View previous topic :: View next topic |
Author |
Message |
Bob the Hamster OHRRPGCE Developer
Joined: 22 Feb 2003 Posts: 2526 Location: Hamster Republic (Southern California Enclave)
|
Posted: Thu Dec 14, 2006 8:59 am Post subject: spam control! |
|
|
CastleParadox needs some spam protection.
I don't think captcha will help. It is easy to defeat, and I suspect most of the recent spammings are coming from copy-and-paste-sweatshop workers, not bots.
I think blocking posts that contain URLs from newly registered users would help. Suppose that you have to be a member for at least 48 hours before your posts can contain external urls
Limiting URL-containing posts based on post count could work too... but I hate to see a spammar post 50 "zarg the three day alive floating best the wize other three trout" linkless posts so he can get his count up high enough to post that one spam link (although isn't there already some form of posting rate-limiter in place?)
Another option is a whitelist like the "Not evil" list on the wiki... that takes a little more administration, but is more reliable. Obviously if IM had to edit a text file every time a new non-spammer user joined, that would suck, but if the list came from a source that could be edited by multiple admins, it might be practical. |
|
Back to top |
|
|
Valigarmander Bye-Bye
Joined: 04 Mar 2006 Posts: 750 Location: Nowhere
|
Posted: Thu Dec 14, 2006 9:09 am Post subject: |
|
|
Spammers piss me off. I used to go to a website to help depressed teens (no, I'm not making that up) and some assrammer thought it would be a nice idea to turn the website which was originally intended for helping lonely, suicidal kids into page after page of pornography spam. I swear, if I ever catch the man/bot who did all of that I will kick his ass up one end of the Internet and down the other.
Fucking spam. |
|
Back to top |
|
|
Inferior Minion Metric Ruler
Joined: 03 Jan 2003 Posts: 741 Location: Santa Barbara, CA
|
Posted: Thu Dec 14, 2006 12:47 pm Post subject: |
|
|
I've implemented a few spam mods, so if anyone has trouble posting please let me know via IRC, AIM, MSN, or e-mail.
As for the captcha, I've had phpBB's captcha turned on for quite some time now. The problem with phpBB is it's very well known and their built-in captcha has been compromised for quite some time now. When it comes to spam prevention, it's an uphill battle.
~IM _________________
|
|
Back to top |
|
|
Camdog
Joined: 08 Aug 2003 Posts: 606
|
Posted: Thu Dec 14, 2006 1:20 pm Post subject: |
|
|
No doubt. Thanks for the work you're doing! |
|
Back to top |
|
|
Rinku
Joined: 02 Feb 2003 Posts: 690
|
Posted: Thu Dec 14, 2006 1:33 pm Post subject: |
|
|
They actually pay people to spam?
Does spam even work? I don't know anyone who's actually bought something they found via spam. _________________ Tower Defense Game |
|
Back to top |
|
|
Moogle1 Scourge of the Seas Halloween 2006 Creativity Winner
Joined: 15 Jul 2004 Posts: 3377 Location: Seattle, WA
|
Posted: Thu Dec 14, 2006 1:37 pm Post subject: |
|
|
Problem with filtering URLs in posts, James, is that some spammers don't put the URLs in their posts.
A simple captcha might be insufficient, but it couldn't hurt, either. _________________
|
|
Back to top |
|
|
Valigarmander Bye-Bye
Joined: 04 Mar 2006 Posts: 750 Location: Nowhere
|
Posted: Thu Dec 14, 2006 2:38 pm Post subject: |
|
|
Moogle1 wrote: | Problem with filtering URLs in posts, James, is that some spammers don't put the URLs in their posts. |
The vast majority of them do. I think filtering URLs would help a chunk of the problem. Certainly not all, but a good part of it. |
|
Back to top |
|
|
Setu_Firestorm Music Composer
Joined: 26 Mar 2003 Posts: 2566 Location: Holiday. FL
|
Posted: Thu Dec 14, 2006 3:51 pm Post subject: |
|
|
Rinku wrote: | They actually pay people to spam?
Does spam even work? I don't know anyone who's actually bought something they found via spam. |
I often wondered the same thing. As far as I could see: internet advertising is a no-win situation since the only ways to do it tend to piss people off. _________________
Facebook: http://www.facebook.com/georgerpowell
Newgrounds: http://setu-firestorm.newgrounds.com |
|
Back to top |
|
|
Joe Man
Joined: 21 Jan 2004 Posts: 742 Location: S. Latitude 47°9', W. Longitude 123°43'
|
Posted: Thu Dec 14, 2006 4:20 pm Post subject: |
|
|
phpBB is prett much the worst board availible though. Seriously, bots seem to follow me from one phpBB to the other even.
OH SHIT THAT MEANS IT'S MY FAULT _________________ "Everyone has 200,000 bad drawings in them, the sooner you get them out the better."
~Charles Martin Jones
Last edited by Joe Man on Fri Dec 13, 1957 1:21 am; edited 2,892 time in total |
|
Back to top |
|
|
FyreWulff Still Jaded
Joined: 02 Apr 2005 Posts: 406 Location: The Internet
|
Posted: Thu Dec 14, 2006 5:12 pm Post subject: |
|
|
half of it is because the phpBB programmers are fools, the other half is that up until recently, or sometimes I think they still do this, the version number of your board is displayed somewhere publicly.
So all spammers have to do is search for a version of phpBB with a known exploit. then they just pull down all the results and go at it. script kiddies and hackers do this to, this is how Castle Paradox got nailed because somebody was searching for specific versions of phpBB with a certain vulnerability.
I mean hell, I think it's still possible for a user to be forcibly logged out/delete a thread if you construct posts in a certain way. |
|
Back to top |
|
|
Bob the Hamster OHRRPGCE Developer
Joined: 22 Feb 2003 Posts: 2526 Location: Hamster Republic (Southern California Enclave)
|
Posted: Fri Dec 15, 2006 8:01 am Post subject: |
|
|
Rinku wrote: | They actually pay people to spam? |
The spam sweat-shop is just a theory, but it is a fact that some spamming is done by-hand rather than scripted. I do know there are schemes where spammers do a real-time transfer of a registration captcha from a site they want to spam to a porn site they host. People solve the captcha to gain access to the porn, which the server then forwards on to the registration, leaving the spammer with a valid login.
Rinku wrote: | Does spam even work? I don't know anyone who's actually bought something they found via spam. |
I have met a few people IRL who can't tell the difference between spam and legitimate advertisements. Even if only 1 in 1000 falls for it, the spam can still be proffitable.
Also, a lot of these spams are not targeting humans directly, rather they are targeting google's seach-engine algorythm.
Moogle1 wrote: | Problem with filtering URLs in posts, James, is that some spammers don't put the URLs in their posts. |
Yes, but they are few in number. Blocking urls eliminates a large percentage of the worst spammers. Remember, if there is no link, the spammer makes no money.
Moogle1 wrote: | A simple captcha might be insufficient, but it couldn't hurt, either. |
But we have already had a simple captcha for a long time. |
|
Back to top |
|
|
Camdog
Joined: 08 Aug 2003 Posts: 606
|
Posted: Fri Dec 15, 2006 11:03 am Post subject: |
|
|
James Paige wrote: | Moogle1 wrote: |
A simple captcha might be insufficient, but it couldn't hurt, either. |
But we have already had a simple captcha for a long time. |
Captchas can hurt, as they're pretty unbeatable for people with disabilities like blindness. Also, they're a usability nightmare, because difficult to read with OCR software is often the same things as difficult to read with human eyes. The easy ones get bypassed and the hard ones cause headaches. That said, it might be helpful if we switched out the default phpBB captcha for something else.
I was reading about an interesting solution for dealing with bot spam not too long ago. Basically, in the registration page, you create a form element with a name that would be attractive to a bot (like "username"), but then use CSS to make it invisible to human users. When a registration is submitted, you can check to see if the "trap" form element was filled out, and if it was, you can discard it. Best of all, its completely transparent to the end user. Of course, this is problematic to users browsing with styles turned off, but who does that anymore?
(Not sure how this would work in the case of the blind user though. Would a screen reader know not to read an element with a style flagging it as not displayed?) |
|
Back to top |
|
|
Moogle1 Scourge of the Seas Halloween 2006 Creativity Winner
Joined: 15 Jul 2004 Posts: 3377 Location: Seattle, WA
|
Posted: Fri Dec 15, 2006 2:25 pm Post subject: |
|
|
Your objection is valid for the internet at large, but it's not like the OHRRPGCE offers much for the vision-impaired user. _________________
|
|
Back to top |
|
|
Camdog
Joined: 08 Aug 2003 Posts: 606
|
Posted: Sat Dec 16, 2006 4:50 pm Post subject: |
|
|
Heh, that's a good point. I guess I worry too much about web accessability on the job. |
|
Back to top |
|
|
FyreWulff Still Jaded
Joined: 02 Apr 2005 Posts: 406 Location: The Internet
|
Posted: Mon Dec 18, 2006 4:20 am Post subject: |
|
|
One of the neatest captchas I've ever seen is the 3D-Magic-Eye captcha for phpBB3.
phpBB3 has some pretty "out-there" captchas. |
|
Back to top |
|
|
|