[thrak76]

Is it just me, or has there been more spam slipping through lately?

It's been quite awhile since I registered for these forums, so I don't remember the process explicitly. Are there bot-blocking measures in place? I know this is probably extreme, but at a couple forums i visit, each new member's posts must be "vetted" before their posts are added to the forum. This continues for the first few posts the user makes. I've no idea how many moderators are here on the forum, so that might be an unreasonable workload. Just a suggestion!

[bossanova808]

Definitely not just you.

[artrafael]

The moderators are pretty quick in deleting spam posts and users once they are reported. Given the number of new members who register daily and the sheer number of posts made to these forums, I think it would be onerous for the moderators to vet these posts before they are made public. As a community forum, we all should be vigilant and click the REPORT button as soon as we encounter one of these spam posts.

My only concern is that almost half the time when I report a post, the request times out with an "internal server error". In these situations, I don't know if the requests actually made it through or if I need to resubmit the report.

[jmarshall]

My guess is you're posting at the time the forum is backing up. It's getting really slow to do so (takes about 30mins atm) so if you're posting at that time you'll have issues.

Thanks for taking the time to report posts. We normally get them pretty quick when folk are "on duty" but obviously if noone is around for a bit it can take some time.

Cheers,
Jonathan

[da-anda]

FYI, we have stuff in place to prevent spam posts of new members and block bots - but unfortunately there are not only spam bots around, but also humans getting payed to circumvent bot protections and place spam.

[thrak76]

Makes sense. I figured something had to be in place. Your bit about paid spammers is unfortunate. Maybe that makes a case for moderated posts for first-time posters?

[Jezz_X]

The bots are also getting way tricky I've banned lots over that last few weeks (mostly since android version) that post 8 on topic posts that seem perfectly fine but then they go back edit every single post and put spam images and refs into the posts. Some even register months in advance of doing these things. Other people get a virus on there pc and it goes back and edits every single post they have ever made to include spam and referral links we have seen this a few times here

[jmarshall]

Jezz_X: those have been around for the last 8-9 months or so (before the forum switch) - crafty little things - normally detected most easily from the "recent posts" page - you'll see a bunch of unrelated threads posted in by the same poster in the space of a few minutes, normally with username <some_name><some_number> such as jester1049. The posts are normally copy + pasted from another post in the same thread, perhaps just a paragraph, or perhaps some "thanks for that!" with a quote from a previous post, so from the actual post it's usually hard to detect.

One presumes it's a bot, but what's interesting is they've made it past the "are you a human?" questions on the signup page first. Perhaps they've learnt the questions + answers from failed register attempts? I wonder if we should change the questions and see whether the prevalence drops...

Cheers,
Jonathan

[thrak76]

Wow. I had no idea that "coach hand bags" and "nba jerseys" purveyors were so desperate for the click-through, nor that they had become so devious!

How about not being able to post links for the first 20 posts? Though this may not be practical with the amount of linking to pastebin and xbmclogs new users post.

[jmarshall]

Yeah - impracticalities unfortunately rule out a bunch of stuff, particularly when users aren't aware of decent paste sites to begin with (if they were, they could be whitelisted).

[Ned Scott]

Human de-captcha services. There's services where people just enter captchas all day, and they have APIs that spambots can hook into. The human never sees the website or anything, they just see the image and type the text, and the bot gets the right answer to the captcha. This allows banks of people to handle thousands upon thousands of captchas a day.

I've seen some really strange spambot behavior on the wiki before. Bots will post somewhat randomly generated paragraphs with key sentences/keywords, designed to avoid detection while at the same time specifically triggering things that google's search algorithms pick up on. On the wiki we have a spamblacklist that's powered from the blacklist used on Wikipedia (and some of our own manual entries), but sometimes the bot will try alternative forms of the url or go on this "keep posting as much as possible" run, and in the end they don't even include a link (either blocked or got lost in the bot's efforts to mix things up).

Some of the most advanced spam-blocking technology lately is behavior tracking. I've seen this for forum software and for wikis. Basically, there are "filters" of behavior, like "new user who posts at x rate of posts, during this time of day, with a link" etc. They can be more simple, or far more complex. I know the "AbuseFilter" on Wikipedia has some crazy high hit rate with their filters, with almost no false positives (something like 1%, IIRC). Something like that for MyBB exists, and might be just what we need.

[da-anda]

we have a "bad behaviour" plugin in place Ned Scott.We also used Akismet for a while, but it was way to aggressive and had lot's of false positives.

[Ned Scott]

we have a "bad behaviour" plugin in place Ned Scott.We also used Akismet for a while, but it was way to aggressive and had lot's of false positives.

Bad Behavior, that's the one I was thinking of! I heard good things about it, and I wonder if it's working well and we're just seeing a tiny percentage of spam that slips past.

Funny that you mention Aksimet being too aggressive, as the wiki had the same problem (well, it liked to block real users, but not spammers).

[da-anda]

Same here with akismet