Send SpamBots to Purgatory!

The only place for all Non Celestia Discussion/Stuff
chris
Site Admin
Posts: 4211
Joined: 28.01.2002
With us: 22 years 9 months
Location: Seattle, Washington, USA

Post #21by chris » 10.05.2006, 17:46

Malenfant wrote:This is utterly ridiculous. For the love of god, Chris - either take a proactive role in deleting these spammers or assign that role to someone else to do it - either way the current situation is only causing harm, and the longer it persists the worse it will be. It's gotten bad enough as it is.


I'm trying to address this problem through some means other than the ban list, which IMO is inadequate for the task. I don't think anyone has the time or inclination to play whack-a-mole adding spambots to the ban list.

--Chris

chris
Site Admin
Posts: 4211
Joined: 28.01.2002
With us: 22 years 9 months
Location: Seattle, Washington, USA

Post #22by chris » 10.05.2006, 17:58

I've modified the forum settings to require admin authentication for account activation. This will be a headache for me, but it will at least keep the spambots out until we come up with a better solution. Perhaps this:

http://arstechnica.com/news.ars/post/20060407-6554.html

:)

--Chris

Topic author
rthorvald
Posts: 1223
Joined: 20.10.2003
With us: 21 years 1 month
Location: Norway

Post #23by rthorvald » 10.05.2006, 18:41

chris wrote:I've modified the forum settings to require admin authentication for account activation. This will be a headache for me, but it will at least keep the spambots out until we come up with a better solution


Thanks for the response!
One suggestion : if you can modify the path to the register form, we can place a web page in between that only humans can read. I can make that page if you want. But it is important that you are able to change the absolute path to the register function, since the bots knows it.

- rthorvald
Image

ElChristou
Developer
Posts: 3776
Joined: 04.02.2005
With us: 19 years 9 months

Post #24by ElChristou » 10.05.2006, 20:02

:) ... BenAffleck is among us!!!

Hope he could register before Chris modif...
Image

chris
Site Admin
Posts: 4211
Joined: 28.01.2002
With us: 22 years 9 months
Location: Seattle, Washington, USA

Post #25by chris » 10.05.2006, 21:21

ElChristou wrote::) ... BenAffleck is among us!!!

Hope he could register before Chris modif...


. . . and he's a spammer :) Three new users today, only one of the apparently legit.

--Chris

Malenfant
Posts: 1412
Joined: 24.08.2005
With us: 19 years 3 months

Post #26by Malenfant » 11.05.2006, 00:16

Cool, now we're starting to get somewhere :)

Would it not be possible to implement an IP ban perhaps on wherever it is that the spammers are mostly coming from? Or would that block out legit users too?
My Celestia page: Spica system, planetary magnitudes script, updated demo.cel, Quad system

ElChristou
Developer
Posts: 3776
Joined: 04.02.2005
With us: 19 years 9 months

Post #27by ElChristou » 11.05.2006, 02:10

chris wrote:...I've modified the forum settings to require admin authentication for account activation...


"The newest registered user is Lusis Backwood"...

Damned... :x
Image

Avatar
cartrite
Posts: 1978
Joined: 15.09.2005
With us: 19 years 2 months
Location: Pocono Mountains, Pennsylvania, USA Greate Grandfother from Irshava, Zakarpattia Oblast Ukraine

Post #28by cartrite » 11.05.2006, 02:20

And look at the topic under this one. It probally won't last long but :x

Suppose there was a new forum called LIMBO that is hidden to all users except admins or moderators and all new user's 1st thread is posted there till it is screened. By program or manualy.

cartrite
VivoBook_ASUSLaptop X712JA_S712JA Intel(R) UHD Graphics 8gb ram. Intel(R) Core(TM) i5-1035G1 CPU @ 1.00GHz, 1190 Mhz, 4 Core(s), 8 Logical Processor(s) 8 GB ram. Running on Windows 11 and OpenSuse 15.4

Avatar
Chuft-Captain
Posts: 1779
Joined: 18.12.2005
With us: 18 years 11 months

Post #29by Chuft-Captain » 11.05.2006, 03:30



Like it! :lol: Could substitute planets, galaxies, stars for animals.

eg. click on 3 planets, or click on all water planets....etc

EDIT: Could even leave in a few kittens to confuse the hell out of the spambots. :wink:

EDIT: From what I understand, there used to be a bunch of AVATARS available on the forum. I don't how many there were, as it was before I joined, but perhaps these could be resurrected for use as images in this scheme. Could even add a few animated gifs to make image recognition even harder. (click on the jumping kittens :lol:)
"Is a planetary surface the right place for an expanding technological civilization?"
-- Gerard K. O'Neill (1969)

CATALOG SYNTAX HIGHLIGHTING TOOLS LAGRANGE POINTS

Malenfant
Posts: 1412
Joined: 24.08.2005
With us: 19 years 3 months

Post #30by Malenfant » 11.05.2006, 05:56

chris wrote:The problem is that spambots can just register as a new user. Banning doesn't seem to help--the spam accounts never seem to get use more than once.


