Yesterday I removed 91 spams from the SilverStripe forums. This morning, after breakfast, another 32. i know that other moderators are battling alongside. This time it's basically the same person, creating an account, posting 20 to 30 messages, come back sometime later and start again.
In cases like this, where it is obvious this person doesn't post anything serious, we could really use a link in the account settings where we could mark all this users' posts as spam in one go...
I'm not at all familiar with the forum module, would this be acceptable/doable?
Martine
On 2/12/2013 1:15 am, "Ingo Schommer" <in...@silverstripe.com> wrote:
> I can’t decide if its just people signing up manually (~30/day would be possible),
> or if they’re actually cracking the captcha and we should look for a better alternative.
Generally a fairly reliable way to tell would be to look in the web server's log files. Look for things like the time between actions. If a "person" is signing up and submitting all within seconds then it's probably automated. Another telltale is repeated fast form submissions where captcha fields are present (fail & retries). Another telltale is changing ips in a spamming session and/or the use of the Tor network.
I also find it hard to believe their ip isn't registered on the httpbl database (they are pretty good), but you could also integrate with the stopforumspam database too (simple api) for things like sign up page. It may first pay though to do a manual check of the ip (or ips) of this spammer first.
Cheers,
Ralph
--
- one account, 16 to 32 posts
- title plus long story about non silverstripe issue
- a jpg download
- some sort of e-mailaddres
- no links
We used to have others before, like kitchenguy:
- one account, one post (zillion times)
- one (or two) links
Or others:
- one account, 1 post
- zillion links
Or answers to old posts (not so often)
Martinep
Does anybody have experiences how well email confirmationswork to combat spam?
Link to my profile: http://www.silverstripe.org/ForumMemberProfile/show/3377
as I said before, this is most likely a manual spammer, judging by the time intervals at least.
One other detail: the rss feed is still caching yesterdays removals, so that's no longer usable to track spams
Martine
Martine
Sorry to join this party late, but maybe mollom would help as it actually analyses the content of the submissions and then shows the captcha if it's ambiguous or straight rejects certain spam.
Dan
Just to let you know: this is still going on, day by day. Just removed another 90. Is there really nothing that can be done in this special case? Filter on some words maybe? Just call the guy and shout at him? it's really getting stale :(
Martine
Also, perhaps this guy's account has been compromised, why not force a password change?
Dan
Which guy are we talking about here? (forum profile URL)
I suppose you marked some of his posts as spam already,
so they should have a SuspendedUntil date set in the database
and no longer be allowed to post.
In general, when you suspect bugs in the forum operation,
can you please try to reproduce them on a clean install
with the forum module and see if you can patch anything?
In this case on a 2.4 install with forum 0.4.
I'm hesitant to put an external service dependency like Mollom
onto every forum post submission. We had pretty mixed experience with its
availability, its a free service after all. And its free offering of 50 legitimate posts
per day would artificially limit our throughput on the forums.
We could limit it to first posts only, but given the spammers can
already get around the pretty sophisticated Recaptcha I don't think that'll detract them.
Thanks
Ingo
Dan
Hi guys,Yesterday I removed 91 spams from the SilverStripe forums. This morning, after breakfast, another 32. i know that other moderators are battling alongside. This time it's basically the same person, creating an account, posting 20 to 30 messages, come back sometime later and start again.
In cases like this, where it is obvious this person doesn't post anything serious, we could really use a link in the account settings where we could mark all this users' posts as spam in one go...
I'm not at all familiar with the forum module, would this be acceptable/doable?
Martine
Dan
We've two types of multi-spammers: multiple-accounts-one-message-each, like kitchenguy a while ago, and multiple-accounts-multiple-messages, like the current Indian astrologer. In both cases though, the messages have always been really similar, so if they come through, once spotted, they could easily be filtered out for the future using some list (that a mod could maybe add to).
Then to remove what has been posted. In the situation of multiple posts per account, we would be helped with that button to remove all remaining spam for an account. To prevent erasing all Will's 5000+ posts by accident, as Ingo fears might happen, the button could be placed in the user account, appear only after the account has been suspended already, and remove a max number of posts, starting with the oldest to cause least damage. A very basic practical solution that would have saved an awful lot of time - in this case.
I hope we can stay away from options that restrict first time users still. To me the forums are formost a low-level first stop for new silverstripe users, trying to get in touch with core devs and the community. In that way they may have a role in building the community. To put restrictions here would not appear very friendly and might even send them away again. QuestIons are often answered within just a couple of hours. For me that's a great thing and I personally would really like to keep it that way! And with something like the above, i think we could keep spam under control for now.
Also, when first posts are to be approved first: please consider that mods are not always 'on duty' and working hours may or may not overlap, I think a couple of the mods listed aren't even active any more. Once you implement this, you'd have to make sure all post are always(!) moderated within a strict timeframe.
Martine
Indian guy has now posted 94 spams on one account: http://www.silverstripe.org/ForumMemberProfile/show/38336
To remove means some 400+ page requests, which is slowly costing me my indexfinger... Anyone with access to the backend/database willing to pick this up? Please?
Martine
Enough for today for me anyway,
Martine
@Cam,
5 sounds good to me for a start. We can always increase it, if we don't see good results. I don't think the average user will mind typing in the captcha. He would have already spend a good couple of minutes writing his post, and another 10 seconds is not going to make him abandon posting.
--
--
You received this message because you are subscribed to a topic in the Google Groups "SilverStripe Core Development" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/silverstripe-dev/qnIFobIM6Os/unsubscribe.
To unsubscribe from this group and all its topics, send an email to silverstripe-d...@googlegroups.com.
To post to this group, send email to silverst...@googlegroups.com.
Visit this group at http://groups.google.com/group/silverstripe-dev.
For more options, visit https://groups.google.com/d/optout.