New anti-spam technique implemented (mods take note)
I'm trying different ways to shut down this ridiculous spam flood. The first thing I'm trying is that I've implemented
Akismet to automatically check for known spam in comments. Comments are now sent to Akismet before being posted, and are only supposed to be posted if they are not known spam.
I've set it to only check posts where the user has less than 5 posts, so it won't check us all.
Noticed spam is supposed to go to the moderation queue. Let us see if it works... without slowing down posting too much.
It's $5/month so if it doesn't really work, we'll have to remove it and try something else. If it does work, the cost of filling the tip mug will go up $5.
If it does work, we can shut off moderation of a user's first post.
So known spam will be blocked by Akismet and the Mods don't have to take any action? We'll just be looking for spam that gets past Akismet and also for actual posts by new people so we can approve them?
Do I understand this correctly?
We're gonna have to adjust our practices according to how Akismet is filtering, I think. I don't know if the posts still sit online, in the New Posts to be read, waiting for moderation, or whether they bypass the threads and go straight to the moderation queue.
They don't provide instructions... I figured it out from the vbulletin forum
I've given new users the ability to post threads, in order to see how it works there
OK. There are two spam posts in the moderation queue now. Both posted about 15 minutes before this thread was started. Did they show up before you set up Akismet, or after?
(I left them there in case you want to see them.)
The gaming forum I frequent is having a similar onslaught
REDDIT is being pounded as well.
Those third world people need a hobby: like being dead.
And now there are three; this thing is doing its job!
We should put some retired Navy Seals on that... keep 'em outa trouble during their off time.
And now there are three; this thing is doing its job!
groovy... call off the ground strike
Ah no, wait, I have to mark it such that Registered users posts aren't moderated by default.
There, I've set it up and deleted the other posts... NOW we'll see if everything spam is moderated by Akismet
Those third world people need a hobby: like being dead.
Well stop sending their children your dinner leftovers, then......
And now two spam threads started.
(I'm leaving everything up for now. Not deleting anything in the queue.)
Wolf got them! But anyway, it's clearly working... next, they shouldn't be able to start threads and mess up the thread listing. I'll turn that off for new users.
What if we charged a dollar to join the cellar?
I'm sure there would be legal and business consequences that would make it not worthwhile, but it'd screw the spammers, eh?
It would screw us is the problem!
If it goes on the answer is to moderate every new user, which would be a pain in the ass since the spammers started 35 accounts just overnight.
I just deleted like 30 spam posts this morning.
It was rather tedious. Maybe I'm not doing it the most efficient way. I go to the moderator's queue, and see the post waiting for moderation, and then I follow the link to the thread where the post is actually located, find the post, and then soft delete it as spam. Can I delete them as spam directly from the queue? I only see "approve" "delete" and "ignore" as options in the queue, and assumed the "delete" option was a hard delete so I've never used it there.
If there is going to be this much spam every day, I need to find a faster way to deal with it.
Also, a good 20 or so of the posts were from one bot. Do you think it would be a good idea to limit a new user to 5 posts until they have been approved by a mod, and then they can post all they want?
You can delete them from the queue. Problem is that doesn't ban the user and they are free to spam again.
I'll take a look at alternate methods... can't do it until later cost I'm Tapatalking this morning.
I wish there were a way to make it a video game for long term users.
Like we can point our mouse at the screen and 'shoot' the spam post, leaving giant gaping smoking gun holes through their posts.
Oh, it won't solve anything but it'd be fun. ;)
Wow, XRumer 7.5.28 Elite released on a week!
Its can post to trusted forums, blogs, CMS's, social networks.
Totally AUTOMATICALLY breaks ReCaptcha's! (avg. time to recognition = [color=red]0.2 sec[/color])
Interested? Just Google for latest version of XRumer ;)
Good luck!
P.S. Additionally questions such as "How many 2+2?" or "What color of snow" will DONT help you - XRumer 7.5.28 can break Its too ;)
P.P.S. And - yes, profile on your forum automatically created with XRumer 7.5.28; price of this software complex at the moment = $590, [color=red]price after october 2012 will grow up to $650[/color]
I just moved the post above to this thread. I think it offers some insight into what's happening.
I'd be happy to help during this crisis.
Not to act as a mod, just to delete obvious spam posts, on threat of being banned myself if I ever abuse it.
Sure you have it under control, but being on GMT and on holiday I'm around at a slightly different time to you chaps. If the attacks are from Europe I might be useful.
