We have a spam problem

Found an issue with the phpBB system here at NESdev? Use this forum to report problems.

Moderator: Moderators

tepples
Posts: 21707
Joined: Sun Sep 19, 2004 11:12 pm
Location: NE Indiana, USA (NTSC)
Contact:

We have a spam problem

Post by tepples » Mon Oct 31, 2016 1:01 pm

I've been cleaning out a lot of spam today, both in new topics and in replies to existing topics. I see spam in English about medications and spam in Russian about what appear to be credit card copying tools. Even the "One Click Ban" MOD, which is installed here, doesn't help because the spammers keep registering new user accounts. Off the top of my head, I thought of some possible countermeasures:

  • Rotate the registration Q&A
  • Requiring approval of a new user's first post
  • Install a tool to detect and reject posts matching a regular expression, possibly analogous to AbuseFilter for MediaWiki

With the exception of changing the Q&A, I lack enough experience with phpBB3 MODs to recommend anything. What should we try?

User avatar
koitsu
Posts: 4214
Joined: Sun Sep 19, 2004 9:28 pm
Location: A world gone mad

Re: We have a spam problem

Post by koitsu » Mon Oct 31, 2016 1:47 pm

Start doing what I was doing back when I moderated? (Hint: it doesn't involve phpBB at all) (Again: I refuse to disclose the details publicly because the spammers will just use knowledge of the methodology to bypass it)

User avatar
Dwedit
Posts: 4233
Joined: Fri Nov 19, 2004 7:35 pm
Contact:

Re: We have a spam problem

Post by Dwedit » Mon Oct 31, 2016 3:14 pm

Isn't there a Delete User command that also deletes all their posts?
Here come the fortune cookies! Here come the fortune cookies! They're wearing paper hats!

User avatar
koitsu
Posts: 4214
Joined: Sun Sep 19, 2004 9:28 pm
Location: A world gone mad

Re: We have a spam problem

Post by koitsu » Mon Oct 31, 2016 3:51 pm

Dwedit wrote:Isn't there a Delete User command that also deletes all their posts?

Deleting a user in phpBB does not delete all their posts. There's no such option. Maybe there's a mod/plugin for it, but not out of the box.

zzo38
Posts: 1046
Joined: Mon Feb 07, 2011 12:46 pm

Re: We have a spam problem

Post by zzo38 » Mon Oct 31, 2016 3:55 pm

Can you use SQL to delete all of a user's posts?

You may also temporarily disable new users registration
[url=gopher://zzo38computer.org/].[/url]

User avatar
Banshaku
Posts: 2323
Joined: Tue Jun 24, 2008 8:38 pm
Location: Fukuoka, Japan
Contact:

Re: We have a spam problem

Post by Banshaku » Mon Oct 31, 2016 5:10 pm

We are a niche community, there is nothing wrong with that. The simplest way to stop spam is that new users have only access to a private forum where they need to explain why they want to post on nesdev. Once a moderator confirm that the reason is valid then you give them access to all the forums. If you want to be even more strict then once promoted to a temporary user, you limit to 1 post per day or something like that to see what will be posted.

It may be annoying for new users but once they have proven that they really want to participate respectfully with the community then all restrictions are removed. Any person with common sense will respect that.

In the bbs days with frontdoor I think you had to mail to the sysop before you could have access to the board. There is nothing wrong to put your feet on the ground when there is abuse of the system. I can give some of my time to check the messages of new users if required.

User avatar
Memblers
Site Admin
Posts: 3760
Joined: Mon Sep 20, 2004 6:04 am
Location: Indianapolis
Contact:

Re: We have a spam problem

Post by Memblers » Mon Oct 31, 2016 5:23 pm

When you delete a user, there is an option to delete/retain posts. It's under Manage Users, then Delete (and select option) is at the bottom (whether that's built-in or a mod, I don't know). The only downside is that afterwards you don't know what their IP address, but it's pretty much looking like IP blocking is pretty useless.. I don't think they're re-used much.

I guess what I'm wondering is how many legit users are using mail.ru, I swear something like 80% of the spammers are using emails from there. I don't want to screw over legit users. I did ban quite a few shady-looking email domains that were clearly being reused, but that's just a drop in the bucket.

Rotating the spam questions out seemed to help for a while last time. Though I think we should save the old questions and re-use them a while later, because we're gonna run out of stuff to ask pretty quickly (before going too obscure).

If I have some time tonight, I'll post some ideas I have in the admin forum (might as well not show all the cards where the offenders can see it).

Revenant
Posts: 440
Joined: Sat Apr 25, 2015 1:47 pm
Location: FL

Re: We have a spam problem

Post by Revenant » Mon Oct 31, 2016 6:18 pm

Memblers wrote:I guess what I'm wondering is how many legit users are using mail.ru, I swear something like 80% of the spammers are using emails from there. I don't want to screw over legit users. I did ban quite a few shady-looking email domains that were clearly being reused, but that's just a drop in the bucket.


TCRF.net automatically rejects registration from users with mail.ru addresses, and out of all the registration attempts it has caused, I can't think of a single time it has affected a legitimate user.

User avatar
Dwedit
Posts: 4233
Joined: Fri Nov 19, 2004 7:35 pm
Contact:

Re: We have a spam problem

Post by Dwedit » Mon Oct 31, 2016 6:42 pm

On my tiny message board, I block the IP, then the class C if there's another from a similar IP, then the class B if there's another from a similar IP. Yes, way too overreaching, but good enough.
But I haven't had to do much of that since adding the registration question.
Here come the fortune cookies! Here come the fortune cookies! They're wearing paper hats!

User avatar
koitsu
Posts: 4214
Joined: Sun Sep 19, 2004 9:28 pm
Location: A world gone mad

Re: We have a spam problem

Post by koitsu » Mon Oct 31, 2016 7:05 pm

We have legitimate Russian users on this forum. I would be very wary of keying off of that.

And again: I refuse to publicly discuss the heuristics of what to key off of to ban/block someone. For Tepples and/or Memblers: just use the methodology I used when I moderated and things will clear up. It's more involved and requires manual effort + review of logs, but it holds up. (Unless, of course, after the server move, the methodology broke... which if so, would explain quite a lot)

User avatar
koitsu
Posts: 4214
Joined: Sun Sep 19, 2004 9:28 pm
Location: A world gone mad

Re: We have a spam problem

Post by koitsu » Mon Oct 31, 2016 7:07 pm

Memblers wrote:When you delete a user, there is an option to delete/retain posts. It's under Manage Users, then Delete (and select option) is at the bottom (whether that's built-in or a mod, I don't know).

Don't remember seeing this checkbox before -- thank you for educating me!

User avatar
rainwarrior
Posts: 7636
Joined: Sun Jan 22, 2012 12:03 pm
Location: Canada
Contact:

Re: We have a spam problem

Post by rainwarrior » Mon Oct 31, 2016 9:07 pm

Thank you to the mods for your efforts in cleaning this up. I know I only saw a small part of the mess, and I appreciate the work being done to get rid of it.

User avatar
tokumaru
Posts: 11438
Joined: Sat Feb 12, 2005 9:43 pm
Location: Rio de Janeiro - Brazil

Re: We have a spam problem

Post by tokumaru » Tue Nov 01, 2016 5:19 am

Man, this spam wave is getting really out of hand! I don't remember any other previous attack being this strong.

User avatar
thefox
Posts: 3141
Joined: Mon Jan 03, 2005 10:36 am
Location: Tampere, Finland
Contact:

Re: We have a spam problem

Post by thefox » Tue Nov 01, 2016 10:48 am

Banshaku wrote:The simplest way to stop spam is that new users have only access to a private forum where they need to explain why they want to post on nesdev. Once a moderator confirm that the reason is valid then you give them access to all the forums.

This seems like a decent solution. Whether it's technically feasible or whether it adds too much work for the moderators is another question. If something like this is implemented, it would be best if all registered users can read all forums, but can only post on the private verification forum, since I think some people register for the sole purpose of being able to track which threads/posts they have read.

Chances are this is not easily achievable in phpBB, though.
Download STREEMERZ for NES from fauxgame.com! — Some other stuff I've done: fo.aspekt.fi

User avatar
Dwedit
Posts: 4233
Joined: Fri Nov 19, 2004 7:35 pm
Contact:

Re: We have a spam problem

Post by Dwedit » Tue Nov 01, 2016 11:06 am

They're baaaaaack!
Here come the fortune cookies! Here come the fortune cookies! They're wearing paper hats!

Post Reply