Recent problems with spambots

Everything about this website and its content. Here you will find update announcements or requests for feedback. Questions about layout, functionality, content, and your suggestions are welcome.
User avatar
turbof1
Moderator
Joined: 19 Jul 2012, 21:36
Location: MountDoom CFD Matrix

Re: Recent problems with spambots

Post

Tim.Wright wrote:The abuse problem is easy to fix. Just implement it without telling anyone so no-one will know its operating :wink:

How often do you see abuse of the spam report function now??

Anything that gets reported wrongly (i.e. by accident) would be picked up by the mods when you scan through the reports.
I still feel it'll lead to unjustified abuse, atleast just on the simple "one spam report, direct deactivation". It does not take a lot for members to figure that out even if we'd keep it silenced.

We often have posts running a report against them even though said post did nothing wrong. The difference why we allow this, is because there is no reporcursion towards the person who made the post. If we'd change that, and a post gets wrongly tagged for spam, then that person is done wrong.

The idea is quite good though. Again if we can manage that a user needs to have 2 or 3 posts reported as spam by as many different members, then I think it's a valid idea.

However again, it does not fix the issue on its own, but will simply limit it.

Personally, I'd target the registration criteria. We already are discussing this in the background. We can easily block OCR technology by for instance showing an image instead of a caption or written question; for manual registration of the spambots we'll need a different answer. I suspect most people behind the spambots will refrain from registration if the question is made difficult enough.
#AeroFrodo

User avatar
Phil
66
Joined: 25 Sep 2012, 16:22

Re: Recent problems with spambots

Post

Essentially, it should be an easy problem to solve;

The forum only allows registered members to post.

So it can/should be easily solved by tightening the register-functionality. As far as I am aware, even the more basic forum software should allow that i.e. newly registered members first have to be "approved by a mod". I can understand that mods or a site maintainer might be hesitant to enforce this, because it will lead to more work being done in activating legitimate new posters (or if bots can easily register without any protection, there will be a huge list of newly registered bots and users), but given that F1T is already a well visited forum and the majority of posts are by established members, at least this way you are protecting the core experience.

Also - one other question; Does the forum check the validy of an email address when a new member registers? Enabling this is a no-brainer. This should already limit the bots to some degree. If this is activated, then the logs (the webserver logs that is) will give you a better understanding on how the bots work and get around the security check.

From what I can remember, there is some anti-spam mechanism being used (the questionaire), but it might be too easy. The other option is that the forum has a severe security leak which is being exploited to get around the security checks that are in place. As I said though, the webserver logs will reveal this (as long as they are being looked at by someone with some understanding of how bots function and move around a site).
Not for nothing, Rosberg's Championship is the only thing that lends credibility to Hamilton's recent success. Otherwise, he'd just be the guy who's had the best car. — bhall II
#Team44 supporter

User avatar
turbof1
Moderator
Joined: 19 Jul 2012, 21:36
Location: MountDoom CFD Matrix

Re: Recent problems with spambots

Post

Looks like the updates are paying off. We still have the occasional spambot sneaking through the filter, but the utter bulk of it gets caught. Fingers crossed this line continues!
#AeroFrodo

User avatar
djos
113
Joined: 19 May 2006, 06:09
Location: Melbourne, Australia

Recent problems with spambots

Post

There's a new octa something or other spam bot terrorising the forums and has been for more than 12 hours.

Does the report button in tapatalk actually work cause I've reported more that half a dozen posts so far?
"In downforce we trust"

User avatar
flynfrog
Moderator
Joined: 23 Mar 2006, 22:31

Re: Recent problems with spambots

Post

djos wrote:There's a new octa something or other spam bot terrorising the forums and has been for more than 12 hours.

Does the report button in tapatalk actually work cause I've reported more that half a dozen posts so far?
We got them djos, I was losing ground on keeping up with deleting them so I waited for the user to be deleted thanks.