Actually you're wrong there - they often do post more than once. It's just that Selden deletes each new thread that they start, and when he does that it seems it deletes the post from the spammers' post count too, so afterwards it looks like they've not posted or only posted once. I've certainly seen several examples of the same name posting spam. I know I send Selden links to the spammers - I presume other people do too - and then he gets rid of the threads, but often they do post again.

Besides, doing a purge of the memberlist at least gets rid of the ones that ARE there and gets rid of the WWW links on the memberlist or in their posts that someone might unwittingly click on and thus get nailed by spyware and viruses etc. If your 'admin authorisation' trick will stop more from joining then we're not going to be playing "whack the spambot" because we'll have the opportunity to do a full-on cull of the obvious ones form the membership list while new ones aren't coming in.

Personally I think an IP ban would be effective. Find where they're all coming from and then ban that IP range. I suspect that we don't have that many (if any at all) legit members from Russia where they all seem to be coming from...
Last edited by Malenfant on 11.05.2006, 06:13, edited 1 time in total.
My Celestia page: Spica system, planetary magnitudes script, updated demo.cel, Quad system

Malenfant
Posts: 1412
Joined: 24.08.2005
With us: 19 years 3 months

Post #31by Malenfant » 11.05.2006, 06:11

A more drastic thing to do may be to just outright delete every member who has posted 1 or 0 posts. Down to about 3 posts, the vast majority of the WWW links associated with members on the memberlist seem to be legit personal pages. At 2 posts, a couple of spammers are creeping in. At 1 post there's many more, and at 0 posts most of them are spammers. So if you get rid of the 1s and 0s then you kill most of the spammers in one fell swoop, and if any legit users want to rejoin (unlikely since they hadn't even posted more than once or even at all) then they can try that and get back on.

All we'd be losing if we culled all the 0-post members would be people who had contributed nothing at all anyway (which admittedly is about 4000 members!), so it's not a loss at all. And AFAIK it's not like you even need to register to just read the threads on the forums anyway.
My Celestia page: Spica system, planetary magnitudes script, updated demo.cel, Quad system

Avatar
Chuft-Captain
Posts: 1779
Joined: 18.12.2005
With us: 18 years 11 months

Post #32by Chuft-Captain » 11.05.2006, 08:04

Malenfant wrote:Personally I think an IP ban would be effective. Find where they're all coming from and then ban that IP range. I suspect that we don't have that many (if any at all) legit members from Russia where they all seem to be coming from...

Boy, them's fighting words. Ban a whole country! Are you looking to restart the cold war? :wink: :lol:

The main issue IMO is the prevention of spambots in the first place thru the measures Chris is considering. The historical spam postings are a lesser issue, and can be cleaned up at leisure, once the security measures are in place. (I'm not however volunteering to selectively delete 4000 members :lol: - A few may actually be genuine, but not very active)

Malenfant wrote:...it's not like you even need to register to just read the threads on the forums anyway
There are some advantages in registering. eg. Ability to: "View posts since last visit" and "View own posts" (egosearch)
"Is a planetary surface the right place for an expanding technological civilization?"
-- Gerard K. O'Neill (1969)

CATALOG SYNTAX HIGHLIGHTING TOOLS LAGRANGE POINTS

Vincent
Developer
Posts: 1356
Joined: 07.01.2005
With us: 19 years 10 months
Location: Nancy, France

Post #33by Vincent » 11.05.2006, 10:02

Malenfant wrote:I suspect that we don't have that many (if any at all) legit members from Russia where they all seem to be coming from...

8O... :?:
@+
Vincent

Celestia Qt4 SVN / Celestia 1.6.1 + Lua Edu Tools v1.2
GeForce 8600 GT 1024MB / AMD Athlon 64 Dual Core / 4Go DDR2 / XP SP3

ElChristou
Developer
Posts: 3776
Joined: 04.02.2005
With us: 19 years 9 months

Post #34by ElChristou » 11.05.2006, 11:36

I'm almost sure we have legit users from Russia...
I vote for the kittens :D because definitively 5 bots today means Chris's setting modifs are not very useful... :?
Image

Malenfant
Posts: 1412
Joined: 24.08.2005
With us: 19 years 3 months

Post #35by Malenfant » 11.05.2006, 13:48

ElChristou wrote:I'm almost sure we have legit users from Russia...


Can you think of any active ones? I can't. And if there are legit users from there with one or zero posts then we're not losing anything by preventing them from posting.

