A possible way to reduce spam ?

[illtaket42]

I spend a lot of time lurking in Milovana and I love this site .

But there is one thing that is starting to annoy me : the slowly growing amount of spam milovana is subject to .

While ignoring these messages seems the best response, we might consider a preventive course of action such as a membership fee.

I've never been a friend of paysites. However, a once only charge of 1 or 2 Euros/Dollars/or whatever will not hurt anyone but should keep a fair amount of spam out of this site.

I'd like to know how the rest of you feel about this. The last word, of course, is with the admins

[sillynick]

Not sure that paying a fee, even if one off, would endear the site to everyone. i agree that we need to stop the spam though. i have noticed that every so often when i am looking at pages on the forum that at the bottom amongst the list of people viewing the page will be someone named Google[bot]. Not sure if there is any way of blocking these?

[ThomasKu]

Yeah, all this spam lately is really annoying.

What about just making the registration a little bit harder? I guess you all know this capture-codes?!

The other idea would be a change in the "Latest Forum Posts". Because no one would see all this spam messages if they were not shown under this list. So I would suggest in addition to the known list with the new posts, a list with about 5 or 10 threads that were most active within the last 24 hours. That would be great.

And my last suggestion is probably not possible:
An extra button for some kind of fast-delete, which would delete such a spam thread when 5 users clicked that button. So we wouldn't have to wait for the admins to do so.

[texturedshroom]

The easiest way to reduce all this spam would be to require email addresses for registration again, which seraph0x is against. Personally though I think with all of the free email accounts available out there, there is really nothing identifying about an email address...

[seraph0x]

The easiest way to reduce all this spam would be to require email addresses for registration again

Spambots can very much defeat email verification. I've first noticed them doing that around 2001 and since then most of them seem to have that feature.

Modern bots go much further. They use gmail.com addresses, they simulate a delay before they "click" the activation link, they simulate cookies and other browser behavior. Some even use actual browser engines in the background.

Update: Just did a quick experiment: I sent a fake verification email to one of the addresses used by the spambot that has been plaguing us the last couple of days. All links were requested from a server in China using "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)" as the user agent. So yes, the exact bot we are dealing with wouldn't be stopped by email verification unfortunately.

What about just making the registration a little bit harder? I guess you all know this capture-codes?!

Spambots are perfectly capable of solving CAPTCHAs.

The arms race has moved on. Recently our side scored a big win with initiatives like StopForumSpam where honeytraps were set up and spammers' IPs blacklisted. That's the reason we managed to stay spam free for several months.

Now they've struck back by deploying spambots on botnets rather than on centralized servers as well as by blacklisting honeytraps. A Ukranian friend of mine is much deeper in this whole scene than I am and he says that there are now systems that cross-reference the ratio by which an IP is blocked with the forums that node spammed beforehand in an effort to automatically detect honeytraps.

My first reaction when we had new spam was to tighten our IP filters. That worked for a week or two, now we are getting spam from completely clean IPs. I guess the arms race has moved on again and we have to find something new.

For now I've just added a new feature which poses a simple question during registration. The only purpose is to make our registration deviate from the standard one, it's perhaps the oldest trick in the book, but still a very effective one as long as your site isn't so big that spammers will actually take the time to create bots for your site specifically.

In terms of what's on the horizon - One service I've heard good things about is Akismet. Currently it's only for Wordpress, but they might very well branch out to forum software as well.

[dix]

Update: Just did a quick experiment: I sent a fake verification email to one of the addresses used by the spambot that has been plaguing us the last couple of days. All links were requested from a server in China using "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0;)" as the user agent. So yes, the exact bot we are dealing with wouldn't be stopped by email verification unfortunately.

Is the bot using a proxy or could we just block all Chineese IP's / DNS's?

[jlx666]

i cant imagine that their bots really found out, that they have to type "milovana", beacuse it works fine on my site since ahm, 2 years pr something... O_o sooo, i think, that these spamers aren't bots... you've said it's chinese IP, so i can imagine that chinese guys really pay people for posting spam messages... if it is the case captchas won't help as well ...

or was that milovana field the one simple question you have added lately? (=

[ThomasKu]

i still say we should impose a post count limit b4 u can start a thread.

Not a bad idea!

[illtaket42]

abraves4410 wrote:
i still say we should impose a post count limit b4 u can start a thread.

Sounds like a good idea and shouldn't put anyone off. I'll second (or third) this motion

[cumhardy]

abraves4410 wrote:
i still say we should impose a post count limit b4 u can start a thread.

Sounds like a good idea and shouldn't put anyone off. I'll second (or third) this motion

sounds good.
I would say force everyone to write a webtease before they can post on the forum... but that would just create a load of pointless one-page teases...but it would mkae for a far more interesting introduction

[seraph0x]

i cant imagine that their bots really found out, that they have to type "milovana", beacuse it works fine on my site since ahm, 2 years pr something... O_o sooo, i think, that these spamers aren't bots... you've said it's chinese IP, so i can imagine that chinese guys really pay people for posting spam messages... if it is the case captchas won't help as well ...

or was that milovana field the one simple question you have added lately? (=

Yep, we added that pretty much right before your post. Haven't had any spam since.