Announcement

Collapse
No announcement yet.

Recent forum spam

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • MadGypsy
    replied
    That's a great post, Phenom!

    I seriously disagree with the giving up rights part, though. Requiring a Gmail/Facebook login doesn't result in the loss of any rights. I understand that fb and g can log that you visited here but, welcome to the 21st century where the fact that you own a phone or use a computer is tracking you whether you sign up with this stuff or not. EVERYTHING you do electronically is being stored somewhere. Do you have a bank account and EVER use your card to make purchases? Do you have a Windows or mac operating system? Does your job pay you in checks/direct deposit. Do you have an email account? I'm just "some guy" and I could track down possibly all of you. Unless you intend to completely drop out of society and live in a 3rd world country/way you gave up your "privacy" long ago.

    Let's think for one second. You are posting on a public forum but, don't want Facebook or Google to know about it....just everybody else? Lol, silly.
    Last edited by MadGypsy; 03-25-2017, 07:30 AM.

    Leave a comment:


  • Phenom
    replied
    Stopping a human spammer from filling out a registration form and checking an email for an activation link will be near impossible to stop even on a region based blocking system. This would most certainly have to be handled by a human admin/mod, unfortunately.

    Automated bots on the other hand can be stopped/prevented/thwarted or at least slowed down by implementing a few tricks such as:

    Captcha
    The need to physically read scrambled line of text is usually enough to block a huge majority of spam bots, this is practically mandatory on registration websites these days.

    Email activation
    Requiring the user[or bot] to follow an activation link sent via email is another layer of security that can be added since most spam scripts don't account for email retrieving and parsing. This is also highly recommended for registration websites such as forums.

    Honey Pot forms
    This one I like to personally use added with the previous 2 options (captcha & email registration) to bring 99.9% of bot spam to a screeching halt. Essentially what this does is it adds an invisible field to the registration form that a normal person doesn't see and is not required to fill out to register. A bot on the other hand will see the form as a whole including the invisible field called "email address" (or whatever you'd like) which most spam bots have a function to sniff out field names that might be important to fill out to register (username,email,password,website URL etc...) and if this invisible field is filled out then it obviously means a bot is attempting to register, that or a VERY curious human. This triggers the "bot alert" which blocks registration and or can ban the IP address of the user effectively reducing the bandwidth they consume and won't allow them back in.

    StopForumSpam APIs
    (Stop Forum Spam)
    This is a collective database of known spambots that can be referenced using APIs to test if a visitor on this site is a spambot or not. While it's out of the scope of most people when it comes to APIs let alone most the stuff in this post, as a web admin/web developer you have to learn a few things. I'm not sure if vBulletin has an extension to make use of the API from Stop Forum Spam but I highly suggest if there is then it should be implemented to at least add another layer of invisible checks.

    I believe Solecord already has QuakeOne.com connected to CloudFlare which does help to some degree and has put in place counter-measures on bot spam.

    I also agree that people here should NOT be required to identify using any external sources as it would be wildly out of place on this scenario, though it is highly effective.

    This sort of makes me think of the whole "War on terrorist" where in order to have security you have to give up your rights, which is ass backwards to me.

    I believe educating people on how to deal with certain situations, giving them the tools to handle situations themselves and requiring every willing and able person to take a stand as an individual for the greater good of the website not the other way around and honestly so far if people don't like something they see or see spam in general they report it, I know, I'm one of the people who gets the "Reported post on QuakeOne.com" emails when things get reported.

    The QuakeOne.com community is pretty smart overall and together, yes we could probably take over the world! But that's not our goal.

    There is a system here and it's not broken so why go out of our way to fix it when the solution is to just use our brain and adjust things accordingly?

    I'd hate to lose anyone here over some extra third-party security credential checking measure that could have been handled if the situation was just thought upon.

    Forced Social login from social media sites can actually kill a community.

    Me personally I would like to see a function that allows new members to make posts but in order for their posts to get seen they need to be approved by moderators until they reach a specified number of positive posts, that's why we have mods. While this still isn't a sure-fire method we can't really stop a human spammer from registering and allow legit new members.

    I can spam right now if I wanted to, sure my spam posts would be removed and I'd get banned but it just goes to show, we will always have "that one guy at the party" slipping in every now and then.
    Last edited by Phenom; 03-25-2017, 04:03 AM.

    Leave a comment:


  • MadGypsy
    replied
    I don't use social media either but, I have a Gmail account, which is all you would need to do what I proposed. However, it doesn't matter cause like I already knew and some admins already said, that solution would never happen anyway.

    The purpose of my solution isn't to alienate anyone. It was a possible IDEA where spammers are forced to log in with something that isn't so anonymous. I'm not even sure that my idea was solid because, I don't know if contacting Google with "[email protected] is spamming my forum and I need to put an end to it...." would result in anything at all.
    Last edited by MadGypsy; 03-24-2017, 11:28 AM.

    Leave a comment:


  • talisa
    replied
    Originally posted by Rampage View Post
    I disagree, many valued members here don't use Facebook and we don't want to alienate those people.
    exactly.... i dont have facebook myelf as i dont see the appeal of those so-called 'social media' websites...
    i dont get the appeal of posting your personal life and info online for every creep on the internet to see and read

    Leave a comment:


  • Mr.Burns
    replied
    (Monty nervously puts down his popcorn, rises from his chair straightening his tie, gingerly raises his hand and after clearing his throat says... ) I don't and probably never will use social media. There, I have finally purged the demon. Yes by all means use whatever method you have to to make this place better for the community as a whole. If I had to be one of those casualties MG referred to then I would be willing to "take one for the (Quake) team".

    Kind regards

    Mr B
    Last edited by Mr.Burns; 03-24-2017, 09:06 AM.

    Leave a comment:


  • Rampage
    replied
    Originally posted by MadGypsy View Post
    That would be a shame. Conversely, if we lost a couple/few members due to making this place nicer for those that come here it would be an acceptable loss.

    Maybe, way more people feel like they will stop coming here if the spam continues/worsens. It's rarely possible to please everyone.

    I mean this in reply to your statement, not as a direct message to you, Vegetous. However, I doubt you need worry about a Google or Facebook login appearing here... probably ever.
    I disagree, many valued members here don't use Facebook and we don't want to alienate those people.

    Leave a comment:


  • Solecord
    replied
    I can assure you we won't require anyone to use a Google or Facebook login.

    Leave a comment:


  • MadGypsy
    replied
    Really, to get rid of our current spammer is very simple...

    Any post containing foreign characters is immediately kicked. It is SUPER rare that someone posts in something other than the English alphabet here and even then it's always small talk between two people that happen to speak a Slavic language.

    Leave a comment:


  • MadGypsy
    replied
    That would be a shame. Conversely, if we lost a couple/few members due to making this place nicer for those that come here it would be an acceptable loss.

    Maybe, way more people feel like they will stop coming here if the spam continues/worsens. It's rarely possible to please everyone.

    I mean this in reply to your statement, not as a direct message to you, Vegetous. However, I doubt you need worry about a Google or Facebook login appearing here... probably ever.

    Leave a comment:


  • vegetous
    replied
    Originally posted by MadGypsy View Post
    Another option is to force sign-in with Google or Facebook. Google is the weak link because you can get as many accounts as you want but, it's more complicated to have numerous Facebook accounts and it takes a lot of steps to make one.

    However, with both it may be possible to contact either complaining that you are getting numerous spam posts from their members..... ?
    I'm not trying to be more tracked by google or facebook! That's the reason I never log with facebook or google accounts to other services than their own, so definelly don't try to force me to do this, or the forum will lose another user.

    Leave a comment:


  • MadGypsy
    replied
    Another option is to force sign-in with Google or Facebook. Google is the weak link because you can get as many accounts as you want but, it's more complicated to have numerous Facebook accounts and it takes a lot of steps to make one.

    However, with both it may be possible to contact either complaining that you are getting numerous spam posts from their members..... ?

    Leave a comment:


  • Focalor
    replied
    Yeah, Captcha will prevent 99.9% of spam bots from being able to register, but it won't stop the rarer human spammers from registering and posting junk links everywhere. You can set up posting restrictions that require a moderator or admin to manually okay every post by a new member up until a certain number of posts or days (a vetting period of sorts), but that will be extra annoying work for admins/moderators, and will also possibly be so annoying to new members that it discourages them from continuing to hang around. Honestly, the best way to handle it is to use a spambot registration prevention like Captcha and then manually ban the occasional humans spammers that weasel in.

    Also might be worth mentioning that these forums should consider seeking SSL certs soon. You can pay for it, but I think there might be one or two places that do it free. All the browsers now are starting to add warnings to pages where logins aren't secure with SSL.

    Leave a comment:


  • Solecord
    replied
    The current tool I have installed uses a central repository of saved data and compares user ip, username, and email address to prevent sign ups.

    Leave a comment:


  • Rampage
    replied
    Originally posted by Adam View Post
    Is it humans distributing the spam, I mean, is it ever humans or is it always automated?

    If it is always bots, then wouldn't something similar to the captcha system work?

    A basic maths question or similar.

    Then once you have been a member for a month it switches off, or not, I wouldn't really mind if it stayed as long as it doesn't involve too much hoop jumping.

    Or you could employ a heavier handed gatekeeper system, whereas all posts and threads have to be moderated first within the initial 24hrs that an account is created.

    Unfortunately I have never been able to get my head around programming. I wish I could. So unless you need help with a batch file, I'm no use.

    Edit : Rampage beat me to post, how does the anti-spam tool work?

    It blocks certain accounts from registering altogether.. I guess based on IP or country, not sure, whatever the parameters Solecord set it to.

    Leave a comment:


  • Adam
    replied
    Is it humans distributing the spam, I mean, is it ever humans or is it always automated?

    If it is always bots, then wouldn't something similar to the captcha system work?

    A basic maths question or similar.

    Then once you have been a member for a month it switches off, or not, I wouldn't really mind if it stayed as long as it doesn't involve too much hoop jumping.

    Or you could employ a heavier handed gatekeeper system, whereas all posts and threads have to be moderated first within the initial 24hrs that an account is created.

    Unfortunately I have never been able to get my head around programming. I wish I could. So unless you need help with a batch file, I'm no use.

    Edit : Rampage beat me to post, how does the anti-spam tool work?

    Leave a comment:

Working...
X