Recent problems with spambots

Everything about this website and its content. Here you will find update announcements or requests for feedback. Questions about layout, functionality, content, and your suggestions are welcome.
turbof1
Moderator
User avatar
Joined: Thu Jul 19, 2012 8:36 pm
Location: MountDoom CFD Matrix

Re: Recent problems with spambots

Post by turbof1 » Mon May 04, 2015 2:30 pm

Tim.Wright wrote:The abuse problem is easy to fix. Just implement it without telling anyone so no-one will know its operating :wink:

How often do you see abuse of the spam report function now??

Anything that gets reported wrongly (i.e. by accident) would be picked up by the mods when you scan through the reports.
I still feel it'll lead to unjustified abuse, atleast just on the simple "one spam report, direct deactivation". It does not take a lot for members to figure that out even if we'd keep it silenced.

We often have posts running a report against them even though said post did nothing wrong. The difference why we allow this, is because there is no reporcursion towards the person who made the post. If we'd change that, and a post gets wrongly tagged for spam, then that person is done wrong.

The idea is quite good though. Again if we can manage that a user needs to have 2 or 3 posts reported as spam by as many different members, then I think it's a valid idea.

However again, it does not fix the issue on its own, but will simply limit it.

Personally, I'd target the registration criteria. We already are discussing this in the background. We can easily block OCR technology by for instance showing an image instead of a caption or written question; for manual registration of the spambots we'll need a different answer. I suspect most people behind the spambots will refrain from registration if the question is made difficult enough.
#AeroFrodo

Phil
375
User avatar
Joined: Tue Sep 25, 2012 3:22 pm

Re: Recent problems with spambots

Post by Phil » Mon May 04, 2015 3:21 pm

Essentially, it should be an easy problem to solve;

The forum only allows registered members to post.

So it can/should be easily solved by tightening the register-functionality. As far as I am aware, even the more basic forum software should allow that i.e. newly registered members first have to be "approved by a mod". I can understand that mods or a site maintainer might be hesitant to enforce this, because it will lead to more work being done in activating legitimate new posters (or if bots can easily register without any protection, there will be a huge list of newly registered bots and users), but given that F1T is already a well visited forum and the majority of posts are by established members, at least this way you are protecting the core experience.

Also - one other question; Does the forum check the validy of an email address when a new member registers? Enabling this is a no-brainer. This should already limit the bots to some degree. If this is activated, then the logs (the webserver logs that is) will give you a better understanding on how the bots work and get around the security check.

From what I can remember, there is some anti-spam mechanism being used (the questionaire), but it might be too easy. The other option is that the forum has a severe security leak which is being exploited to get around the security checks that are in place. As I said though, the webserver logs will reveal this (as long as they are being looked at by someone with some understanding of how bots function and move around a site).
Not for nothing, Rosberg's Championship is the only thing that lends credibility to Hamilton's recent success. Otherwise, he'd just be the guy who's had the best car. — bhall II
#Team44 supporter

turbof1
Moderator
User avatar
Joined: Thu Jul 19, 2012 8:36 pm
Location: MountDoom CFD Matrix

Re: Recent problems with spambots

Post by turbof1 » Fri May 22, 2015 10:40 am

Looks like the updates are paying off. We still have the occasional spambot sneaking through the filter, but the utter bulk of it gets caught. Fingers crossed this line continues!
#AeroFrodo

djos
111
User avatar
Joined: Fri May 19, 2006 5:09 am
Location: Melbourne, Australia

Recent problems with spambots

Post by djos » Mon Aug 10, 2015 10:11 pm

There's a new octa something or other spam bot terrorising the forums and has been for more than 12 hours.

Does the report button in tapatalk actually work cause I've reported more that half a dozen posts so far?
The impossible often has a kind of integrity which the merely improbable lacks.

flynfrog
Moderator
User avatar
Joined: Thu Mar 23, 2006 9:31 pm

Re: Recent problems with spambots

Post by flynfrog » Mon Aug 10, 2015 10:28 pm

djos wrote:There's a new octa something or other spam bot terrorising the forums and has been for more than 12 hours.

Does the report button in tapatalk actually work cause I've reported more that half a dozen posts so far?
We got them djos, I was losing ground on keeping up with deleting them so I waited for the user to be deleted thanks.

djos
111
User avatar
Joined: Fri May 19, 2006 5:09 am
Location: Melbourne, Australia

Re: Recent problems with spambots

Post by djos » Tue Aug 11, 2015 3:18 am

Cheers, thank you.
The impossible often has a kind of integrity which the merely improbable lacks.

FW17
205
User avatar
Joined: Wed Jan 06, 2010 9:56 am

Re: Recent problems with spambots

Post by FW17 » Tue Aug 11, 2015 3:26 am

Maybe the mods can review and approve the first 10 posts of new users to avoid some the spam

jwh
0
Joined: Sun Apr 17, 2011 5:32 pm

Re: Recent problems with spambots

Post by jwh » Tue Aug 11, 2015 9:36 am

Spambots are irritating certainly - you wonder what the point is.

Phil
375
User avatar
Joined: Tue Sep 25, 2012 3:22 pm

Re: Recent problems with spambots

Post by Phil » Tue Aug 11, 2015 11:35 am

It is the Borg.

Resistance. Is. Futile. 8)
Not for nothing, Rosberg's Championship is the only thing that lends credibility to Hamilton's recent success. Otherwise, he'd just be the guy who's had the best car. — bhall II
#Team44 supporter

rjsa
69
Joined: Fri Mar 02, 2007 2:01 am

Re: Recent problems with spambots

Post by rjsa » Tue Aug 11, 2015 12:05 pm

Bots chatting among themselves. I've seen it all.

wesley123
212
Joined: Sat Feb 23, 2008 4:55 pm

Re: Recent problems with spambots

Post by wesley123 » Tue Aug 11, 2015 12:55 pm

I'm still wondering what the problem is. This is probably one of the only (larger) forums i can think of that still has issues with spam on such a large scale.
"Bite my shiny metal ass" - Bender

rjsa
69
Joined: Fri Mar 02, 2007 2:01 am

Re: Recent problems with spambots

Post by rjsa » Tue Aug 11, 2015 2:27 pm

wesley123 wrote:I'm still wondering what the problem is. This is probably one of the only (larger) forums i can think of that still has issues with spam on such a large scale.
Leftover code? Some old sign up page more bot friendly?

Phil
375
User avatar
Joined: Tue Sep 25, 2012 3:22 pm

Re: Recent problems with spambots

Post by Phil » Tue Aug 11, 2015 2:35 pm

The problem is that the board is not secure enough against automated bots.

Bots are nothing but automated scripts, programmed to attack known vulnerable software en masse. If you have easy unprotected forms, it's the worlds simplest challenge to program a script that simply fills it out with junk or malicious code.

Step one to solve it, is to use a captcha test inside the form that are there to sort out automated scripts from actual humans sitting behind a computer. This assumes the captcha is in itself good enough that the most basic bot can't fill it out correctly.

One way or the other, there are obviously security flaws that make it possible for bots to keep spamming the forums with useless posts. It's not even rocket science...

However solving it is tricky, because you are either dependant on the forum software you use (if there are no updates) and you lack the basic (okay - correct: advanced) programming skills to find these loop holes yourself and block them by changing the forum software behind it...
Not for nothing, Rosberg's Championship is the only thing that lends credibility to Hamilton's recent success. Otherwise, he'd just be the guy who's had the best car. — bhall II
#Team44 supporter

Steven
Owner
User avatar
Joined: Mon Aug 19, 2002 5:32 pm
Location: Belgium

Re: Recent problems with spambots

Post by Steven » Tue Aug 11, 2015 7:33 pm

Well, I understand spamming with links, but all that other crap with bogus text... I don't see the point, and I guess I'll never understand it.

Anyway, to summarize the current issues:
- stopforumspam is checked upon user registration, but not on posting, meaning that spammers often register while not in the stopforumspam list, and later start posting. This will be solved with the site update.
- our own spam detector is up for revision. All spam that passes through is added in our database, and we use it do adapt the filter to be more secure in the future.
- right now, the anti-spam question upon registration is too easy. Some more proven system can be plugged in when we update the forum, so there's no point in trying to hack this in right now.

In any case, when seeing spam, don't forget to downvote, as enough downvotes will automatically hide the post from search engines and regular viewers too.

Just_a_fan
409
Joined: Sun Jan 31, 2010 7:37 pm

Re: Recent problems with spambots

Post by Just_a_fan » Tue Aug 11, 2015 9:36 pm

Steven wrote:Well, I understand spamming with links, but all that other crap with bogus text... I don't see the point, and I guess I'll never understand it.
I'd always assumed it was an attempt to prevent any rule-based systems from recognising the post as a spam. Something that is just a URL in a post is easy to spot. Something that has links embedded in text that, albeit meaningless in the context of the forum, is actually correctly used language is harder to deal with.
In any case, when seeing spam, don't forget to downvote, as enough downvotes will automatically hide the post from search engines and regular viewers too.
Ah, useful to know - whilst I often report spam posts I didn't realise that downvoting can be useful weapon too. I shall use my voting privileges accordingly! :D
Turbo says "Dumpster sounds so much more classy. It's the diamond of the cesspools."