how to help fight forum spam

Found an issue with the phpBB system here at NESdev? Use this forum to report problems.

Moderator: Moderators

User avatar
Memblers
Site Admin
Posts: 4044
Joined: Mon Sep 20, 2004 6:04 am
Location: Indianapolis
Contact:

how to help fight forum spam

Post by Memblers »

When registering an account on the forum, there is an NES-related question (chosen randomly from a list). In the past, changing the questions seemed to have slowed down the spam for a while. So I figured it would be a good time to try that again. But this time, why not go further and add a lot of questions? I could use some help with that.

If anyone wants to write a question or two, we could maybe get a decent list going and hopefully make it tougher for them to register. I guess they can just google it, but if we're making dozens or hundreds of them waste their time, then good.

Just send the Q/As to me in a PM, not in the thread itself (for obvious reasons). It's kind of tough because you want it to be obscure, but not too obscure. Also, one question can have multiple answers.
User avatar
Dwedit
Posts: 4924
Joined: Fri Nov 19, 2004 7:35 pm
Contact:

Re: how to help fight forum spam

Post by Dwedit »

I hope the new questions help a bit now.
Here come the fortune cookies! Here come the fortune cookies! They're wearing paper hats!
User avatar
gauauu
Posts: 779
Joined: Sat Jan 09, 2016 9:21 pm
Location: Central Illinois, USA
Contact:

Re: how to help fight forum spam

Post by gauauu »

Out of curiosity, can we also incorporate other things like google's "i am not a robot" captchas?
User avatar
koitsu
Posts: 4201
Joined: Sun Sep 19, 2004 9:28 pm
Location: A world gone mad

Re: how to help fight forum spam

Post by koitsu »

gauauu wrote:Out of curiosity, can we also incorporate other things like google's "i am not a robot" captchas?
This solves nothing -- the people doing the sign-ups are not robots/automated scripts, they are human beings who can read/understand English.
User avatar
slembcke
Posts: 172
Joined: Fri Nov 24, 2017 2:40 pm
Location: Minnesota

Re: how to help fight forum spam

Post by slembcke »

Really? My experience in the past is that more questions don't seem to help. An attacker would only need to answer one question before they can automate the process and brute force it.

I even tried doing it using a webpage full of GUIDs in different styles. The questions were then just "Copy paste the green words from the following web page". Within maybe two days at most of changing the GUIDs out I would start to get spam accounts again. It was miserable and I finally just shut the forum down. The admins had collectively given up on trying to fight the spammers by that point so the traffic went from a dozen or so daily posts to basically 0. :-\

As far as I've ever heard, the only good way to keep spammers out of PHPBB is not to use PHPBB or to write your own custom captcha. -_-
tepples
Posts: 22708
Joined: Sun Sep 19, 2004 11:12 pm
Location: NE Indiana, USA (NTSC)
Contact:

Re: how to help fight forum spam

Post by tepples »

gauauu wrote:Out of curiosity, can we also incorporate other things like google's "i am not a robot" captchas?
For one thing, ISPs in the People's Republic of China block reCAPTCHA, as do web browsers that are set to refuse to run proprietary JavaScript. For another, some people report that reCAPTCHA leads to several minutes of identifying cats, street signs, and the like.
slembcke wrote:The questions were then just "Copy paste the green words from the following web page".
I guess that might work on a forum with no blind members.

A few other systems exist:
  1. Shadowban all newly registered users. Allow a user to post, but hide these posts from the public and from non-staff users until staff release these posts.
  2. Require a referral from an existing member to join. This is the essence of the Vouch extension to Webmention. Some communities make initial contact with newcomers through an IRC channel.
  3. Require ownership of a personal domain and subscription to web hosting to join. The wiki on IndieWeb.com uses IndieAuth protocol.
User avatar
slembcke
Posts: 172
Joined: Fri Nov 24, 2017 2:40 pm
Location: Minnesota

Re: how to help fight forum spam

Post by slembcke »

slembcke wrote:The questions were then just "Copy paste the green words from the following web page".
I guess that might work on a forum with no blind members.[/quote]

Sadly it didn't really work regardless of people's abilities. :(

Does PHPBB support first post moderation? Years ago that worked pretty well on the idevgames forums. Basically your posts don't show publicly until after you have been blessed by a moderator. Easier to review the first post of a new member than every post that shows up on the site.
User avatar
tokumaru
Posts: 12427
Joined: Sat Feb 12, 2005 9:43 pm
Location: Rio de Janeiro - Brazil

