Sciencemadness Discussion Board

Fighting against spambots, IP banning is not effective

Oxirane - 28-9-2014 at 09:38

If you want to fight against general bots, add a simple question or a task to the registration form. Most bots currently do not handle those. Questions would be simple like how many legs does a horse have, who is the president of usa or stuff like this. Changing the questions or making tricks that humans understand will prevent the more advanced ones too.

Please do not ban IP:s or IP ranges. I am accessing this site via tor network and I have found that many nodes have been listed. Unless you're gonna ban all of the thousands of ever-changing nodes, do the registration trick.

[Edited on 28-9-2014 by Oxirane]

kmno4 - 28-9-2014 at 15:54

Fighting against spambots, IP banning is not effective
Of course, I agree.
The ONLY REASON that these "bots" like SM is possibility of posting links (in posts or in BIO in their profiles). Efficient blocking of this possibility would give good effects. But it seems that administration has completely different point of view and prefers statistical method of detecting/deleting of this kind of spam + IP banning.

[Edited on 28-9-2014 by kmno4]

S E E . H E R E

franklyn - 28-9-2014 at 16:59

http://www.sciencemadness.org/talk/viewthread.php?tid=26252&...

Polverone - 28-9-2014 at 20:03

Now when non-administrators view the member list they will not see zero-post profiles. Nor will zero-post members appear in the 'members who have visited today' list. This should make profile and bio spammers invisible to search engines and ordinary users. Spammers who actually post are easier to automatically eliminate, so this should cut down on spam activity.

EDIT: and I cleared the IP ban list too.

[Edited on 9-29-2014 by Polverone]

Oxirane - 29-9-2014 at 01:06

Good, thanks. I host some forums myself and I have found IP banning zero effective. Spambots are nowadays basically programmed to change IP servers between every task, and also many users(especially mobile customers) have unlocked IP:s nowadays and they change everytime they disconnect. I have found myself banned from forums and sites I've never visited before and had to notice the admins about the issue.

I remember there was manual activation in use few years ago. This may cause grey hairs to admins because they will find hundreds of activation posts and they must manually search the legit users from the never-ending spambots. And it is damn difficult to distinguish legit users from bots because just about any name can look bot or no-bot.

I have found the "stupid-question" Q&A-task most effective. The autospamming stopped dead cold and I have had only two incidents of spam since last 3 years and I believe they were real human farmers.

gdflp - 29-9-2014 at 03:49

What is going on here, the post number looks contradictory?



Screenshot.jpg - 166kB

Haber - 29-9-2014 at 05:55

I agree completely with Oxirane.

Or just put a captcha on the registration page! Im not trying to be offensive but how hard can it be?
Or am I missing something obvious?

Oxirane - 29-9-2014 at 06:52

Altering the registration page code can be PITA if the forum software does not support it. It must be installed to the software, otherwise it is only cosmetic addition and registration can be carried out without filling it. I understand the admin when this is the case, it took me a year to fix a simple problem until I found the script codes. Maybe this is one of the reasons why there is discussion on updating SM software to a newer one?

Loptr - 29-9-2014 at 07:16

A Guide to Combating Spam on a Simple Machines Forum
http://www.simplemachines.org/community/index.php?topic=4527...

They talk about using captcha and quizzes.

I personally think quizzes would be a good idea, which can't easily be overcome by addition of widely available and open-source OCR libraries.

Again, I am sure Polverone is well aware of the options.

kmno4 - 4-10-2014 at 03:13

Quote:

Or just put a captcha on the registration page! Im not trying to be offensive but how hard can it be?
Or am I missing something obvious?


Quote: Originally posted by Polverone  
I'm not going to make people take a chemistry quiz to join. I'm not going to require every new member to get manual approval before posting. This has been suggested many times before and I'm not going to do it.
(...)
I have disabled captchas for registration because legitimate members or would-be members found them frustrating to solve.

Nothing more to say
As I have written earlier, spammers' goal is posting https(s) links in their personal profiles or main board. It is enought to disable possibility of posting any links by new users for a week (or something like this). When a spammer tries to post it by force, several times, his account will be suspended/deleted automatically.

Just some script detecting "http://" phrase anywhere in post or profile and warning (for new users) not to post links during few days.
Seems doable, but I do not know if doable for this aged forum soft.

It is just an option, I am not going to write more post in this and similar ridiculous threads.

hyfalcon - 4-10-2014 at 03:20

Active outside links are the problem. If everyone would post their links using BB Code,
Code:
Text here
, you can still communicate your information without an active outside link. Then look for new posts with active links and kill them.