User avatar
djos
113
Joined: 19 May 2006, 06:09
Location: Melbourne, Australia

Re: Recent problems with spambots

Post

Cheers, thank you.
"In downforce we trust"

User avatar
FW17
169
Joined: 06 Jan 2010, 10:56

Re: Recent problems with spambots

Post

Maybe the mods can review and approve the first 10 posts of new users to avoid some the spam

jwh
jwh
0
Joined: 17 Apr 2011, 18:32

Re: Recent problems with spambots

Post

Spambots are irritating certainly - you wonder what the point is.

User avatar
Phil
66
Joined: 25 Sep 2012, 16:22

Re: Recent problems with spambots

Post

It is the Borg.

Resistance. Is. Futile. 8)
Not for nothing, Rosberg's Championship is the only thing that lends credibility to Hamilton's recent success. Otherwise, he'd just be the guy who's had the best car. — bhall II
#Team44 supporter

rjsa
rjsa
51
Joined: 02 Mar 2007, 03:01

Re: Recent problems with spambots

Post

Bots chatting among themselves. I've seen it all.

wesley123
wesley123
204
Joined: 23 Feb 2008, 17:55

Re: Recent problems with spambots

Post

I'm still wondering what the problem is. This is probably one of the only (larger) forums i can think of that still has issues with spam on such a large scale.
"Bite my shiny metal ass" - Bender

rjsa
rjsa
51
Joined: 02 Mar 2007, 03:01

Re: Recent problems with spambots

Post

wesley123 wrote:I'm still wondering what the problem is. This is probably one of the only (larger) forums i can think of that still has issues with spam on such a large scale.
Leftover code? Some old sign up page more bot friendly?

User avatar
Phil
66
Joined: 25 Sep 2012, 16:22

Re: Recent problems with spambots

Post

The problem is that the board is not secure enough against automated bots.

Bots are nothing but automated scripts, programmed to attack known vulnerable software en masse. If you have easy unprotected forms, it's the worlds simplest challenge to program a script that simply fills it out with junk or malicious code.

Step one to solve it, is to use a captcha test inside the form that are there to sort out automated scripts from actual humans sitting behind a computer. This assumes the captcha is in itself good enough that the most basic bot can't fill it out correctly.

One way or the other, there are obviously security flaws that make it possible for bots to keep spamming the forums with useless posts. It's not even rocket science...

However solving it is tricky, because you are either dependant on the forum software you use (if there are no updates) and you lack the basic (okay - correct: advanced) programming skills to find these loop holes yourself and block them by changing the forum software behind it...
Not for nothing, Rosberg's Championship is the only thing that lends credibility to Hamilton's recent success. Otherwise, he'd just be the guy who's had the best car. — bhall II
#Team44 supporter

User avatar
Steven
Owner
Joined: 19 Aug 2002, 18:32
Location: Belgium

Re: Recent problems with spambots

Post

Well, I understand spamming with links, but all that other crap with bogus text... I don't see the point, and I guess I'll never understand it.

Anyway, to summarize the current issues:
- stopforumspam is checked upon user registration, but not on posting, meaning that spammers often register while not in the stopforumspam list, and later start posting. This will be solved with the site update.
- our own spam detector is up for revision. All spam that passes through is added in our database, and we use it do adapt the filter to be more secure in the future.
- right now, the anti-spam question upon registration is too easy. Some more proven system can be plugged in when we update the forum, so there's no point in trying to hack this in right now.

In any case, when seeing spam, don't forget to downvote, as enough downvotes will automatically hide the post from search engines and regular viewers too.

Just_a_fan
Just_a_fan
593
Joined: 31 Jan 2010, 20:37

Re: Recent problems with spambots

Post

Steven wrote:Well, I understand spamming with links, but all that other crap with bogus text... I don't see the point, and I guess I'll never understand it.
I'd always assumed it was an attempt to prevent any rule-based systems from recognising the post as a spam. Something that is just a URL in a post is easy to spot. Something that has links embedded in text that, albeit meaningless in the context of the forum, is actually correctly used language is harder to deal with.
In any case, when seeing spam, don't forget to downvote, as enough downvotes will automatically hide the post from search engines and regular viewers too.
Ah, useful to know - whilst I often report spam posts I didn't realise that downvoting can be useful weapon too. I shall use my voting privileges accordingly! :D
If you are more fortunate than others, build a larger table not a taller fence.