SPAM

Permalink
The spam situation is becoming ridiculous again. With the amount now being posted, marking posts individually as spam takes too much time. Someone's bot seems to have found a new loophole in registering users.

@Franz: You may clear up the spam every morning in Portland, but in other timezones the forums suffer 12 hours of spam while you are sleeping. Can you enable a few of us to mark user accounts as spammers or whatever it is you do to remove entire strings of spam posts?

JohntheFish
 
frz replied on at Permalink Reply
frz
Yeah these phone number posts have been extremely annoying.
We've added some protections to cut them out and it seems to be getting a bit better since.
Sadly I'm basically using the same stuff you are. We have a form we cut and paste things by hand to tell akismit about but that has totally not helped with this stuff, strangely.
abls1 replied on at Permalink Reply
I think the weakness is in the registration!

My suggestions

Create a small script that ask human custom question which you create..t the answers are in a mysql db as is harder for spamm to hack it

sample 1+1=
ans: 2
What is the the full url for concrete5?
ans:http://www.concrete5,org

Number of questions was 1,2,or 3 random so if you had so the spam had to figure out how many answers since one wrong answer for 1 question could give reload 3 questions and all need to be answer correctly

more than 3 attempts will stop you from signing up for 5 minutes

This stopped the spamm on my site 100%
frz replied on at Permalink Reply
frz
we actually do have a captcha when you create an account. These
spammers are doing that by hand. We could add one to every forum post,
but that seems pretty punitive to all of us, and since these are real
people doing it by hand they'd just complete it.

We have a few layers of checks that we run all posts through to see if
they're spam. Adding some strings from this batch of tech support
nonsense seems to have cut them way down..

Really it takes all types I guess. I recently had one of these
spammers straight up use the contact form to complain that their
account had been disabled to me.

At some level I hope they're actually getting paid, it just seems like
such an epic waste of energy. I can't help but to think they're
bright enough to make money while contributing to the betterment of
society instead of getting grandma to give up her hotmail password to
someone over the phone.. Sheesh.
enlil replied on at Permalink Reply
enlil
Community leaders were able to mark these posts/users as spam/troll, and I'm still able to do so. Not sure why you wouldnt be able to john. @franz - I think When we "troll" a user it should at least automatically mark all threads started by the user as spam right away, leaving any posts they commented on alone to be found and manually deleted later. Would surely expedite the process. I've been spamming/trolling the crap out of those posts lately, sometimes to no avail, as they just come in one after another sometimes :|
JohntheFish replied on at Permalink Reply
JohntheFish
Thats what I was asking. Marking posts 1 by 1 has become futile. Spamming a user and all their posts in one click would be much more efficient.
abls1 replied on at Permalink Reply
Captcha is so easy to break I still do not believe why people still use it..Not sure how can you tell is real users since in my experience spamers job is not just 1 site but 1,000's and to pay people to manually post i'ts expensive.

Again my method worked and it was on a phpbb forum which is viewed as a spammers paradise. Some forums will not let you post for awhile or not make your post public right away this way they can monitor who is who but you still have spammer flooding your db
Phallanx replied on at Permalink Reply
Phallanx
@abls1

Captcha won't help you against real people from spam farms regardless if it is visual, maths or whatever. I do agree, however, that you really need to stop them signing up rather than spotting the posts and deleting. It's just pitting community resource against spammer resource and they have more.

Akismet is good, but it tends to be a bit reactive and to inform of new types is a bit manual. So it works great for a few weeks or so, then the spammers get around it. That is is why I wrote an anti-spam plugin that uses project honeypot and checks their email address against some well known disposable account suppliers, their user agent and proxy IP addresses.

It worked great on a couple of my sites, but I don't know how it would fare on somewhere like concrete5.org. I had to hack my C5 installations so that I could have my plugin and akismet to work side-by-side since the C5 addon page only lets you use one but one of the sites was getting about 10 a day which has now gone to zero (anecdotally).

You really need a few
abls1 replied on at Permalink Reply
Spamers can create fake emails coming from ip addresses coming from list which they get by the 1,000's so any solution using spaming network checks is still breakable. Not sure how you know these are reall people.. what if you request users at registration to either upload an icon to their profile or choose from your own icon list? Many times thinking out side the box makes a difference.