Recent problems with spambots

[turbof1]

The abuse problem is easy to fix. Just implement it without telling anyone so no-one will know its operating

How often do you see abuse of the spam report function now??

Anything that gets reported wrongly (i.e. by accident) would be picked up by the mods when you scan through the reports.

I still feel it'll lead to unjustified abuse, atleast just on the simple "one spam report, direct deactivation". It does not take a lot for members to figure that out even if we'd keep it silenced.

We often have posts running a report against them even though said post did nothing wrong. The difference why we allow this, is because there is no reporcursion towards the person who made the post. If we'd change that, and a post gets wrongly tagged for spam, then that person is done wrong.

The idea is quite good though. Again if we can manage that a user needs to have 2 or 3 posts reported as spam by as many different members, then I think it's a valid idea.

However again, it does not fix the issue on its own, but will simply limit it.

Personally, I'd target the registration criteria. We already are discussing this in the background. We can easily block OCR technology by for instance showing an image instead of a caption or written question; for manual registration of the spambots we'll need a different answer. I suspect most people behind the spambots will refrain from registration if the question is made difficult enough.

[Phil]

Essentially, it should be an easy problem to solve;

The forum only allows registered members to post.

So it can/should be easily solved by tightening the register-functionality. As far as I am aware, even the more basic forum software should allow that i.e. newly registered members first have to be "approved by a mod". I can understand that mods or a site maintainer might be hesitant to enforce this, because it will lead to more work being done in activating legitimate new posters (or if bots can easily register without any protection, there will be a huge list of newly registered bots and users), but given that F1T is already a well visited forum and the majority of posts are by established members, at least this way you are protecting the core experience.

Also - one other question; Does the forum check the validy of an email address when a new member registers? Enabling this is a no-brainer. This should already limit the bots to some degree. If this is activated, then the logs (the webserver logs that is) will give you a better understanding on how the bots work and get around the security check.

From what I can remember, there is some anti-spam mechanism being used (the questionaire), but it might be too easy. The other option is that the forum has a severe security leak which is being exploited to get around the security checks that are in place. As I said though, the webserver logs will reveal this (as long as they are being looked at by someone with some understanding of how bots function and move around a site).

[turbof1]

Looks like the updates are paying off. We still have the occasional spambot sneaking through the filter, but the utter bulk of it gets caught. Fingers crossed this line continues!

[djos]

There's a new octa something or other spam bot terrorising the forums and has been for more than 12 hours.

Does the report button in tapatalk actually work cause I've reported more that half a dozen posts so far?

[flynfrog]

There's a new octa something or other spam bot terrorising the forums and has been for more than 12 hours.

Does the report button in tapatalk actually work cause I've reported more that half a dozen posts so far?

We got them djos, I was losing ground on keeping up with deleting them so I waited for the user to be deleted thanks.

[djos]

Cheers, thank you.

[FW17]

Maybe the mods can review and approve the first 10 posts of new users to avoid some the spam

[jwh]

Spambots are irritating certainly - you wonder what the point is.

[Phil]

It is the Borg.

Resistance. Is. Futile.

[rjsa]

Bots chatting among themselves. I've seen it all.

[wesley123]

I'm still wondering what the problem is. This is probably one of the only (larger) forums i can think of that still has issues with spam on such a large scale.

[rjsa]

I'm still wondering what the problem is. This is probably one of the only (larger) forums i can think of that still has issues with spam on such a large scale.

Leftover code? Some old sign up page more bot friendly?

[Phil]

The problem is that the board is not secure enough against automated bots.

Bots are nothing but automated scripts, programmed to attack known vulnerable software en masse. If you have easy unprotected forms, it's the worlds simplest challenge to program a script that simply fills it out with junk or malicious code.

Step one to solve it, is to use a captcha test inside the form that are there to sort out automated scripts from actual humans sitting behind a computer. This assumes the captcha is in itself good enough that the most basic bot can't fill it out correctly.

One way or the other, there are obviously security flaws that make it possible for bots to keep spamming the forums with useless posts. It's not even rocket science...

However solving it is tricky, because you are either dependant on the forum software you use (if there are no updates) and you lack the basic (okay - correct: advanced) programming skills to find these loop holes yourself and block them by changing the forum software behind it...

[Steven]

Well, I understand spamming with links, but all that other crap with bogus text... I don't see the point, and I guess I'll never understand it.

Anyway, to summarize the current issues:
- stopforumspam is checked upon user registration, but not on posting, meaning that spammers often register while not in the stopforumspam list, and later start posting. This will be solved with the site update.
- our own spam detector is up for revision. All spam that passes through is added in our database, and we use it do adapt the filter to be more secure in the future.
- right now, the anti-spam question upon registration is too easy. Some more proven system can be plugged in when we update the forum, so there's no point in trying to hack this in right now.

In any case, when seeing spam, don't forget to downvote, as enough downvotes will automatically hide the post from search engines and regular viewers too.

[Just_a_fan]

Well, I understand spamming with links, but all that other crap with bogus text... I don't see the point, and I guess I'll never understand it.

I'd always assumed it was an attempt to prevent any rule-based systems from recognising the post as a spam. Something that is just a URL in a post is easy to spot. Something that has links embedded in text that, albeit meaningless in the context of the forum, is actually correctly used language is harder to deal with.

In any case, when seeing spam, don't forget to downvote, as enough downvotes will automatically hide the post from search engines and regular viewers too.

Ah, useful to know - whilst I often report spam posts I didn't realise that downvoting can be useful weapon too. I shall use my voting privileges accordingly!