Thread: Spambot Prevention Suggestions
View Single Post
  #2   Spotlight this post!  
Unread 26-07-2013, 20:53
brennonbrimhall brennonbrimhall is offline
Free Agent
AKA: Brennon Brimhall
no team
Team Role: Alumni
  
Join Date: Jan 2012
Rookie Year: 2012
Location: Clifton Park, NY
Posts: 222
brennonbrimhall is a name known to allbrennonbrimhall is a name known to allbrennonbrimhall is a name known to allbrennonbrimhall is a name known to allbrennonbrimhall is a name known to allbrennonbrimhall is a name known to all
Re: Spambot Prevention Suggestions
Here's a re-post of what I posted in the soon-to be deleted thread:

Quote:
Originally Posted by DampRobot View Post
Here's an idea, verify that all new accounts are humans by adding an image verification thingy?
I would be surprised if they don't already, as they require one for every search if you are not logged in.

Quote:
Originally Posted by Koko Ed View Post
A better one would be track these jerks down by their IP address and zapping their computers into oblivion so they can't terrorize anyone else with their useless nonsense!
I agree. Minus the zapping and oblivion business.

A thought experiment: the problem becomes that the spammer will simply look at the image verification for the bot account they set up; e.g., do it manually. Also, to evade IP address detection, wouldn't they just go to some other public network?

Security-wise, every measure you take is breakable – take hashing, for example. Even though it's designed to be a one-way street with next-to-zero odds of collision, breaking them is still possible. However, it is designed to only brake under an insane amount of computational effort and expenditure of resources.

The problem with the current methods used to prevent bots is that they are all easily defeated with a small cost in resources – it takes a minute for the spammer to write down the image verification. IP address blacklisting is perhaps an order of magnitude harder to break – it probably takes, on average, 40 minutes to get to a local library plus the cost in time to generate an account. You could improve this by adding a cookie to the browser that generated the post the next time they come to CD (with a nice, graciously professional ban message, of course) that tells vBulletin to exclude the new account they are creating. But this would end as soon as the spammer cleared their cookies.

That's the problem with spamming – the more security you put in for prevention, the harder it is for your actual users to get stuff done.

One feature that I would suggest is having a team contact that has to approve all accounts that are attempting to register for the team, in a manner like TIMS/STIMS. While it certainly wouldn't apply to bots without a team, it would help the Juggernauts' number from being abused all the time.

------------------------------

And my response to Joe Ross' link to spam detection software:

Quote:
Originally Posted by Joe Ross View Post
There is: http://www.chiefdelphi.com/forums/sh...hlight=akismet



There is both an image verification as well as an additional textual verification question.
Has this been relaxed lately? This particular bot in question was created this month. And has only posted once.
__________________
Team 20, 2012-2014: 4 blue banners, 5 medals, and 9 team awards.
Church of Jesus Christ of Latter-day Saints, 2014-2016: Missionary, Colorado Denver South Mission.
Last edited by brennonbrimhall : 26-07-2013 at 20:59.
Reply With Quote