Spam

I’m a moderator for a much more popular forum than this one (no offence intended!) so we get a huge amount of spam. Some of our tactics are:

1. Validate email address on registration
2. Replace certain words with asterisks (this was originally to prevent profanity but we’ve added all kinds of spam URLs to the list)
3. Check for certain words or phrases, such as “buy” or “order now”, for new users and put the posts into an approval queue if they match (where “new user” is defined by post count)
4. Block forum access by IP address or range.

If something does make it through then we have what we call a “one touch” cleanup system that bans the user and deletes all of their posts after a single confirmation step. This has some safety checks on it, such as requiring extra confirmation if the user account wasn’t created within the past X weeks.

I have no idea how easy/difficult some of these would be to implement! :)

I like Ricks maths question Idea – Computer should get the question correct every time – I don’t know what Humans would achieve – 42?

I’ve mentioned a few times – but the posts are scattered around the place – these days it’s as likely that a human in a cheap outsourced click farm ad company is signing up, as it is a robot. Humans are more reliable!

I’ve updated to the latest Google reCaptcha – after some arguing with it – and it seems to work. They have a ‘noscript’ version but it’s quite broken; just about works on Safari but NetSurf on Mac doesn’t show the checkboxes and I’ve had to play with the CSS because they have document tree faults that cause a couple of labels and a text area (!) to appear above the images.

Anyway, for those on Safari, Firefox, Edge et al., signup should be OK if human. We’ll have to wait and see if this helps with spam breakins.

Cheers to whoever stamped on the latest spam boy.

Here’s an idea: would it be possible/easy to evaluate a message before the system accepts it – simply count through the characters and count up how many characters are normal alphanumeric or punctuation and how many are extended Unicode characters. If Unicode is greater than alphanumeric/punctuation, reject the message…

(-؛ ˙sı ʇɐɥʇ ’ssɐ ʇɹɐɯs ɐ ǝq oʇ ƃuıʎɹʇ sı ʎpoqǝɯos ssǝןun˙˙˙ǝןdoǝd ןɐɯɹou oʇ ʇɔǝɟɟǝ ןɐɯıuıɯ ɥʇıʍ ɯɐds ǝƃɐnƃuɐן uɐısɐ ǝɥʇ ɥɔʇɐɔ pןnoɥs sıɥʇ

He’s still going despite my having deleted his account.

Seems strange the system has no way to forcibly boot (sign out) a user, and accepts messages from an account that doesn’t exist any more. Hmm.

What you suggest would be useful.

If this is the way it appears that the system now works, perhaps a re-boot is needed.

surly only accept messages from users who are logged in, and when this happens (and check how many messages / min they post within creating a new account), simply have a script which kills all session cookies logging them out (Of-course I am coming from PHP and I know this is on Rails ;@) ).

If this is the way it appears that the system now works, perhaps a re-boot is needed.

I have more powers than ordinary users here, but I’m not a proper sysadmin, so I can’t do that.

But I think something has to change, because the proper sysadmins aren’t watching, which leaves me versus the spambot.

But I think something has to change, because the proper sysadmins aren’t watching, which leaves me versus the spambot.

And it has started again. This must be a right pain and thanks for your good work but it is unreasonable to expect someone to keep bailing out like this for any length of time.

And it has started again.

Actually it didn’t stop. I had to go out, so I was unable to delete the stuff for a while. It was coming in steadily about 2 a minute, and had been doing so since something like 0900 BST.

I’ve deleted hundreds of postings today. The only good point was that the bot was relatively slow, so I could delete faster than it could post.

I would like to understand why anyone spams like that.

I don’t know anything about forum management, so this may be a naive question.
How feasable would it be to have a “report abuse” button for posts. If it gets ten hits, then quarantine (hide) the post until sys-admin has the opportunity to moderate it. If the poster gets ten posts quarantined, then prevent any further posts until those have been moderated.
You may wish to limit the “report abuse” function to those who have a regular/significant presence here.
Just a thought. Allows the regular users to police the forum by concensus.

I’m an admin over on the Sinclair QL Forum, we use a combination of;

• Captcha
• Blacklists – http://www.stopforumspam.com/
• Manual account activation

Perhaps something similar could be done here?

Blacklists – http://www.stopforumspam.com/

Interestingly, today’s spammer appears to be on their blacklist.

Among the simplest things that could be done are:

• to make the “delete account” button (to which I do have access, for each user) also kick the user off the system immediately; or
• to make a separate “kick user off the system” button available on each user account.

Either of those would have stopped several hundred spams today and saved me a lot of time.

Kicking the user off all systems is difficult because of the way the single sign-on system works. It was a reasonable design many years ago but at this point it needs re-engineering; I don’t currently have the spare time to do that though.

If you’ve got more than 5-10 pieces of spam to delete, don’t bother. Just let me know and I’ll delete them out of the database, it’s far quicker. Timezone changes might mean the spam hangs around for a few hours on the forum but that’s the best I can do at this point.

For Andrew & Dave,
Just in case you haven’t noticed them, there are two new spammers today.

Some poor sod had to nuke ~90 spams (written in Hangul¹) this afternoon. Thank you for that.

I repeat my request to somebody who understands Ruby – please add a few lines into the message accepting routine to look at the message content, and if the count of high bit set (ie UTF-8) characters is greater than the count of high bit unset (regular Latin and Symbols) , then reject the message.

This shouldn’t affect those of us who want to write in, say, Française, or even ελληνική, or even 日本語 without problem (as there’s much more Latin than foreign); but it ought to fart in the general direction of somebody who wants to post a message entirely comprised of the same 한글 squiggles repeated dozens of times…

¹ Korean – 한, Han, means “great”; 글, Gul/Geul, means “script”. It’s actually a pretty clever way of transcribing the sounds of a language.

Some poor sod had to nuke ~90 spams (written in Hangul1) this afternoon. Thank you for that.

It was 112 when I started, and he was still able to post some more after I had deleted his account. But anyway, you’re welcome.

Spam again – identical posts on other servers from the same user name.
Yes it’s an ARM based board being spammed about, but that’s the limit of interest.

Are these cheap Chinese boards actually of interest to anybody? I can’t imagine there’d be decent margins in an “it runs Linux” board, and without chip level documentation I can’t imagine it’d be of great interest to the homebrew community either…

Spam again – identical posts on other servers from the same user name.

I’m inclined to allow this one since it could conceivably be of interest to us. Perhaps we should email-bomb the poster to get access to a proper PRM.

Beware mimics

Is it possible to implement some rate limits for new members? (Anyone with less than 100 posts perhaps)

Something like 6 comments on other peoples topics per day, only able to start topics in Community Support.

These restrictions not applying when posting from Netsurf on RISC OS.

440 posts of rubbish in Korean. Good luck the unfortunate that has to clean that mess up.
Edit: WTF? It is 1900 now!

I repeat the call, once again, to limiting new users to, say, 10 posts per day until they are “authorised”; and blocking multiple accounts from the same IP in that period (cos spammers aren’t stupid).