Spambot Prevention Suggestions

FIRST General Forum
#41

I’m guilty of having done this before myself on a different forum (though on that forum doing it too often could get you banned).

This happens when it’s not immediately clear to new users why their posts aren’t showing up. Typically forums tell you your post is awaiting approval in the redirect page after you click “submit”, but honestly, no one ever reads those. What you need is a bright red font message right above the “submit” button telling you that your post will need to be approved.

That all said, I do have a few thoughts that might help reduce spam (some of these have already been mentioned but are worth repeating) …

  • First 5-10 posts a user creates require a CAPTCHA to post (prevents human registration - bot posting)
  • Add a generic FIRST-related question to the registration (if it already had one, perhaps add a second).
  • Make threads reported by multiple (~100+ post) users get moved to an invisible moderation forum so they’re not seen while awaiting mod review.
  • Block hyper-linking from users with less than 5-10 posts.
#42

I recommend this…I use it on all of my websites that have forum components. So far ZERO spam.

http://confidenttechnologies.com/products/confident-captcha

/Profit

#43

How about this one?

http://areyouahuman.com/home-2/?utm_expid=44670397-9.s2BqQEMQQ-yGrmqwf4VVFg.1&utm_referrer=http%3A%2F%2Fareyouahuman.com%2Fhome-2%2F

Require 3 or 10 of them.

#44

I guess it would be appropriate to let you know that there are many moderators that watch and receive alerts. When you report a post, we receive an email alert and respond if we are on line. Also some of us watch the new users link on the CD homepage and investigate. Some spammers are caught before they ever post anything because they have certain items in their online profile that highlights them. Sometimes this is a hyper link in their signature line, sometimes it is a website in their profile and sometime it is the nature of their screen name. Some bots are now filling in the field with a random team number so if I see an FRC team number greater than 5000 it is a red flag. Also if I see a retired team number like 47 I also suspect a bot.
I check new users every few days and eliminate as I find them. Several of us start early in the morning so we clean up when we get to work. Eastern time zone usually gets there first like John and Gary. I follow at 6 CDT. Others who are on later in the day like Mark and others will get things while the rest of us are getting home and having dinner and still others will get stuff late night like BillFred.
However, we don’t all have the same rights, so while we get the report, I can’t delete post in all forums but I can delete users so they can’t post again. Some bots (not a lot) have managed to post 20 times in a few seconds.

#45

Just to bring something up right quick, this would have to apply to all edits as well as original posts.

I saw a spammer put up a thread title that didn’t make sense… with identical post content… but no links. 5 minutes later, the same post had MORE words that didn’t make sense, plus the “normal” 30 or more links. (Another 5 minutes later, before this post you’re reading hit the forums, the thread in question was gone, thanks to the mods.)

Just a heads up that we may have an invasion of editing spambots–make post, edit post with links.

#46

http://www.chiefdelphi.com/forums/showthread.php?t=117091

I’ve been seeing that too. There was one (can’t remember when, but very recently) that had a bunch of text in {}'s.

Another thing I’ve noticed is that generally speaking a thread title that has something to do with a celebrity, accident, or something having to do with Middle Eastern politics is usually spam.

#47

Every day for the last week seems like many spammer hits here. I don’t want this great site to be ruined by spammers. Anything we can do to step up the fight? More mods?

I’m happy to mod if needed. I’m west coast so always up and on here late. And I think with over 11 years on the forums, I’m qualified enough. Let me know if I can help.

#48

Adding mods might be helpful, but it’s reactionary. There needs to be a way to head it off before it happens.

I thought someone mentioned there was a newer version of vBulletin with better spam blocking, but maybe that was awhile ago and we’re already using that.

#49

A hidden field could be added to the registration page. A spambot will fill it in but a human won’t see it and leave it blank. If hidden field is filled then reject.

#50

That… might actually work.

#51

The version of vBulletin that Chief Delphi currently runs on was released in 2006.

#52

Most spambots don’t fill all fields, so that wouldn’t work.

The spambot already needs to know to type “inspiration” or “science” into a field when prompted, or answer what Dean Kamen’s first name is, or answer what day of the week it is. Presumably, it’s not a spambot doing that part of registration.

#53

I don’t think we’re actually dealing with spambots anymore.

A lot of spammers have realized its easier to stay one step ahead of anti-spam measures by paying someone in Russia/China/southeast Asia/other developing countries a few bucks a day to sit and manually enter everything.

Look at all the timestamps of the spam posts and threads; they are all usually late at night for North America and working hours in the countries listed above.

#54

Here is a screenshot of some spam I am getting on my website. What do you notice? I noticed that the email addresses are random letters and numbers and the names are the same category. This could be a very crude and a first way to filter out Spam. However, I believe that this forum uses Askimet. As soon as I installed and activated that, I didn’t have to worry about spam, and in face, I just disabled the requirement for comment moderation because I haven’t had a single spam get through.

In Short, If an email is just a weird string of character, have the user trying to sign up have to go through more recognition, same with the name of the user.

Also, I can imagine that a spammer might, himself creating an account/set of accounts for the spambots to use to get into the system. Then, the user can be disabled by a human who can detect that something is spam.

Also, Why do you have those two ads at the top. They never change, so they become kind of annoying, and I am pretty sure the “donate” button has been clicked many times because of how useful this forum is :smiley:

Screen Shot 2013-10-14 at 10.13.01 PM.png
Screen Shot 2013-10-14 at 10.13.01 PM.png1280×800 251 KB



Screen Shot 2013-10-14 at 10.13.01 PM.png
Screen Shot 2013-10-14 at 10.13.01 PM.png1280×800 251 KB

#55

You’d be surprised. I think the “donate” button was up before the ads were.

Note: One of the two ads is ALWAYS from a forum sponsor (IFI), and it’s rarely the same ad two pages in a row. The other is typically from a sponsor of team 51 (used to be 47) who wants to get their message out. Again, rarely the same two pages in a row.

Easy way to turn them off: become a forum subscriber for a couple years. (Translation: big-ish donation.)

#56

I’ll second that. I check CD at least once a day and I’m also on at obscure times. Happy to help.

#57

This could work.

(a little off topic) Our team leader put something like that on the bottom of our last team email; it was a Google Form that you filled out with your name and other emails you wanted the team emails to go to. It was also a test to check who was checking and fully reading the team emails and who wasn’t (it also checked who viewed it within 24 hours).

#58

Perhaps anyone with an IP address from a country where no FIRST teams exist should have to be manually approved by a mod before they could post?

#59

One thing I’ve noticed is that most of the spam has upwards of a dozen hyperlinks in it (most somewhere around 20). They also all seem to appear as new threads.

Would it be possible to put an additional level of security/captcha/mod approval type thing on any new threads that get started with more than 10 hyperlinks? I rarely see any threads started by actual forum users that have that many hyperlinks.

It’s a bit of a stopgap, but should at least slow the current influx of spam threads we’ve been getting recently. Mod approval might be the best way. If someone REALLY wants to get a thread started with lots of hyperlinks, and needs it fast they can always send Brandon Martus or another mod a PM/email. Otherwise they remove the hyperlinks or wait.

#60

This is a good idea, but in reality, a spammer often starts a thread and edits in the hyperlinks a few minutes later. That would be a little harder to deal with.