Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
suggetion on make it hard for spammers here
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Gentoo Forums Feedback
View previous topic :: View next topic  
Author Message
DaggyStyle
Watchman
Watchman


Joined: 22 Mar 2006
Posts: 5909

PostPosted: Fri Dec 11, 2009 11:14 am    Post subject: suggetion on make it hard for spammers here Reply with quote

due to the fact that spammers need to register, I have a suggestion that might reduce the ability to spam.
when a user registers, the first 5 messages he post in the forum must be authorized, only after he reached 5 messages, then he is allowed to post without authorization.
now who will authorize? well the mods of course, but they aren't where all the time so I suggest opening a new type of group in which users are added if they reach a curtain level of posting (like 2000 posts for example), when one of them enters the forum, he gets a notice to review the post and approve it. he can move it to another and the next one will get the same message, only after the message gets approved, it will show in the forum.

any thought?
_________________
Only two things are infinite, the universe and human stupidity and I'm not sure about the former - Albert Einstein
Back to top
View user's profile Send private message
Ahenobarbi
Retired Dev
Retired Dev


Joined: 02 Apr 2009
Posts: 345
Location: Warsaw, PL

PostPosted: Fri Dec 11, 2009 1:03 pm    Post subject: Reply with quote

I run into spam message once in a while but it doesn't really bother me (reporting takes really short time and ignoring it even faster :) ).

Spam-prevention can get quite bothersome. Having to wait for your first few posts to appear can be quite annoying ( if yo came to forums you probably have some problem you can't solve. So you're impatient).
Back to top
View user's profile Send private message
Jaglover
Watchman
Watchman


Joined: 29 May 2005
Posts: 8291
Location: Saint Amant, Acadiana

PostPosted: Fri Dec 11, 2009 1:13 pm    Post subject: Reply with quote

That's an inextricable problem - any measure you take affects legit users/postings in a bad way.

I'd rather suggest some veteran users could be given the right to move spam to dustbin.
Back to top
View user's profile Send private message
DaggyStyle
Watchman
Watchman


Joined: 22 Mar 2006
Posts: 5909

PostPosted: Fri Dec 11, 2009 1:56 pm    Post subject: Reply with quote

Ahenobarbi wrote:
Having to wait for your first few posts to appear can be quite annoying ( if yo came to forums you probably have some problem you can't solve. So you're impatient).

no one guarantees you that you will be answered that fast...
I have a few posts that where never answered till this day, that is why I've suggested using veteran users, statistically, there is a veteran/mod in the channel every 10-15 minutes.

Jaglover wrote:
That's an inextricable problem - any measure you take affects legit users/postings in a bad way.

I'd rather suggest some veteran users could be given the right to move spam to dustbin.

legit users/postings aren't spammers, any legit user/poster that spams will probably be dealt same as spammer.
your suggestion is similar but it gives veteran too much power as they can send every post into dustbin potentially.
my suggestion limits it for new users, any spammer that will post five relevant questions about gentoo is a spammer that invests too much is a forum and that isn't logical on it's part, also human checker can see if the post was copied from other post.
there is no complete solution but it might reduce it as today I saw 2 spams.
_________________
Only two things are infinite, the universe and human stupidity and I'm not sure about the former - Albert Einstein
Back to top
View user's profile Send private message
Jaglover
Watchman
Watchman


Joined: 29 May 2005
Posts: 8291
Location: Saint Amant, Acadiana

PostPosted: Fri Dec 11, 2009 2:05 pm    Post subject: Reply with quote

Quote:
your suggestion is similar but it gives veteran too much power as they can send every post into dustbin potentially.

So what. Abusing power will lead to penalties, how many veterans want to be banned, what do you think?
Besides, mods can restore posts from dustbin should this be needed.
Quote:
legit users/postings aren't spammers,

Correct, so why should they be restricted. You recommend they have crippled rights until sixth post.
Back to top
View user's profile Send private message
timeBandit
Bodhisattva
Bodhisattva


Joined: 31 Dec 2004
Posts: 2719
Location: here, there or in transit

PostPosted: Fri Dec 11, 2009 3:34 pm    Post subject: Re: suggetion on make it hard for spammers here Reply with quote

DaggyStyle, thanks for the suggestion.

DaggyStyle wrote:
when a user registers, the first 5 messages he post in the forum must be authorized, only after he reached 5 messages, then he is allowed to post without authorization.
I'm in agreement with Jaglover here, this is too great an imposition on legitimate new users. The risk that an urgent plea for help will languish in the queue for hours is simply too high.