I feel like I've banned 50 people so far today. I wish the banned user list was sortable by date so I could easily see how many I have taken out, but it's been a constant stream all day.
Hmm. That sounds like complaining. Let me give myself a violin.
:violin:
does flagging an obviously spammy post help at all?
No it hurts, because then there are two things to deal with instead of one. We get to all of them eventually.
Unensetib spambot made me read "Unsensitib" which looks like a jim style sock puppet that insults people at random...
I've changed the Human Verification Method to "Question and Answer". Now, instead of a CAPTCHA, they have to answer a question to get in.
The current question is "What seven-letter word is the name of the highest mountain in the world?"
The answer of course Everest
Here's the thing. The question and answer have to be understood by everyone we want on the Cellar, and not understood by third-world spammers OR by automation. They have clearly solved our "what is four plus five?" question.
I figured Everest is pretty universal, but if they figure it out, we may have to switch to something a little more difficult. That means culturally-biased.
So, here is the perfect politically incorrect problem for you to solve. What is the right Question?
I've also banned a bunch of spamming IP blocks. And I want to bookmark
stopforumspam.com as an excellent resource.
I figured Everest is pretty universal
That's pretty good. I got into the Bing translate tool and it wasn't until I got to Haitian Creole that I found a language that spells it differently. (Languages with different alphabets don't count.)
I was thinking about the numerous European cities that are spelled differently depending on the language, like Munich/Munchen.
I've changed the Human Verification Method to "Question and Answer". Now, instead of a CAPTCHA, they have to answer a question to get in.
The current question is "What seven-letter word is the name of the highest mountain in the world?"
The answer of course Everest
Here's the thing. The question and answer have to be understood by everyone we want on the Cellar, and not understood by third-world spammers OR by automation. They have clearly solved our "what is four plus five?" question.
I figured Everest is pretty universal, but if they figure it out, we may have to switch to something a little more difficult. That means culturally-biased.
So, here is the perfect politically incorrect problem for you to solve. What is the right Question?
so it's a war between a robot with a the mother of all dictionaries versus one question with one one word answer? What, are you bored?
What about sidestepping the culturally biased option and ask something about the cellar, like what is the first word in the tagline? Or the third word in the tagline? Or what is the word with the fewest letters? That keeps the cultural bias out. And it's easily changeable. I don't know about the admin burden of changing it every day, but it could be like dumping the trash.
How many monkeys are in the banner?
When was the cellar established?
Though I like BigV's idea about using the tagline.
What gang was Serena celebrating with her victory jig in London?
Are you asking, or are you positing that a potential member would ask?
No new registrations in the last hour, we may have won. I've spent the time deleting obvious spam accounts opened in the last week, but I couldn't get them all. But if this question/answer gets the job done, the spam will slowly stop as the accounts are used.
Q: What is the username of the Owner/admin of the Cellar?
It's the first thing that comes up under FAQ. You could even ask them to "Answer the following Frequently Asked Question." to clue them in. If someone isn't smart enough to figure out where to find the answer, we probably don't want them here anyway. It would seem to be a step the spam bots would have trouble with yet the answer to the question is right here (and it never hurts to get people to read the FAQ before they start posting anyway).
A potential new user has no idea what a tagline is.
Coming up with a question with no cultural bias is harder than it seems. The first ones you came up with had a bias of you needed to already be on the Cellar to understand them.
Me? The first ones I came up with are in the banner at the top of every page.
Everest is a good one. Wait for them to break it.
I would not have been able to say what a tagline was when I joined here.
Well, we could ask them about the squirrel which flies a plane on a treadmill around a tree ...
how about who's the biggest attention whore on the cellar?
Well, we could ask them about the squirrel which flies a plane on a treadmill around a tree ...
That would do it - no-one would ever get in! Or, perhaps better still, show them the picture of that 'fucking iron bar'!
Me? The first ones I came up with are in the banner at the top of every page.
My page doesn't have the banner.
(But I suppose you have to be on the Cellar a while before you learn about the Sterile for Work viewing option.)
No new registrations in the last hour, we may have won. I've spent the time deleting obvious spam accounts opened in the last week, but I couldn't get them all. But if this question/answer gets the job done, the spam will slowly stop as the accounts are used.
So far, no spam in the queue when I came in this morning. You weren't up early cleaning them up, were you? If not, that's a very good sign.
Only one registration overnight! The question is beating them, until it doesn't.