Spambot Prevention Suggestions

[jwallace15]

Although strange locations and non-FIRST postings are among the activities of spambots, not all people who join CD that do those things are spammers.

http://www.chiefdelphi.com/forums/sh...d.php?t=117653

Couple weeks ago, this person not affiliated with FIRST asked a viable programming question.

From what I've seen spambots only spam when they start their own thread, not on an existing thread. My suggestion is to pre-screen new thread requests from new users.

I also like Efoote868's suggestion about basically granting more priveliges to those with higher rep.

I recall starting a thread when I first joined and seeing a message that said my thread would be previewed by Moderators before it was posted, and that I kept checking to see if it was approved. Was this feature taken away?

EDIT: I recall once seeing a viable thread started by a new user that was edited once it was posted to be spam. So the system can be fooled.

[connor.worley]

A lot of the spam threads contain 15+ links. Maybe a hyperlink limit/verification would be ideal?

[Caleb Sykes]

Quote:

Require new accounts to receive at least some positive reputation before they're allowed to create a new thread, which is where most spam goes.

I disagree. I made my CD account specifically to ask a time-sensitive question during the build season. There is no way that I would have even bothered if I had had to weigh in on other discussions and wait for someone nice to give me rep points. I had, in fact, searched through CD several times, and my question hadn't been asked.

Quote:

OK, if image verification or IP blacklisting won't work, why not ask a FIRST related question. For example, what was the 2011 game name? Or, Which country are 1114 and 2056 located in? Or, what is one FRC supported programming language?

I didn't learn about 1114 and 2056 until the end of the 3rd year on my team. "Common knowledge" on CD is, quite frankly, not common knowledge for a lot of students/mentors out there.

[techhelpbb]

Ask FIRST for the list of mentors they use to control access to the official question forum.
Then ask those mentors to register at ChiefDelphi.
Then give them the ability to confirm team member registrations.

No confirmation ... no post without moderation.

Set up modrewrite on this domain.
Track inbound IP.
Anyone claiming to be one place posting from more than 1 adjacent state/province not mentor approved gets flagged.
Saves moderation time.

Use Bayesian rules to flag posts.

Any post flagged by 2 confirmed mentors is redacted prior to review.

Hyperlinks are shortened. Checked by SourceFire, RBL and local black list.
This allows caching as well.
Any non-confirmed poster with less then 10 posts no hyperlinks allowed.
Allow any confirmed users to flag a hyperlink as a threat then setup a warning or make it text.

Allow donations over $15.
Allow donations of FIRST items ChiefDelphi can resell.
Allow donors to select to be listed if they like.

Expire confirmed accounts after 4 years.

[efoote868]

Quote:

Originally Posted by inkling16

I disagree. I made my CD account specifically to ask a time-sensitive question during the build season. There is no way that I would have even bothered if I had had to weigh in on other discussions and wait for someone nice to give me rep points. I had, in fact, searched through CD several times, and my question hadn't been asked.

Asking a new question might not require a new thread; especially if there were one stickied for that purpose.

[magnets]

My first couple posts took about a day to go through because it said that a moderator was approving it. From what I see, this only happens to a few of the new users, or moderators are approving spam. Perhaps this policy should be tightened to the first ten posts from any users.

[Scott L.]

The use of a verisign generated token that changes everytime the use logs in. there is a phone apps from verisn to work as the token. this would lower the amount of repeat spammers, since the code changes each time based on an algarith, and changes every 30sec.

[Chris is me]

The question doesn't have to be hard to thwart spambots. They are not targeting Chief Delphi in particular - the bots sweep the web and post to any vBulletin forum they can find. If the registration question is as simple as "Who founded FIRST?" or "What is the acronym for FIRST Robotics Competition?" it would probably work.

Honestly, there is no need to be needlessly restrictive and make this community harder to enter just because there's a handful of spam threads a day.

[jwallace15]

[Disclaimer]

For the record I don't expect this idea to be taken seriously, but as a joke.

[/Disclaimer]

Let's create a spam forum for the bots to post on. And we just won't read it! That way they get to advertise but it doesn't show up on the stream on the main CD page.

Problem solved!

[EricH]

Quote:

Originally Posted by techhelpbb

Ask FIRST for the list of mentors they use to control access to the official question forum.
Then ask those mentors to register at ChiefDelphi.
Then give them the ability to confirm team member registrations.

Not happening, for the following reasons:
1) Probably half the mentors won't register, unless it's required (and FIRST won't require it, I'm sure). And confirming team member registrations? Har.
2) The odds of a spambot using a given team number are slim--but the odds of them using 0000 are pretty decent.
3) Restricts Chief Delphi to only FIRSTers--which doesn't help with growing FIRST at all.

