Anti-spam proposal

Found an issue with the phpBB system here at NESdev? Use this forum to report problems.

Moderator: Moderators

Garth
Posts: 246
Joined: Wed Nov 30, 2016 4:45 pm
Location: Southern California
Contact:

Re: Anti-spam proposal

Post by Garth »

Dwedit wrote: Mon Jul 27, 2020 12:23 am Mods can't ban, only admins can do that.
Mods can ban, but not delete the user.
http://WilsonMinesCo.com/ lots of 6502 resources
User avatar
Dwedit
Posts: 4924
Joined: Fri Nov 19, 2004 7:35 pm
Contact:

Re: Anti-spam proposal

Post by Dwedit »

User-level bans for spammers are meaningless, only IP blocks and deleting users means anything.
Here come the fortune cookies! Here come the fortune cookies! They're wearing paper hats!
tepples
Posts: 22708
Joined: Sun Sep 19, 2004 11:12 pm
Location: NE Indiana, USA (NTSC)
Contact:

Re: Anti-spam proposal

Post by tepples »

Last I checked, the application server wasn't receiving the correct IP from the reverse proxy in front of all NESdev.com traffic.

Even deleting users won't stem the tide of new user registrations. What I can do is start gradually deleting pre-2020 users with no posts one at a time to clean up the list of new users in order to make other controls more effective.
yaros
Posts: 47
Joined: Tue Aug 28, 2018 8:54 am

Re: Anti-spam proposal

Post by yaros »

Probably related, but my account got deleted with all my posts. Few days ago I reported spam in my private message. That was my only activity over the last 6 months. I reported the spam, I never send it. Who can I contact to investigate it?

P.S. Username was the same (yaros). So is email attached to this account.
Garth
Posts: 246
Joined: Wed Nov 30, 2016 4:45 pm
Location: Southern California
Contact:

Re: Anti-spam proposal

Post by Garth »

Dwedit wrote: Mon Jul 27, 2020 7:16 am User-level bans for spammers are meaningless, only IP blocks and deleting users means anything.
I should have been more complete in my post right before that. phpBB forum mods can ban a user by name and IP address, and, if they can get an email address from a site like stopforumspam.com, ban the email address too so it cannot be used to sign up again. (Only an administrator can see the email address.) Then the mod would email the abuser's forum name to an administrator who would then delete them. It's not a total solution, but helps. There have been a few times when one forum or another where I'm a moderator had spam being posted super fast. My first reaction was to delete the spam posts immediately so they would not be visible, delete, delete, delete, but the spammer was online and active at the same time and I couldn't keep up; so I had to let that go and ban the spammer, then I was able to go back and delete the garbage that accumulated while I was in the process of banning him, and of course delete everything else. An administrator can select to delete all the spammer's posts all at once when he deletes the abuser; but it's kind of like graffiti where it's most discouraging to the taggers if you remove their graffiti immediately, before they get the pleasure of anyone seeing it. It can't wait.
http://WilsonMinesCo.com/ lots of 6502 resources
Bavi_H
Posts: 193
Joined: Sun Mar 03, 2013 1:52 am
Location: Texas, USA
Contact:

Re: Anti-spam proposal

Post by Bavi_H »

tepples wrote: Mon Jul 27, 2020 8:48 amWhat I can do is start gradually deleting pre-2020 users with no posts
Even if a user doesn't post anything, one useful feature of having an account is that the site remembers which posts you have read. On some forums, I would set up an account just for the purpose of having the site remember the posts I had read long before I ever posted anything. I would be upset if someone deleted my account because it had no posts.

If you must delete users, would you consider changing the criteria to something like users that have no posts and no recent logins? Or come up with some other criteria that could help minimize deleting legitimate users?
User avatar
Memblers
Site Admin
Posts: 4044
Joined: Mon Sep 20, 2004 6:04 am
Location: Indianapolis
Contact:

Re: Anti-spam proposal

Post by Memblers »

Yeah, it would be a good time to add some new moderators. If anyone wants to volunteer, just say so here and/or a PM. I'll have to PM you some details before beginning. People who have flagged the posts are ones I've been tempted to ask if they want to moderate, but I also don't want the site to be a chore for anyone, or for them to feel responsible for what's basically an out-of-control problem.

