Spammers & bots

**Nick** · February 13, 2010, 14:35

A partial solution might be to

Include a comment in the registration email to the effect that any account which has no posts and no ladder dumps within a week will be deleted and
Delete any account with no posts or ladder dumps within a week.

Don't ask for implementation details - I'm more of an idea rat.

**pav** · February 13, 2010, 14:59

Pete, I am aware of those usernames. So far, they havent done any harm, or any activity at all. They were all registered from a single subnet of certain Indonesian ADSL provider, which is rather curious.

The spam outbreaks are always done by a freshly registered username.

Deleting accounts is counter-productive, as that allows the spambot second round of spamming. Banning these accounts is better.

**Derakon** · February 13, 2010, 16:35

I recommend changing the captcha to something more specific to Angband. I don't think that the bots are specifically targeting this site; they're just scanning for forums they know how to register and post on, and then trying repeatedly to get past the captcha. Change it into something like "What is the first artifact light source most characters find?" (and then doing a regex for "galadriel" on the answer) would probably work pretty well. Or even "What famous fantasy author's work is Angband based on?"

Heck, one site I use just says "Are you human?"

**SaThaRiel** · February 13, 2010, 16:49

Yeah, fighting spam(-bots) is not an easy task. I have some success on a forum with a simple math module (well, for phpBB). Its just questioning stuff like "seven plus 3" or "IV minus six" and the like...it seems to work. Maybe this is an idea for this board (if there is a module for vBulletin). The "board topic" related question will work too.
Captcha and email activation do some good but seem to leak a bit. I dont know why...maybe the bots are good enough.
Another change i recently made is to put all users into a "newly registered users" group which doesnt allow them to browse the memberlist, pm other members and post directly (posts have to be approved first). They will be put into the usual member group after 2 posts (apporoved ones). I think that you can compare the workload to this forum (also more users but postcount should be similar or just a bit higher). And it consumes maybe 15-20 minutes additional "work" a day.
Protecting the admin area with an .htaccess file seems to do good too. So many little things can be done. The sum should work well

**pav** · February 13, 2010, 17:50

Those are solid advices, but I believe the recent spam outbreaks were carried out by a living fleshy human, not by a botnet.

I would hate to inconvenience newcomers to have to wait a couple of hours before their initial post is approved. I fear that would drive people away from starting to post on here. I already do that thing you mentioned about PMs.

**Atarlost** · February 13, 2010, 18:16

You could, though, hold any post with an external url or image by a new poster for moderation.

So urls that start with andband.ook.cz are allowed through (since the ladder is here) but any other url gets the post in the moderation queue.

**pav** · February 13, 2010, 18:19

Not a bad idea. I will check how hard it will be to implement in vB.

**SaThaRiel** · February 13, 2010, 18:28

Hm, and what about having a post delay of some minutes for the second post (after registration - one post direct, 2nd one has to wait)? Mostly people who are interested will post one topic or answer a question maybe - but they seldom post 2 or more times after they registered. So this may help to keep the mass spamming flesh humans away because it takes them too much time (actually they get paid for it).
Sure there is the chance that someone wants to post twice and maybe has to wait for 5 minutes. But with a good description this shouldn't be a too big problem for most people. And if its a problem for them then theyre maybe in the wrong forum anyway

**pav** · February 13, 2010, 18:29

Ineffective - the first spam will still get through.

**SaThaRiel** · February 13, 2010, 20:22

Well - i dont think that you can fight effective against the first spam, especially when there are human spammers. But it would avoid such a spam attack happened yesterday.
Sure its everytime a balance act...keep the board functional for welcome users and make it hard to use for spammers.
Maybe people must send a "CV" before able to post

Actually i know that there are online games which use to do this.

Edit: Oh, before i forget it - disable registrations from mail.ru and others helped. Maybe also from most free email services (googlemail, yahoo, msn and so on). But this is again a "hard" step which may not work to ensure the usability of the forum/community.

**fph** · February 13, 2010, 21:13

Originally posted by SaThaRiel

Edit: Oh, before i forget it - disable registrations from mail.ru and others helped. Maybe also from most free email services (googlemail, yahoo, msn and so on). But this is again a "hard" step which may not work to ensure the usability of the forum/community.

I would strongly object to banning free email services in the registration. For an instance, the average high-school student has no other way to get an e-mail address. And even those who have a "work" or "university" e-mail sometimes prefer not to use it on non-work-related sites.

**pav** · February 14, 2010, 00:03

Okey, I found a plugin that do exactly what we want - stop anything from zero-poster that contains hyperlink. Hope it will not misbehave...

**Zikke** · February 14, 2010, 00:57

Originally posted by pav

Okey, I found a plugin that do exactly what we want - stop anything from zero-poster that contains hyperlink. Hope it will not misbehave...

That should probably take care of most of it. Even though there are human spammers that we can't really stop, stopping the bot spammers will take out 95% or more of the spams.

**buzzkill** · February 14, 2010, 05:09

Oh great! Now where wll I get my 'top notch pornography' and 'genuine Gucci handbags' from?

Don't ban the free mail servers. I like having an email address that doesn't change every time I get a new ISP or JOB.

Spammers & bots

Spammers & bots

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment