pwm

Forum vote for blocking

Recommended Posts

The forum should have some form of function where x people could make a blocking vote to pause an account from making new posts until moderator or site owner has reviewed the situation.

 

That would better allow spam attacks to be mitigated during off hours where the normal staff isn't available.

 

With a rule that an account must have existed for 12+ months and be in good reputation, it would be hard for an attacker to use the feature for a denial-of-service attack.

  • Upvote 2

Share this post


Link to post
Share on other sites

Even simpler would be that all new members posts are moderated for the first few messages. That way the spam message would not be seen by the majority of members and a moderator or owner could just mass delete the offenders.

  • Like 1
  • Upvote 1

Share this post


Link to post
Share on other sites

Something need to be done for sure, wasn't this forum software supposed to be much better blocking spam?

Share this post


Link to post
Share on other sites

I would say we need more moderators (maybe only for spam protection) in different time zones to cover a 24 over 24 basis.

 

  • Like 1

Share this post


Link to post
Share on other sites

I have been actively marking these accounts as spammers, but looks like some sort of automated attack. I have informed Lime tech. Have to go so hopefully another mod can keep moderating.

  • Upvote 2

Share this post


Link to post
Share on other sites

Shame that this forum software doesnt seem to have as good of antispam protections as XF with their StopForumSpam integreation. Its that or this forum doesnt have their settings set properly enough.

Share this post


Link to post
Share on other sites

Just a public update on this.  We are actively looking into this issue.  IPS does have forum spam prevention, so we're not sure why the sudden rush of spam bots (spam prevention has been working just fine for some time now).  We'll update everyone again once we have some more news.  For now we just have to play a bit of whackamole.

Share this post


Link to post
Share on other sites

Ok, we believe we have identified the issue causing the spamming and have implemented fixes.  Part of these fixes includes changing to recaptcha 2 for human validation during account sign up and adding some manual question / answer work for the user to do.  These two things alone should heavily combat the spam issue, but we'll be monitoring closely to ensure all is working as intended.

  • Like 1
  • Upvote 1

Share this post


Link to post
Share on other sites

This is getting mighty annoying!

It doesn't work to ignore the user either in the unread posts list. It still shows up.

Maybe you could have someone in the European timezone that can at least remove the posts? @jonp As far as I know it's only American moderators on this forum. 

  • Like 1

Share this post


Link to post
Share on other sites

The earlier suggestion of a new user needing a mod to allow the first 2 or 3 posts is effective but it’s more work and not a great user experience. 

 

Or yes, give some users in other timezones the ability to mute spambots.  I think IPS is that granular.

Share this post


Link to post
Share on other sites

Yes, there is quite a number of hours with lots of spam before any of the moderators wakes up and takes care of the issue.

 

By the way - it tends to not work too well with moderation of first posts. There are multiple spam bots that has significant natural language support, and can auto-generate answers to existing threads that seem normal enough to not get caught by a moderator. And some spam bots also understands how to start new threads by duplicating questions from very old threads.

 

So moderation of the first posts after account generation has failed for other forums.

Share this post


Link to post
Share on other sites

Who knew this place would turn into a haven to solve all your astrological or gem and gold medalist needs?

 

How about simply preventing new users from posting external links or auto-moderating posts from new users with external links? That single setting seems to deter enough of the spambots to make it a win-win on the forums I admin.

  • Like 2
  • Upvote 1

Share this post


Link to post
Share on other sites

Moderation of external links for the first 10 posts and first 30 days could have a chance to work.

  • Like 2

Share this post


Link to post
Share on other sites

I also noted very slow forum performance during the spamming periods. Not sure if a symptom of the spamming or a symptom of IPS handling my marking users as spammers. Given to very moderate volume in the great scheme of things, I was surprised that bringing up unread lists was taking 30 seconds or more.

 

Was thinking you could implement some common sense protections against too many posts in a short period of time triggering auto-marking of users as spammers.

  • Like 1

Share this post


Link to post
Share on other sites
3 minutes ago, SSD said:

I also noted very slow forum performance during the spamming periods.

I noticed the same thing.

Share this post


Link to post
Share on other sites
14 minutes ago, SSD said:

Was thinking you could implement some common sense protections against too many posts in a short period of time triggering auto-marking of users as spammers.

 

But that could affect a number of legitimate posters on the forum.

 

It would be interesting to know what percentage of the spam that gets accepted - the slowness could be because the forum receives many more requests that gets blocked. But a problem with the spam robots is that they break the caching logic for the server so every page load requires the page to be built before being served.

Share this post


Link to post
Share on other sites
51 minutes ago, pwm said:

 

But that could affect a number of legitimate posters on the forum.

 

 

I think a method could be devised that does not impact legitimate use. It may not catch all spammers, but could catch the kind of egregious spamming we saw over the past couple days.

Share this post


Link to post
Share on other sites
20 minutes ago, SSD said:

 

I think a method could be devised that does not impact legitimate use. It may not catch all spammers, but could catch the kind of egregious spamming we saw over the past couple days.

I don't think I have ever seen so aggressive spamming - it looked more like a load test than normal spamming.

Share this post


Link to post
Share on other sites
3 hours ago, pwm said:

I don't think I have ever seen so aggressive spamming - it looked more like a load test than normal spamming.

 

Oh, then you hadn't seen the old forums when there was THOUSANDS if not Tens of THOUSDANDS of Spam Posts in the span of an hour. That was obscene.

Share this post


Link to post
Share on other sites
11 minutes ago, BRiT said:

 

Oh, then you hadn't seen the old forums when there was THOUSANDS if not Tens of THOUSDANDS of Spam Posts in the span of an hour. That was obscene.

The bad thing with spammers is that once they find a working way in, the forum server gets marked as a "good" server, so the amount of attacks will increase.

Share this post


Link to post
Share on other sites

LT could hand out a few more ban sticks to older members and let them help patrol the board until they get it under wraps.

Share this post


Link to post
Share on other sites
14 hours ago, pwm said:

By the way - it tends to not work too well with moderation of first posts. There are multiple spam bots that has significant natural language support, and can auto-generate answers to existing threads that seem normal enough to not get caught by a moderator. And some spam bots also understands how to start new threads by duplicating questions from very old threads.

 

So moderation of the first posts after account generation has failed for other forums.

 

Yeah, which is why I said

15 hours ago, dalben said:

needing a mod to allow the first 2 or 3 posts

 

Share this post


Link to post
Share on other sites

But if I write:

15 hours ago, pwm said:

So moderation of the first posts after account generation has failed for other forums.

So how do you then think the following will work?

39 minutes ago, dalben said:

needing a mod to allow the first 2 or 3 posts

 

It's just that some more complex spam bots can perform more than 2-3 posts that looks legitimate, by reusing text from older posts or by creating posts that looks like real answers to threads written by other users. The spam bots can do this specifically just to survive manual moderation for x initial posts, before the spam bots then switches over to starting to mass-spam.

 

Some spam bots can even use Google - so they pick up text from posts and insert into Google and then select text from the Google hits into thread responses. All just to make it seem that the account is owned by a real human. Some spam bots follows up with that tactic even after a while - just that initially they don't post any links. After a while they post Google-located answers together with one or two semi-camouflaged sentences with the payload links. All just to trick a human moderator - you basically need to check the post history to notice the pattern. That it isn't just a real user that is a tiny bit weak on English from having English as second or third language and a bit weak skills about the specific subject.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


Copyright © 2005-2017 Lime Technology, Inc. unRAID® is a registered trademark of Lime Technology, Inc.