I was on a camping trip for a few days, usually when I'm away is when spam gets seen more. Because normally I'm checking the site at least a couple times per day.

There's definitely some security problems, I'd rather not publicly list them off.

yaros: I can see in the log where your account was deleted, it wasn't me but I'm sure it was an accident. Sorry that happened. I also had accidentally deleted a legit user account recently, Thow, who had posted some excellent Famitracker stuff. That was frustrating. A user deletion cannot be undone.
FrankWDoom
Posts: 260
Joined: Mon Jan 23, 2012 11:27 pm

Re: Anti-spam proposal

Post by FrankWDoom »

Is it possible to restrict users from creating new topics until they meet a time/post count threshold? Maybe having mods approve topics from new users if they are valid before they are given free reign? If we're adding mods even something like a time delay auto approve giving someone a chance to catch it might help.
lidnariq
Posts: 11432
Joined: Sun Apr 13, 2008 11:12 am

Re: Anti-spam proposal

Post by lidnariq »

Memblers wrote: Mon Jul 27, 2020 10:02 pm I also had accidentally deleted a legit user account recently, Thow, who had posted some excellent Famitracker stuff. That was frustrating.
At least the posts are for now still in the google cache:
Thow
Posts: 3
Joined: Wed Jun 03, 2020 8:58 am

Thow's 8-bit Music

Post by Thow » Tue Jun 09, 2020 8:36 am
Hey,My name is Thow
My network drive : http://www.guomaostudio.ys168.com/
My Bilibili : https://space.bilibili.com/305632166
My Bandcamp : https://thow.bandcamp.com/ (Only My Original Song,But no Mega Man New Vincent BGM)

-------------
Post by Thow
This is my Original Music
You do not have the required permissions to view the files attached to this post.
---------------
Post by Thow
There is no Boss in this original work.
You do not have the required permissions to view the files attached to this post.
Although I suspect the attachments are inaccessible.
Shonumi
Posts: 342
Joined: Sun Jan 26, 2014 9:31 am

Re: Anti-spam proposal

Post by Shonumi »

Regarding the "new users' posts must be approved by mods", we've actually implemented such a system on a somewhat high profile/high volume forum for a couple of years now. It really cut down on spammers, and most of our new users didn't have any major problems with it (I can only recall maybe three or four who outright complained about it). For us, spam became a non-issue with an approval system.

There are a few caveats, however. You need a decent size pool of moderators who are very active. Otherwise, users could wait for hours before something is approved. My team was fortunate enough to have some very dedicated people on-board, and they catch stuff relatively quickly. Additionally, sometimes new users will post things multiple times if they don't see their post appear the first time, so this would need to be reconciled (e.g. deleting the duplicates, or merging them if necessary).

It's not perfect or foolproof, and I'm not suggesting that it's right for NESdev either (quite the opposite actually!). I just wanted to share that it can work effectively in some situations. Honestly, this approach might be best left to high volume forums that deal with a lot of new members popping up daily. Our forums get a bunch of people who show up just to ask one or two questions and then they're gone for the most part, since we deal with a lot of user support issues. That's not really NESdev's thing though. For a community of this size, it's a bit like taking a sledgehammer to nail. Sure it'll work, but...

I honestly think just having a bigger, more vigilant/active moderation team would do a lot of good. If you can catch and IP-ban the spammers quickly enough, the human spammers often get tired and leave (it's not worth their effort). Spam-bots are hopefully lessened the more IPs and certain email addresses get added to the blocklist.