Essentially, that places a burden on the mods the first few times any given new member posts. As I noted earlier, I think the mod list needs a shakeup before any more work is placed on them.

The location tracking, and mentor approval... I think that's a bit clunky.

Oh, wait, I know! What's the most current version of vBulletin again, and which version are we on? (hint: they aren't the same)

[techhelpbb]

Quote:

Originally Posted by EricH

Not happening, for the following reasons:
1) Probably half the mentors won't register, unless it's required (and FIRST won't require it, I'm sure). And confirming team member registrations? Har.
2) The odds of a spambot using a given team number are slim--but the odds of them using 0000 are pretty decent.
3) Restricts Chief Delphi to only FIRSTers--which doesn't help with growing FIRST at all.

Essentially, that places a burden on the mods the first few times any given new member posts. As I noted earlier, I think the mod list needs a shakeup before any more work is placed on them.

The location tracking, and mentor approval... I think that's a bit clunky.

Oh, wait, I know! What's the most current version of vBulletin again, and which version are we on? (hint: they aren't the same)

I think you misunderstood. The confirmed users get full access with no restriction immediately. Non-confirmed members get some restrictions.
So if your team leader will not bother you still can post. Just deal with some restrictions initially. Ten post limits on hyperlinks exist on other forums. Membership durations on certain features exist on other forums. If FIRST will not provide the list or as you said the team leaders are not cooperating then allow cross team confirmation.

IP location tracking not only works I personally implemented it on sites that control 10% of the world's finances. You just need to be clever with it. You never use it as a completely automated blacklist. You use it to get a feel for who your customers are and their consistency as a moderation tool. If you know it is unusual for users to pop in from China then flag those posts. Moderation is *so* much less work when you mine your data intelligently. If the moderation is a problem now. What would happen if the post count doubles? In theory it is desirable to grow FIRST so a doubled post count should be positive but if as a moderator the job is too big now....well?

[artdutra04]

99.9% of the moderating I do is deleting spam. So here are some points:

1. For a while before last build season, all posts from new users had to approved by a moderator. On average, there seemed to be a 24-48 hour backlog on posts. Some users would then try to post again... and again... and again... and again because they did not see the posts show up immediately. This created almost as many problems as it solved.

2. The most viable method to preventing spam is to prohibit users that have under 50 posts OR less than 300 points (three green bars) in reputation from:
- Posting hyperlinks in posts or signature
- Editing their own posts

3. Some sub-forums have like 50 moderators, so chances are higher that someone will delete it sooner. Other really obscure and hardly ever used sub-forums have like 3 total moderators, and spam posts there can linger for months and months. I suggest we both significantly prune/lock/archive these forums and add some more active moderators to the remaining forums.

I've seen some spammers go on a 10-20 post blitz of posting worthless drivel posts to get their post count up. 50 posts and 300 points should be a high enough threshold to discourage most spammers. And no hyperlinks of any kind make spam posts worthless.

Maybe to help get some extra money, users under 50 posts or 300 rep points that donate to CD can have these restrictions immediately removed.

[artdutra04]

Quote:

Originally Posted by Chris is me

The question doesn't have to be hard to thwart spambots. They are not targeting Chief Delphi in particular - the bots sweep the web and post to any vBulletin forum they can find. If the registration question is as simple as "Who founded FIRST?" or "What is the acronym for FIRST Robotics Competition?" it would probably work.

Honestly, there is no need to be needlessly restrictive and make this community harder to enter just because there's a handful of spam threads a day.

Most of the new spambots actually rely on a human somewhere (usually somewhere halfway across the world) to confirm any tricky things in the registration process, then use bots to post.

[E Dawg]

Make it so that you must have made at least one post on CD before you can start a thread. That way no one is blocked if they need help, but spambots cannot get in as easily.

[techhelpbb]

Quote:

Originally Posted by artdutra04

99.9% of the moderating I do is deleting spam. So here are some points:

1. For a while before last build season, all posts from new users had to approved by a moderator. On average, there seemed to be a 24-48 hour backlog on posts. Some users would then try to post again... and again... and again... and again because they did not see the posts show up immediately. This created almost as many problems as it solved.

That works much better when the yet to be released posts are merely redacted.
Just post a place holder: Awaiting post approval. At least send an e-mail to the poster.

Then people know what is going on and not flood you.

You could do away with hyperlinks if you snapshot the target website.
Think like Google cache which is a spider.
You can get a picture of the canvas object in Mozilla and Chrome browsers.
Though this could get costly.