If the board were truly being overwhelmed I might feel otherwise. On average, we have banned about 9.2 spammers per day since Googlebot crawled back in. I especially enjoy the agonized screams from the eight-tenths of a spammer that isn't banned right away. :twisted:

Quote:
...I suggest opening a new type of group in which users are added if they reach a curtain level of posting (like 2000 posts for example), when one of them enters the forum, he gets a notice to review the post and approve it. he can move it to another and the next one will get the same message, only after the message gets approved, it will show in the forum.
The approval scheme is reasonable but broadcast mechanisms are difficult. The most reliable means are email and private messages. The former is too slow for this purpose; not everyone monitors email on a continuous or even regular basis. There are numerous issues with the latter, not least of which is PMs too are easily overlooked. There's also the complicating factor that broadcasts must be retracted after any quasi-moderator addresses the queue, lest you annoy them all to no purpose. Coding such a scheme is fraught with opportunities for race conditions and other fun bugs.

Regardless of the merits, as we are no longer enhancing phpBB v2 this will not be implemented in the current forum software. I doubt there will be much interest in adding it to v3 either since, as I said, we're far from overwhelmed.
_________________
Plants are pithy, brooks tend to babble--I'm content to lie between them.
Super-short f.g.o checklist: Search first, strip comments, mark solved, help others.
Back to top
View user's profile Send private message
DaggyStyle
Watchman
Watchman


Joined: 22 Mar 2006
Posts: 5909

PostPosted: Fri Dec 11, 2009 3:49 pm    Post subject: Re: suggetion on make it hard for spammers here Reply with quote

timeBandit wrote:
DaggyStyle, thanks for the suggestion.

DaggyStyle wrote:
when a user registers, the first 5 messages he post in the forum must be authorized, only after he reached 5 messages, then he is allowed to post without authorization.
I'm in agreement with Jaglover here, this is too great an imposition on legitimate new users. The risk that an urgent plea for help will languish in the queue for hours is simply too high.

If the board were truly being overwhelmed I might feel otherwise. On average, we have banned about 9.2 spammers per day since Googlebot crawled back in. I especially enjoy the agonized screams from the eight-tenths of a spammer that isn't banned right away. :twisted:

Quote:
...I suggest opening a new type of group in which users are added if they reach a curtain level of posting (like 2000 posts for example), when one of them enters the forum, he gets a notice to review the post and approve it. he can move it to another and the next one will get the same message, only after the message gets approved, it will show in the forum.
The approval scheme is reasonable but broadcast mechanisms are difficult. The most reliable means are email and private messages. The former is too slow for this purpose; not everyone monitors email on a continuous or even regular basis. There are numerous issues with the latter, not least of which is PMs too are easily overlooked. There's also the complicating factor that broadcasts must be retracted after any quasi-moderator addresses the queue, lest you annoy them all to no purpose. Coding such a scheme is fraught with opportunities for race conditions and other fun bugs.

Regardless of the merits, as we are no longer enhancing phpBB v2 this will not be implemented in the current forum software. I doubt there will be much interest in adding it to v3 either since, as I said, we're far from overwhelmed.

okie dokie, just thought it might interest the mod. :)
_________________
Only two things are infinite, the universe and human stupidity and I'm not sure about the former - Albert Einstein
Back to top
View user's profile Send private message
synn
n00b
n00b


Joined: 11 Dec 2009
Posts: 25

PostPosted: Sun Dec 13, 2009 10:17 am    Post subject: Reply with quote

Why not add CAPTCHA system ? That helps with most of the forums. I have one installed on my forums. I guess phpbb does have captch system. I think this forums needs up gradation for that.
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 9645
Location: almost Mile High in the USA

PostPosted: Tue Dec 29, 2009 10:26 pm    Post subject: Reply with quote

Captcha has been broken, especially phpbb2's default.

I actually modified my phpbb2's a little and for about 3 years it warded off spam since it no longer looks like the default. However recently even my personally modified captcha got hacked and spam suddenly appearing :-(

Guess I have to keep on updating my captcha...
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 6920

PostPosted: Thu Feb 11, 2010 9:37 pm    Post subject: Reply with quote

How about using "common sense" captchas, those things where you get given text instructions on filling in forms in a specific way? I've seen them used in a few places but don't know how effective they really are.
Back to top
View user's profile Send private message
eccerr0r
Watchman
Watchman


Joined: 01 Jul 2004
Posts: 9645
Location: almost Mile High in the USA

PostPosted: Fri Feb 12, 2010 12:51 am    Post subject: Reply with quote

Can't use common sense captchas because if the site is popular enough, a person can just go through all the questions and answer them in advance, and do a simple if-then to fill in appropriate response...