One thing that might help the moderation team is to frequently examine any new users (e.g. those who registered in the past few days) and check their posts at a glance or see if there's anything strange about their profiles. A bunch of these new accounts for July 27th look pretty suspicious (Name + Number is common for spammers to appear "human") and those links in some of those profiles for escorts are total red flags.
tepples
Posts: 22708
Joined: Sun Sep 19, 2004 11:12 pm
Location: NE Indiana, USA (NTSC)
Contact:

Re: Anti-spam proposal

Post by tepples »

Bavi_H wrote: Mon Jul 27, 2020 9:27 pm If you must delete users, would you consider changing the criteria to something like users that have no posts and no recent logins?
That's what I had been doing so far: deleting accounts with 0 posts and "last active" several years ago.

As for the accidental deletions of yaros and Thow: The administrator interface for a user is supposed to require an extra step to delete users with posts as opposed to users with no posts. It requires the administrator who deletes a user with posts to choose between anonymizing or deleting the posts before submitting the delete form, and this choice doesn't appear on the form for a user with no posts.
FrankWDoom wrote: Mon Jul 27, 2020 10:12 pm Is it possible to restrict users from creating new topics until they meet a time/post count threshold? Maybe having mods approve topics from new users if they are valid before they are given free reign? If we're adding mods even something like a time delay auto approve giving someone a chance to catch it might help.
I don't know if this is technically possible in phpBB with or without mods. But I don't see how it would be helpful. First, that won't help stop spammers who copy posts from earlier in a topic and then paste them later in the topic in order to build post count. Second, it would require us to maintain an introduction topic so that legitimate new users can gain posting privileges.
Shonumi wrote: Mon Jul 27, 2020 11:15 pm Regarding the "new users' posts must be approved by mods", we've actually implemented such a system on a somewhat high profile/high volume forum for a couple of years now. It really cut down on spammers, and most of our new users didn't have any major problems with it (I can only recall maybe three or four who outright complained about it). For us, spam became a non-issue with an approval system.
My only experience with a fully moderated forum such as you describe is the one on devkitpro.org, which happened to have been combined with "everyone who is not a moderator is deemed a new user". I've also seen my comments to Disqus and WordPress comment sections linger for weeks in the state "Your post is awaiting moderation."
FrankWDoom
Posts: 260
Joined: Mon Jan 23, 2012 11:27 pm

Re: Anti-spam proposal

Post by FrankWDoom »

@tepples my suggestion was geared towards preventing new users from creating spam topics. It doesnt address anything regarding posting in existing topics, but

As far as copying posts to unlock topic creation, maybe limit new users to a max number of posts per day?

The idea is to allow users a reasonably unintrusive experience while slowing down spammers enough its not worth their effort.
User avatar
Dwedit
Posts: 4924
Joined: Fri Nov 19, 2004 7:35 pm
Contact:

Re: Anti-spam proposal

Post by Dwedit »

If you really want to automatically stop new users (an idea which I do not like), the only thing that really needs policing is the first posted link. It could be in a post, or in a signature. The account should get flagged for moderator review, and all posts are hidden until approved.

Then greatly expand the number of moderators who can approve the new users.

The only problem is that it won't stop the Copypasta posts, where they repeat an old post, or post something from Reddit.

I do like the idea of requiring 1 post before adding a link to the signature. Warn people about an automatic user-deletion if they put a URL in their signature with only 0 posts.
Here come the fortune cookies! Here come the fortune cookies! They're wearing paper hats!
yaros
Posts: 47
Joined: Tue Aug 28, 2018 8:54 am

Re: Anti-spam proposal

Post by yaros »

Memblers wrote: Mon Jul 27, 2020 10:02 pmI can see in the log where your account was deleted, it wasn't me but I'm sure it was an accident. Sorry that happened.
This is sad... Thank you for the confirmation at least.
User avatar
Dwedit
Posts: 4924
Joined: Fri Nov 19, 2004 7:35 pm
Contact:

Re: Anti-spam proposal

Post by Dwedit »

I just saw something another forum used: Put a (publicly known) username and password inside an image, then use HTTP authentication to protect the register page.
Here come the fortune cookies! Here come the fortune cookies! They're wearing paper hats!
Post Reply