Re: how to help fight forum spam

Post by tokumaru »

I guess that catching spammers after they register is more effective than trying to catch them during registration. Can't new members get a limited number of trial posts, in which they can't post links to external sites? When the trial posts are over a mod can then choose whether to make them full members or ban them. Maybe this decision can even be made before the end of the trial posts, if their behavior makes their legitimacy obvious.
tepples
Posts: 22708
Joined: Sun Sep 19, 2004 11:12 pm
Location: NE Indiana, USA (NTSC)
Contact:

Re: how to help fight forum spam

Post by tepples »

That proposal is similar to what we currently do on the wiki for talk page posts by newly registered users. They may edit only talk pages, and adding external links requires solving a CAPTCHA. Promotion happens automatically after two talk edits and a few days in this new user state. But in some cases, spammers have proceeded anyway with "copy and paste and remove spaces".
User avatar
Sumez
Posts: 919
Joined: Thu Sep 15, 2016 6:29 am
Location: Denmark (PAL)

Re: how to help fight forum spam

Post by Sumez »

tepples wrote:
  1. Shadowban all newly registered users. Allow a user to post, but hide these posts from the public and from non-staff users until staff release these posts.
  2. Require a referral from an existing member to join. This is the essence of the Vouch extension to Webmention. Some communities make initial contact with newcomers through an IRC channel.
  3. Require ownership of a personal domain and subscription to web hosting to join. The wiki on IndieWeb.com uses IndieAuth protocol.
a: This solution usually works great. Only downside is that it requires very active moderation as you wouldn't want someone writing stuff for two days wondering why people just ignore them
b: This only works for larger and popular sites, who benefit from filtering in only people who are truly dedicated
c: I assume this was a joke
User avatar
Drew Sebastino
Formerly Espozo
Posts: 3496
Joined: Mon Sep 15, 2014 4:35 pm
Location: Richmond, Virginia

Re: how to help fight forum spam

Post by Drew Sebastino »

I agree that b. would not work. I have yet to meet someone in person who has heard of NESDev.
User avatar
FrankenGraphics
Formerly WheelInventor
Posts: 2064
Joined: Thu Apr 14, 2016 2:55 am
Location: Gothenburg, Sweden
Contact:

Re: how to help fight forum spam

Post by FrankenGraphics »

A lot of forum seem to have restrictions until you've reached a certain number of posts. Like, not being able to participate in for sale threads and the like.

For all new users starting with a post count of 0,
-suspend rights to edit posts until you've made a handful of them.
-likewise suspend rights to make a signature until you've made enough posts.

I've seen this too, so maybe:
-suspend rights to make a new thread in most subforums until you've posted at least 1 reply or made an introduction thread in an appropriate subforum.

But often people register when they have a question, and then hopefully some of them stay to become active members, so the 3rd point might be a bit of a hindrance to community growth.
User avatar
gauauu
Posts: 779
Joined: Sat Jan 09, 2016 9:21 pm
Location: Central Illinois, USA
Contact:

Re: how to help fight forum spam

Post by gauauu »

tepples wrote:For one thing, ISPs in the People's Republic of China block reCAPTCHA,
Last time I was there, nesdev was blocked entirely in China.
[*]Require a referral from an existing member to join. This is the essence of the Vouch extension to Webmention. Some communities make initial contact with newcomers through an IRC channel.
[*]Require ownership of a personal domain and subscription to web hosting to join. The wiki on IndieWeb.com uses IndieAuth protocol.[/list]
A couple minutes of clicking streetsigns isn't acceptable, but requiring a personal domain is?
koitsu wrote:This solves nothing -- the people doing the sign-ups are not robots/automated scripts, they are human beings who can read/understand English.
Now here's the right answer. Koitsu's point is correct -- it won't help if these are real people.
User avatar
pubby
Posts: 583
Joined: Thu Mar 31, 2016 11:15 am

Re: how to help fight forum spam

Post by pubby »

create a captcha system that hides an answer in a NES rom

(spammers won't have NES emulators installed)
tepples
Posts: 22708
Joined: Sun Sep 19, 2004 11:12 pm
Location: NE Indiana, USA (NTSC)
Contact:

Re: how to help fight forum spam

Post by tepples »

Good luck with hiding the answer in a ROM if your first question is emulator tech support. Or should that be done directly with the emulator's developer?
Post Reply