However, if the site is _not_ "popular enough" they may not notice and not bother with trying to crack it.

If a "common sense" solution is needed, there needs to be _thousands_ of questions in the pool that's not math-related (unless it's calculus, which is tough for a computer to solve, but then it won't be common sense anymore.)

What color is the sky on a cloudy day?
How many tires touch the road on a passenger car?
What is the main ingredient of peanut butter?
How many millimeters in a meter?
What's the fourth word on this page? (note: making this "What's the %s word on this page?" is NOT acceptable as this could be answered by computer.)
What flavor of Linux is this phpbb for?
Why should I have to make so many questions?

There needs to be _thousands_ of these, enough to make the person trying to crack it not worth their effort... which implies the same set of questions cannot be used on more than one system -- it would increase the value of having automated answers for these questions.

[on the other hand, stuff like kitten-captcha... I wonder if people could figure out if pictures were kittens if they were stretched out by some random number in the X and/or Y dimension... this would also "increase" the search space needed for a computer to tell if a picture was of a cat or not... again it would just make some really ugly cats...]
_________________
Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching?
Back to top
View user's profile Send private message
tomk
Bodhisattva
Bodhisattva


Joined: 23 Sep 2003
Posts: 7221
Location: Sat in front of my computer

PostPosted: Fri Feb 12, 2010 7:50 am    Post subject: Reply with quote

Ant_P wrote:
How about using "common sense" captchas, those things where you get given text instructions on filling in forms in a specific way? I've seen them used in a few places but don't know how effective they really are.


The main problem with this is the language barrier, we have people from all over the world using the forums in various different languages. And although we have code in place to automatically detect the language set from your browser many people do no set their preferred language until after they have registered.

We actually do have some custom code in place with prevents the vast majority of spammers from registering and most of the ones that do get through are dealt with pretty quickly.
_________________
Search | Read | Answer | Report | Strip
Back to top
View user's profile Send private message
Akkara
Bodhisattva
Bodhisattva


Joined: 28 Mar 2006
Posts: 6702
Location: &akkara

PostPosted: Fri Feb 12, 2010 11:11 am    Post subject: Reply with quote

Ant_P wrote:
How about using "common sense" captchas, those things where you get given text instructions on filling in forms in a specific way? I've seen them used in a few places but don't know how effective they really are.

One of the biggest challenges with captchas is that they are trivially broken using artificial AI (a.k.a "natural intelligence"). One of the first examples of artificial AI was displayed by the chess-playing machine, The Mechanical Turk. Remarkably, this machine was built even before the invention of the computer!

This is how it works: Registration bot sends captcha to a server which adds it to a "to be solved" queue. Separately, bot-operator also runs a porn site. Said site requires users to solve a captcha in order to access the images they seek. Guess where the captchas come from - yep, from the server's "to be solved" queue - which are presented to the site's users to solve. Answer gets returned and reg-bot completes registration with porn-seeker's answer, and concurrently unlocks the naughty bits for viewing.

The best captchas would need to involve knowledge that is easy for Gentoo users to know, and difficult for bots to know. For example: "What is the sum of all the numbers displayed in the output of the command, 'emerge -pe glibc'?". Easy for Gentoo users to know this. But a bot operator would have to install Gentoo to break this captcha. Such a captcha would even be resistant to the artificial-AI attack! :) (Just kidding!)
Back to top
View user's profile Send private message
hitachi
Guru
Guru


Joined: 20 Feb 2006
Posts: 478
Location: Freiburg / Deutschland

PostPosted: Wed Feb 24, 2010 4:18 pm    Post subject: Reply with quote

The "gentoo captch" would seriously lower the amount of post in "installing gentoo" :-)
Back to top
View user's profile Send private message
d2_racing
Bodhisattva
Bodhisattva


Joined: 25 Apr 2005
Posts: 13047
Location: Ste-Foy,Canada

PostPosted: Wed Feb 24, 2010 5:32 pm    Post subject: Reply with quote

In fact, maybe it needs to be a lot harder.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Gentoo Forums Feedback All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum