these spammers accounts rather than just suspend them. Even suspended accounts have a public URL and more recently the spammers have started to put spam related details in their profile listing.
|Re: [silverstripe-dev] Re: Forums spam bombing - suggestion||Martimiz||12/29/13 2:35 AM|
One up for removing the account - or at least not publicly displaying it anymore, once suspended :) None of the links to profiles seem to have a nofollow, so they might very well get indexed.
He might even be aiming for that, because lately he creates these accounts and then waits for a long time before posting, so we cannot mark them.
Anxiously awaiting your/Ingo's solutions, in the mean ttime wishing all SilverStripers a great (and hopefully spamfree) 2014!!
|Re: [silverstripe-dev] Re: Forums spam bombing - suggestion||Ingo Schommer||12/29/13 5:32 AM|
Alright, I’ve deployed the QA captcha protection. Thanks to Will for styling+fixes, Cam for testing, and Shaun for providing us with awesome questions.
We’ve only got 20 so far, so the variation/protection isn’t that great. If any of you guys has a bit of downtime to come up with new ones, please send them through by email :)
Its currently set up to require a captcha on the first 7 days after account creation, or for the first 5 posts.
If the spam continues, we can tweak that to the first 20 posts or so. That’s in the custom (non-public)
ssorg codebase by the way, not in the forum or qacaptcha codebase.
Completely removing accounts by moderators has the same issue as completely removing all posts: Its easy to mess up,
and delete valid members without easy recovery options. Hiding the profile will do the trick as well, right?
We still need to show the profile to the own user on login, since he might be mistakenly suspended
and a message on top of the profile screen is the only way we communicate that suspension at the moment.
So, anybody keen to implement that on the forum?
External links in forum posts and “Website” links in the profile should have nofollow,
see http://www.silverstripe.org/general-questions/show/28716 and http://www.silverstripe.org/ForumMemberProfile/show/7224 for example.
All the best
|Re: [silverstripe-dev] Re: Forums spam bombing - suggestion||swaiba||1/2/14 6:52 AM|
I think I see some improvement, but I'm still coming on and seeing 100 posts by baba every now and then, makes the odd kitchen one heavenly.
At one point the messages contina silverstripe type phrases and at another point there was a message with no title that could be seen in the forum, but not opened/spected
|Re: [silverstripe-dev] Re: Forums spam bombing - suggestion||Cam Findlay||1/2/14 11:41 PM|
Agreed the deployment of the new qacaptcha has slowed them, but it is possible we are dealing with humans solving them.
I have another piece of code I am going to run by Ingo which might finally curb these spammers...
Thanks again all for helping with the spam cleaning, hopefully we get a complete resolve on this soon :)
|Re: [silverstripe-dev] Re: Forums spam bombing - suggestion||Martimiz||1/7/14 7:40 AM|
Well, despite all your efforts, it looks like the current spam measures are not really discouraging friend baba. Yesterday I removed about 200 spam from 3(!) accounts and I don't know about the other mods. Just now removed one account with 112 spams attached, posted within a 3 tot 2 hour interal. And another account is already lined up, which I cannot remove because he hasn't posted yet. Possibly waiting till I'm offline... :(
Is there any chance the multi-spam-removal button can be approved? Or maybe a limit to the number of posts an account can post within an hour or a day?
By the way would it be an idea to at least add no-follow to the profile links? Because a lot of these profiles have already been indexed by google as mini adds for this guy...
|Re: [silverstripe-dev] Re: Forums spam bombing - suggestion||camfindlay||1/8/14 12:01 AM|
Hamish has been working on some new code to hopefully sort this out, will be along the lines of ghost/hell banning (making the spammers posts/profile invisible to everyone but them). Once their account is set to this it will hide all the spam from them in one go so no more injured index fingers from clicking delete. I have been testing out the code this afternoon, so far so good. Will require a peer review prior to going live. Hold tight, again thanks for your patices and help in clearing the spam everyone! I really appreciate it.
On a funny note, we have confirmation that we are indeed dealing with humans as one was cheeky enough to actually email our support team today and ask why their account was banned and could we turn it back on please.
|Re: [silverstripe-dev] Re: Forums spam bombing - suggestion||swaiba||1/9/14 3:47 AM|
>>On a funny note, we have confirmation that we are indeed dealing with humans as one was cheeky enough to actually email our support team today and ask why their account was banned and could we turn it back on please.
|Re: [silverstripe-dev] Re: Forums spam bombing - suggestion||Cam Findlay||1/12/14 5:40 PM|
Ok forum mods.
We have released some more code to help with spam. You have been emailed the details as we don't want them public for our friends the spammers to stumble across.
If you are a forum mod and haven't got an email from me yet please let me know here or drop me an email and I will forward you the details.
Let's hope this hlep to keep the spammers under control finally!
|Re: [silverstripe-dev] Re: Forums spam bombing - suggestion||Martimiz||1/13/14 4:37 AM|
I'm just soooo happy now :)))))) Thanks!
|Re: [silverstripe-dev] Re: Forums spam bombing - suggestion||kasu64||3/7/14 12:10 AM|
in my RSS reader,
I use 2 filters to delete 100 or more spams within Ss forum.
So I can keep my Ss forum history clean.
Good Luck for you...
|Re: [silverstripe-dev] Re: Forums spam bombing - suggestion||swaiba||3/7/14 6:55 AM|
is that "baba" and "kitchen"? :-)
Oh and Cam since you didn't respond on the forum - what about reviewing the mods - as I said I think half simply don't visit the site anymore.
Also can I be a mod of the payment gateways too - it bugs me when I can't weed them out from there... even if they are the more subtle spam mesages...
|Re: [silverstripe-dev] Re: Forums spam bombing - suggestion||Cam Findlay||3/9/14 1:09 PM|
Yes I think reviewing the mods is going to be a good idea. Have you got a list of those you think are no longer around?
I'd be keen to get a few more mods in to replace them in localtion around the world so we can catch most of the spam before it gets out of had (perhaps I need a dashboard with "number of love gurus plans foiled" metric lol).
Happy to add you to the payment gateways forum.
|Re: [silverstripe-dev] Re: Forums spam bombing - suggestion||swaiba||3/10/14 6:52 AM|
These are the three I'm thinking are not around that much...
Howard (Last post: 1 year ago)
Ryan M. (Last post: 2 years ago)
biapar (Last post: 2 years ago)
... I could be wrong? Maybe it is possible to determine internally if someone is marking spam?
|Re: [silverstripe-dev] Re: Forums spam bombing - suggestion||Cam Findlay||3/10/14 12:56 PM|
Thanks, I'll get in touch with these guys and see if they are still around.
|Re: [silverstripe-dev] Re: Forums spam bombing - suggestion||Cam Findlay||3/30/14 5:17 PM|
Have emailed these mods, Ryan is stepping down from being a mod. I might look to find out the geographic regions of our mods to ensure we have mod coverage across as many timezones as possible.
|Re: Forums spam bombing - suggestion||Matthew Bonner||8/4/14 8:01 AM|
What you want to do is rename the registration page, as it is clearly the registration page being compromised. Somehow the captcha validation is being bypassed, renaming the registration page from time to time helps, even if it causes a few problems, it is still better than spending hours deleting spam posts and registrations.
|Re: [silverstripe-dev] Re: Forums spam bombing - suggestion||kasu64||8/5/14 11:08 AM|
This problem is too hard for me,
but If this below can help you...
Honeypot in UserForms » All other Modules » SilverStripe.org - Open Source CMS / Framework
Combatting Spam - Perch CMS documentation
Comment spam prevention for your blog - Akismet
User Registration Spam Prevention - WangGuard Anti-Splog
The Web's Largest Community Tracking Online Fraud & Abuse | Project Honey Pot
Euskadi, I Love it !
Maite dut Euskal Herria
Le Pays Basque, J'aime
|Re: Forums spam bombing - suggestion||Richard Rudy||8/5/14 11:12 AM|
I'd been using a combination of honeypot field and submision time index on my forms for a while. It seemed to only worked as a stop gap. Bots started getting through after a year. I've moved to Akismet and it seems fine so far.
|No Rss from SilverStripe.org, SS.com, SS Forums ?||kasu64||9/20/14 1:17 AM|
Is ther some Rss
for SilverStripe.org, SS.com, SS Forums ?
|No more Rss from SilverStripe.org, SS.com, SS Forums ?||kasu64||9/20/14 1:32 AM|
Is there some Rss
|No more Rss from SilverStripe.org, SS.com, SS Forums ?||kasu64||9/20/14 1:37 AM|
Hi Cam Findlay,
Le Pays Basque, J'aime