Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17

  Click here to go to the first staff post in this thread.   Thread: Recent Spambot Activity

  1. #11
    Senior Willow's Avatar
    Weasyl
    willy
    Join Date
    Nov 2012
    Location
    Illinois
    Posts
    333
    Would it maybe help to have users verify their accounts through email before they use them? It may not totally eliminate human spambots but it would probably get rid of the actually bots. Or do you guys not have the ability to do that with vBulletin?

  2. #12
    The Lurking Wolfox Hendikins's Avatar

    Weasyl
    Hendikins
    Join Date
    Feb 2013
    Location
    Sydney, Australia (usually)
    Gender
    Bloke
    Posts
    216
    Quote Originally Posted by Willow View Post
    Would it maybe help to have users verify their accounts through email before they use them?
    Nope. I moderate on a forum orders of magnitude larger than this one, and e-mail verification doesn't stop bots or humans.

    You can only minimise the chances - one good way is to compare new registrations against your banned accounts, third party databases of spammer information (such as Stop Forum Spam) and known undesirable behaviour. Give each new registration attempt a score, and if the score is too high either require human review or discard (depending on just how high it is).

    That said, I don't think the traffic here warrants such a system, and even that isn't 100% reliable.

  3. #13
    Premium User QT Melon's Avatar


    Weasyl
    QTMelon
    Join Date
    Dec 2013
    Gender
    Female
    Posts
    1,478
    This is the timer I have seen work rather well before. http://www.vbulletin.org/forum/showthread.php?t=294633

  4. #14
    The Lurking Wolfox Hendikins's Avatar

    Weasyl
    Hendikins
    Join Date
    Feb 2013
    Location
    Sydney, Australia (usually)
    Gender
    Bloke
    Posts
    216
    In the end, it all boils down to two things:
    * Is implementing a tool or procedure going to be more labour intensive than cleaning up the spam it would prevent?
    * Is implementing a tool or procedure going to cause too much collateral damage through inconveniencing legitimate users?

    You're never going to prevent spam completely if you have a forum that's open to the public. You just have to work out what the best balance between sucking up developer resources, sucking up moderation resources and annoying the users is.

    Edit: Most of my moderation background is on a forum with custom software where we can tailor things to meet our requirements, access to off the shelf stuff does throw the developer/moderator balance somewhat.
    Last edited by Hendikins; 01-25-2014 at 11:49 PM.

  5.   This is the last staff post in this thread.   #15
    [Logic is Erratic] Taw's Avatar
    Weasyl
    Taw
    Join Date
    Jun 2012
    Location
    Canada
    Gender
    Male
    Posts
    821
    As I said, what we currently have in place seems to be working quite well, so we wont need to really add anything more. We have plenty things in place right now that work well together. If things change though I'll take a look at perhaps adding a timer, though I think we're pretty solid as is. I'd rather not inconvenience users further than they already are when they sign up. :p

  6. #16
    Senior ShadWolf's Avatar
    Weasyl
    Shad-Wolf
    Join Date
    Feb 2013
    Location
    The Internet
    Posts
    188
    Quote Originally Posted by Willow View Post
    Wouldn't it also become a problem if you try to sign in from a different location too?
    Hm no it shouldn't be a problem as long as the person is signing in from a direct connection that is not using a proxy. It would only detect proxy users and deny them from logging in or registering.

  7. #17
    The Lurking Wolfox Hendikins's Avatar

    Weasyl
    Hendikins
    Join Date
    Feb 2013
    Location
    Sydney, Australia (usually)
    Gender
    Bloke
    Posts
    216
    Quote Originally Posted by ShadWolf View Post
    Hm no it shouldn't be a problem as long as the person is signing in from a direct connection that is not using a proxy. It would only detect proxy users and deny them from logging in or registering.
    You really don't want to blanket ban proxies (or widely used NAT addresses) for one simple reason - mobile broadband. Such connections commonly use proxies, and seldom have routable IPs.

    Then you get people like me - I use a transparent squid proxy at home to filter ads and malware.

    You may wish to maintain a list of known undesirable open proxies (along with tor nodes and disposable e-mail providers), but you can't just blanket ban everything that sends an X-Forwarded-For header (and besides, most undesirable traffic won't send it anyway).

    I dare say these guys have assessed how much of a problem spam is and whether any additional measures are required - and besides, they're the ones that have to wear the call or adjust it if it isn't on the mark.

    Edit: With every idea you have to look it from the perspective of the new legitimate user and the problems it will cause them. Spam prevention is all well and good, but you don't want to drive new users away in the process.

    Edit #2: My experience on Whirlpool is also that proxies and whatnot are generally an issue with returning banned users rather than spammers.
    Last edited by Hendikins; 01-26-2014 at 12:37 AM.

 

 

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •