It is currently Thu Oct 19, 2017 3:11 pm

All times are UTC - 7 hours





Post new topic Reply to topic  [ 21 posts ]  Go to page 1, 2  Next
Author Message
 Post subject: We have a spam problem
PostPosted: Mon Oct 31, 2016 1:01 pm 
Offline

Joined: Sun Sep 19, 2004 11:12 pm
Posts: 19103
Location: NE Indiana, USA (NTSC)
I've been cleaning out a lot of spam today, both in new topics and in replies to existing topics. I see spam in English about medications and spam in Russian about what appear to be credit card copying tools. Even the "One Click Ban" MOD, which is installed here, doesn't help because the spammers keep registering new user accounts. Off the top of my head, I thought of some possible countermeasures:

  • Rotate the registration Q&A
  • Requiring approval of a new user's first post
  • Install a tool to detect and reject posts matching a regular expression, possibly analogous to AbuseFilter for MediaWiki

With the exception of changing the Q&A, I lack enough experience with phpBB3 MODs to recommend anything. What should we try?


Top
 Profile  
 
PostPosted: Mon Oct 31, 2016 1:47 pm 
Offline
User avatar

Joined: Sun Sep 19, 2004 9:28 pm
Posts: 3192
Location: Mountain View, CA, USA
Start doing what I was doing back when I moderated? (Hint: it doesn't involve phpBB at all) (Again: I refuse to disclose the details publicly because the spammers will just use knowledge of the methodology to bypass it)


Top
 Profile  
 
PostPosted: Mon Oct 31, 2016 3:14 pm 
Offline
User avatar

Joined: Fri Nov 19, 2004 7:35 pm
Posts: 3943
Isn't there a Delete User command that also deletes all their posts?

_________________
Here come the fortune cookies! Here come the fortune cookies! They're wearing paper hats!


Top
 Profile  
 
PostPosted: Mon Oct 31, 2016 3:51 pm 
Offline
User avatar

Joined: Sun Sep 19, 2004 9:28 pm
Posts: 3192
Location: Mountain View, CA, USA
Dwedit wrote:
Isn't there a Delete User command that also deletes all their posts?

Deleting a user in phpBB does not delete all their posts. There's no such option. Maybe there's a mod/plugin for it, but not out of the box.


Top
 Profile  
 
PostPosted: Mon Oct 31, 2016 3:55 pm 
Offline
User avatar

Joined: Mon Feb 07, 2011 12:46 pm
Posts: 919
Can you use SQL to delete all of a user's posts?

You may also temporarily disable new users registration

_________________
.


Top
 Profile  
 
PostPosted: Mon Oct 31, 2016 5:10 pm 
Offline
User avatar

Joined: Tue Jun 24, 2008 8:38 pm
Posts: 1517
Location: Fukuoka, Japan
We are a niche community, there is nothing wrong with that. The simplest way to stop spam is that new users have only access to a private forum where they need to explain why they want to post on nesdev. Once a moderator confirm that the reason is valid then you give them access to all the forums. If you want to be even more strict then once promoted to a temporary user, you limit to 1 post per day or something like that to see what will be posted.

It may be annoying for new users but once they have proven that they really want to participate respectfully with the community then all restrictions are removed. Any person with common sense will respect that.

In the bbs days with frontdoor I think you had to mail to the sysop before you could have access to the board. There is nothing wrong to put your feet on the ground when there is abuse of the system. I can give some of my time to check the messages of new users if required.


Top
 Profile  
 
PostPosted: Mon Oct 31, 2016 5:23 pm 
Offline
Site Admin
User avatar

Joined: Mon Sep 20, 2004 6:04 am
Posts: 3470
Location: Indianapolis
When you delete a user, there is an option to delete/retain posts. It's under Manage Users, then Delete (and select option) is at the bottom (whether that's built-in or a mod, I don't know). The only downside is that afterwards you don't know what their IP address, but it's pretty much looking like IP blocking is pretty useless.. I don't think they're re-used much.

I guess what I'm wondering is how many legit users are using mail.ru, I swear something like 80% of the spammers are using emails from there. I don't want to screw over legit users. I did ban quite a few shady-looking email domains that were clearly being reused, but that's just a drop in the bucket.

Rotating the spam questions out seemed to help for a while last time. Though I think we should save the old questions and re-use them a while later, because we're gonna run out of stuff to ask pretty quickly (before going too obscure).

If I have some time tonight, I'll post some ideas I have in the admin forum (might as well not show all the cards where the offenders can see it).


Top
 Profile  
 
PostPosted: Mon Oct 31, 2016 6:18 pm 
Offline

Joined: Sat Apr 25, 2015 1:47 pm
Posts: 327
Location: FL
Memblers wrote:
I guess what I'm wondering is how many legit users are using mail.ru, I swear something like 80% of the spammers are using emails from there. I don't want to screw over legit users. I did ban quite a few shady-looking email domains that were clearly being reused, but that's just a drop in the bucket.


TCRF.net automatically rejects registration from users with mail.ru addresses, and out of all the registration attempts it has caused, I can't think of a single time it has affected a legitimate user.


Top
 Profile  
 
PostPosted: Mon Oct 31, 2016 6:42 pm 
Offline
User avatar

Joined: Fri Nov 19, 2004 7:35 pm
Posts: 3943
On my tiny message board, I block the IP, then the class C if there's another from a similar IP, then the class B if there's another from a similar IP. Yes, way too overreaching, but good enough.
But I haven't had to do much of that since adding the registration question.

_________________
Here come the fortune cookies! Here come the fortune cookies! They're wearing paper hats!


Top
 Profile  
 
PostPosted: Mon Oct 31, 2016 7:05 pm 
Offline
User avatar

Joined: Sun Sep 19, 2004 9:28 pm
Posts: 3192
Location: Mountain View, CA, USA
We have legitimate Russian users on this forum. I would be very wary of keying off of that.

And again: I refuse to publicly discuss the heuristics of what to key off of to ban/block someone. For Tepples and/or Memblers: just use the methodology I used when I moderated and things will clear up. It's more involved and requires manual effort + review of logs, but it holds up. (Unless, of course, after the server move, the methodology broke... which if so, would explain quite a lot)


Top
 Profile  
 
PostPosted: Mon Oct 31, 2016 7:07 pm 
Offline
User avatar

Joined: Sun Sep 19, 2004 9:28 pm
Posts: 3192
Location: Mountain View, CA, USA
Memblers wrote:
When you delete a user, there is an option to delete/retain posts. It's under Manage Users, then Delete (and select option) is at the bottom (whether that's built-in or a mod, I don't know).

Don't remember seeing this checkbox before -- thank you for educating me!


Top
 Profile  
 
PostPosted: Mon Oct 31, 2016 9:07 pm 
Offline
User avatar

Joined: Sun Jan 22, 2012 12:03 pm
Posts: 5718
Location: Canada
Thank you to the mods for your efforts in cleaning this up. I know I only saw a small part of the mess, and I appreciate the work being done to get rid of it.


Top
 Profile  
 
PostPosted: Tue Nov 01, 2016 5:19 am 
Offline
User avatar

Joined: Sat Feb 12, 2005 9:43 pm
Posts: 10063
Location: Rio de Janeiro - Brazil
Man, this spam wave is getting really out of hand! I don't remember any other previous attack being this strong.


Top
 Profile  
 
PostPosted: Tue Nov 01, 2016 10:48 am 
Offline
User avatar

Joined: Mon Jan 03, 2005 10:36 am
Posts: 2962
Location: Tampere, Finland
Banshaku wrote:
The simplest way to stop spam is that new users have only access to a private forum where they need to explain why they want to post on nesdev. Once a moderator confirm that the reason is valid then you give them access to all the forums.

This seems like a decent solution. Whether it's technically feasible or whether it adds too much work for the moderators is another question. If something like this is implemented, it would be best if all registered users can read all forums, but can only post on the private verification forum, since I think some people register for the sole purpose of being able to track which threads/posts they have read.

Chances are this is not easily achievable in phpBB, though.

_________________
Download STREEMERZ for NES from fauxgame.com! — Some other stuff I've done: kkfos.aspekt.fi


Top
 Profile  
 
PostPosted: Tue Nov 01, 2016 11:06 am 
Offline
User avatar

Joined: Fri Nov 19, 2004 7:35 pm
Posts: 3943
They're baaaaaack!

_________________
Here come the fortune cookies! Here come the fortune cookies! They're wearing paper hats!


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 21 posts ]  Go to page 1, 2  Next

All times are UTC - 7 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group