Blanket IP bans are a common way of banning spammers on other forums - many do come from specific IP ranges. I'm not being racist or anything stupid like that here, just look at the locations they're registered from - they're mostly from continental Asia and most of their websites and posts are Russian. I don't see any loss at all in doing an IP ban for entire countries if all we're getting from there is spam.

Hell, since this thread started we have had 69 obvious spammers join these forums! Of the first two pages of the memberlist (as listed in descending order of Date Joined), all except one of the newest members listed with WWW addresses are spammers!!
My Celestia page: Spica system, planetary magnitudes script, updated demo.cel, Quad system

Avatar
Chuft-Captain
Posts: 1779
Joined: 18.12.2005
With us: 18 years 11 months

Post #36by Chuft-Captain » 11.05.2006, 16:31

Malenfant wrote:...if there are legit users from there with one or zero posts then we're not losing anything by preventing them from posting.
.. but they are (losing something). :wink:

Malenfant wrote:I'm not being racist or anything stupid like that here, just look at the locations they're registered from - they're mostly from continental Asia and most of their websites and posts are Russian. I don't see any loss at all in doing an IP ban for entire countries if all we're getting from there is spam.
Frustrating, I know, but to be fair, I think it's the forum's responsibility to set up some decent security to prevent the spammers from registering, rather than banning a whole country because some spammers are using their servers.
What should we do if we get some American spammers (Ban the USA?) :lol:
"Is a planetary surface the right place for an expanding technological civilization?"
-- Gerard K. O'Neill (1969)

CATALOG SYNTAX HIGHLIGHTING TOOLS LAGRANGE POINTS

Avatar
t00fri
Developer
Posts: 8772
Joined: 29.03.2002
Age: 22
With us: 22 years 7 months
Location: Hamburg, Germany

Post #37by t00fri » 11.05.2006, 17:43

Actually the US spammers are not sooooo rare ;-) . I have also been making my own little statistics, recently. The spammers from the US are just more clever or more "advanced" in a way. There are these joke tellers, for example, (with an URL pointing to familiar medicals at the bottom ;-) ).

In a way my sympathies are not far from Malenfant's generic proposals. People who do not contribute anything to this forum over an extended period are profiting from the forum (obviously), but give back very little. In times without bots this is all fine, but if we could get rid of many bots by exploiting correllations with "non-writers", well...it's worth thinking about.

Bye Fridger
Image

Rassilon
Posts: 1887
Joined: 29.01.2002
With us: 22 years 9 months
Location: Altair

Post #38by Rassilon » 11.05.2006, 21:10

Image validation works...

eg: Please type in the letters or numbers as they appear on the image...

Also I have moved all forms to flash on any and all websites I develop... I no longer use just form tags and input tags... spambopts only see an object tag when dealing with flash... I am not aware that they are intellegent enough to parse flash itself as generally this is an application and source cannot be seen as with html forms... Real people on the other hand... Thats another story... They have the ability to still fill out the flash forms and bypass the validation... Thats where admin validation comes into play... But alot of users get discouraged to have to wait for someone to 'approve' thier account before they can post....
I'm trying to teach the cavemen how to play scrabble, its uphill work. The only word they know is Uhh and they dont know how to spell it!

Malenfant
Posts: 1412
Joined: 24.08.2005
With us: 19 years 3 months

Post #39by Malenfant » 12.05.2006, 00:22

Either way, so long as the spammers are being prevented from signing up, I don't mind how it's done so long as it works.

But the fact remains that we do need to remove the ones that have already signed up, and I think the best way to do that is to just remove of every 0 and 1 post member. Sure, it's indiscriminate, but no harm is done to anyone and it's probably easier (assuming there's a blanket 'remove member' function) than finding the spammers individually.
My Celestia page: Spica system, planetary magnitudes script, updated demo.cel, Quad system

Johaen
Posts: 341
Joined: 14.01.2006
With us: 18 years 10 months
Location: IL, USA

Post #40by Johaen » 12.05.2006, 00:40

Malenfant wrote:Either way, so long as the spammers are being prevented from signing up, I don't mind how it's done so long as it works.

But the fact remains that we do need to remove the ones that have already signed up, and I think the best way to do that is to just remove of every 0 and 1 post member. Sure, it's indiscriminate, but no harm is done to anyone and it's probably easier (assuming there's a blanket 'remove member' function) than finding the spammers individually.


Actually, from a programming standpoint, deleting users with 1 post might be a bad thing. Unless you delete the posts they made as well (which could contian valuable information), it creates orphan posts. Posts without posters. This could create errors, such as not finding a post, or clicking a link to whoever posted it, and not finding the poster's info.

I admit, I don't know how php forums work. Maybe they have something to fix stuff like that. But I know that's something I have to worry about at my job.


Return to “Petit Bistro Entropy”