Spambot Prevention Suggestions
 

Joe Ross suggested the creation of this thread to discuss ways to stop the recent flooding of spam onto Chief Delphi.

http://www.chiefdelphi.com/forums/sh...d.php?t=115858

Would this have to do with anything?

Re: Spambot Prevention Suggestions
 

Here's a re-post of what I posted in the soon-to be deleted thread:

I would be surprised if they don't already, as they require one for every search if you are not logged in.

I agree. Minus the zapping and oblivion business. ;)

A thought experiment: the problem becomes that the spammer will simply look at the image verification for the bot account they set up; e.g., do it manually. Also, to evade IP address detection, wouldn't they just go to some other public network?

Security-wise, every measure you take is breakable – take hashing, for example. Even though it's designed to be a one-way street with next-to-zero odds of collision, breaking them is still possible. However, it is designed to only brake under an insane amount of computational effort and expenditure of resources.

The problem with the current methods used to prevent bots is that they are all easily defeated with a small cost in resources – it takes a minute for the spammer to write down the image verification. IP address blacklisting is perhaps an order of magnitude harder to break – it probably takes, on average, 40 minutes to get to a local library plus the cost in time to generate an account. You could improve this by adding a cookie to the browser that generated the post the next time they come to CD (with a nice, graciously professional ban message, of course) that tells vBulletin to exclude the new account they are creating. But this would end as soon as the spammer cleared their cookies.

That's the problem with spamming – the more security you put in for prevention, the harder it is for your actual users to get stuff done.

One feature that I would suggest is having a team contact that has to approve all accounts that are attempting to register for the team, in a manner like TIMS/STIMS. While it certainly wouldn't apply to bots without a team, it would help the Juggernauts' number from being abused all the time.

------------------------------

And my response to Joe Ross' link to spam detection software:

Has this been relaxed lately? This particular bot in question was created this month. And has only posted once.

Re: Spambot Prevention Suggestions
 

One thing I think would help would be to add moderator approval for a first post by a new user that doesn't claim a team

Re: Spambot Prevention Suggestions
 

Require new accounts to receive at least some positive reputation before they're allowed to create a new thread, which is where most spam goes.

If all of us veterans know about this policy, I'm sure we'd be more than happy to keep an eye out for new accounts and rep them for making any contributing post.

If it isn't too difficult, you could also have a 30 day waiting period for the account to do something relevant to a legitimate user, such as using the search function or browsing through several threads.

The point is that these simple methods could deter automated spammers, but wouldn't be too much of a hassle for a human user. And if it is a human that is setting these accounts up, there isn't much you can do to prevent it; although you could get more moderators to police the forums for spam.

Re: Spambot Prevention Suggestions
 

Also trivial to get around. All users claim a team in some way--if you'll notice, I'm currently set to team 0000 (unaffiliated/other). It's not hard to put in something about team 0001 or 1234 or some other team, real or not.

Now, there is/was some sort of that thing set up a while back, IIRC, but it was automated or semi-automated. Might be time for Brandon to take a look at some of those parameters and see if they can be adjusted.

Re: Spambot Prevention Suggestions
 

Or for any new user?

Perhaps eliminate the delay between allowing posts and emails for people reporting spam... I'm not sure how that could practically be done. Maybe based on # of posts or reputation?

Filter posts from new users with lots of hyperlinks. You rarely see spam without a big block of links at the bottom.

Re: Spambot Prevention Suggestions
 

The problem is that some of the bots claim teams. A couple that I have seen calim to be from team 3 (both of which set their location to "india"), I think one from team 1, etc. EDIT: EricH beat me to saying this

Some spambots post on random threads responses that don't make any sense to gain posts. That way they seem less likely to be a spambot. For instance, I've seen a couple posts from spambots saying "That is good advice" or "This will be beneficial to my well-being" or things like that. Recently one copied word-for-word what someone posted at the beginning of a thread and reposted it.

I do think that it is a good idea for a moderator to approve a new user's first post, but it is kinda hard to weed out the good from the bad. Not to mention it would take up a lot of the CD Moderator's time.

EDIT: I'm sure Koko Ed would love to see someone create a notspambot that goes to where the spambots hang out and post relevant things. That will teach them.

Re: Spambot Prevention Suggestions
 

My original post:



Also, a thought. What if the forum was set up to pull a thread if enough people reported it, and it was posted by someone "questionable" (new user, no rep, low post count), and the thread would only be reinstated after a moderator approved it?

Re: Spambot Prevention Suggestions
 

Such as this? I reported this, nothing happened, then the person added to the spam and someone else reported it. And it's still there.

Re: Spambot Prevention Suggestions
 

OK, if image verification or IP blacklisting won't work, why not ask a FIRST related question. For example, what was the 2011 game name? Or, Which country are 1114 and 2056 located in? Or, what is one FRC supported programming language?

If the spammers know enough about robotics to answer those questions, then I can't see why they would want to spam CD.

The other suggestion is to make Mods look at a posters first post before allowing them to post.

Re: Spambot Prevention Suggestions
 

I'm wondering, as I have on occasion, how many of the listed moderators are actually active any more. Personally, a quick scan down the list of moderators shows that, for about half of them, I haven't seen a post from them in quite some time, or they only moderate one or two subforums.

I realize that I don't see all the moderator activity by any means, and actively posting isn't necessarily the best means of finding an active moderator... but I suspect it may be time for the CD admin team to review the moderator list and assign some of them a couple extra subforums or something like that.

Reports don't do any good if they're sitting in a PM box that isn't monitored by at least a semi-active moderator. Wonder if that's at least part of the problem...

Re: Spambot Prevention Suggestions
 

As hard as it to believe, a lot of FIRST participants wont know the answer to those questions, especially people making new accounts.

Re: Spambot Prevention Suggestions
 

Fill in the blank with the missing word in the FIRST acronym?


I mean, even if they are new members, if they don't know stuff like that, it maybe it's time they do a Google search and learn it.

Re: Spambot Prevention Suggestions
 

If a new member can do a search and learn it, so can a spammer. As I recall, there IS such a question (having to do with a core value of FIRST) already.


Captcha? Check.
FIRST-related question? Check.
Auto-moderator/quarantine? Check.

Anybody got any other ideas? BTW, these were all implemented either early on or after a particularly vicious spam attack.

Re: Spambot Prevention Suggestions
 

Not allowing first time posters to start a thread. If you are a real FIRSTer, you must have something to say in a thread before you start your "PLEZ HELP ROBOT SMOKING" thread. It would encourage searching too!