OSDev.org

The Place to Start for Operating System Developers
It is currently Thu Mar 28, 2024 9:09 am

All times are UTC - 6 hours




Post new topic Reply to topic  [ 79 posts ]  Go to page 1, 2, 3, 4, 5, 6  Next
Author Message
 Post subject: Suggestion on the recent spam issue
PostPosted: Mon Aug 26, 2019 11:49 pm 
Offline
Member
Member

Joined: Thu Jul 05, 2007 8:58 am
Posts: 223
As many here probably noticed, the forums have recently be engulfed in a rather large wave of spam. As all of the accounts used for this seem to be new accounts, I would like to suggest at least discussing the option of implementing the requirement that new users first posts need to be approved by a moderator.

I fully understand that some of the regulars here will be uncomfortable with this, especially in light of the still somewhat recent problems around moderator power abuse. However, this could, in my opinion at least, be countered by implementing a policy of only rejecting posts through this system for being blatant spam, dealing with everything else in accordance with the normal policies here.

The draw of a system such as this is that it drastically decreases the visibility of the spam, which hopefully will then decrease the influx of it, keeping the load on the moderators also reasonable. We could even return to the current policy once the spammers have moved on if we really want to.

In short, I think the potential gains are big enough that we should at least discuss this option, and whether we, as a community, find the drawbacks worth it.


Top
 Profile  
 
 Post subject: Re: Suggestion on the recent spam issue
PostPosted: Tue Aug 27, 2019 2:12 am 
Offline
Member
Member
User avatar

Joined: Thu Nov 16, 2006 12:01 pm
Posts: 7612
Location: Germany
Another option would be to "up the ante" on the captcha. Right now (or rather, last time I looked) we're asking for a specific assembler instruction. There are other, more sophisticated captcha schemes out there, I just don't know about their effectiveness (web security isn't my strong suit).

_________________
Every good solution is obvious once you've found it.


Top
 Profile  
 
 Post subject: Re: Suggestion on the recent spam issue
PostPosted: Tue Aug 27, 2019 3:21 am 
Offline
Member
Member
User avatar

Joined: Mon Jun 15, 2009 10:01 am
Posts: 311
Location: France
+1 for the captcha, but I would suggest to use Google ReCaptcha on both login and register pages, which is very efficient although sometimes boring (are you tired of clicking on all traffic lights? :P). I guess there are extensions to add Google Recaptcha to phpBB.

I would also suggest to update both PHP and phpBB on the server. Through Wappalyzer, I have noticed that the server is running an old version of PHP which is unsupported on the latest version of phpBB. Same thing for the HTTP server!

And, last but not least, it's a bad thing that everyone can know the OS running on the server, the HTTP server and it's version, and the version of PHP,. These informations should be hidden to prevent most of attacks.

_________________
"Open source seems to embrace the dark side of human nature." - Ville Turjanmaa


Top
 Profile  
 
 Post subject: Re: Suggestion on the recent spam issue
PostPosted: Tue Aug 27, 2019 3:49 am 
Offline
Member
Member
User avatar

Joined: Tue Oct 17, 2006 11:33 pm
Posts: 3882
Location: Eindhoven
All valid points, but all up to Chase to actually do... let's hope he reads this topic soon.


Top
 Profile  
 
 Post subject: Re: Suggestion on the recent spam issue
PostPosted: Tue Aug 27, 2019 4:32 am 
Offline
Member
Member
User avatar

Joined: Thu Oct 13, 2016 4:55 pm
Posts: 1584
Hi,

I agree with Solar. Although moderating the first post is a better solution, it puts a burden on the moderator's shoulders. We should first try a better captcha, that should do the trick.

Solar wrote:
I just don't know about their effectiveness (web security isn't my strong suit).
Well, it heavily depends on the implementation. I wrote a script that can automatically solve 99% of the image captchas, but there's a few that are notoriously hard. I can help with that, I can write a simple, yet sufficiently hard to solve by automation captcha in no time if you need my help. I have more than a decade experience with web security, and I'm also familiar with the forum's phpBB engine.

So hereby I offer my help to make OSDev spam-free, free of charge.

Cheers,
bzt


Top
 Profile  
 
 Post subject: Re: Suggestion on the recent spam issue
PostPosted: Wed Aug 28, 2019 2:15 am 
Offline
Member
Member

Joined: Wed Mar 09, 2011 3:55 am
Posts: 509
I don't know how flexible phpBB is or how the moderator interface is set up, but perhaps something like the following?

If one of a user's first N posts is reported by more than M separate users within W days of the initial posting date, it is automatically hidden and kicked into a special queue pending moderator action. If more than X% of a user's first N posts have been so reported, the user is blocked from posting until and unless a moderator intervenes. If more than Y days pass without moderator intervention, the posts are deleted entirely (unless there are existing reasons like legal CYA that all posts ever made to the forum are archived even if not visible), and if more than Z days have past from the last post of a user blocked by this mechanism, the account is automatically closed.

N and W should be low numbers (probably in the range of three to ten), so that proven-human but obnoxious or otherwise unpopular users don't get mob-justiced off of the forum.

M should be low enough that spam gets hidden quickly, but high enough to prevent existing users from abusively blocking new users, maybe also in the 3-10 range.

X should be chosen so that spammers are quickly silenced, but so that new users that legitimately need to be moderated can be set straight before they are banned. I suggest maybe 30 to 50 percent.

Y and Z should be set so that moderators have time to see and deal with false positives, but can just let threads with Cyrillic titles advertising "порн", and the users that posted them, get bit-bucketed by software when the timer runs out.


Top
 Profile  
 
 Post subject: Re: Suggestion on the recent spam issue
PostPosted: Wed Aug 28, 2019 3:49 am 
Offline
Member
Member
User avatar

Joined: Sat Mar 31, 2012 3:07 am
Posts: 4591
Location: Chichester, UK
I'm in favour of pre-moderation of all posts by new users. It doesn't seem to me that there are so many new users each day that this would be a great load on the moderators. As it is they have the load of checking and deleting all the spam - this would change that to the load of checking all new posters and OKing the few each week who are genuine. I would have thought this was less work than the suggestions of modifying the forums to automatically reduce the amount of spam, with the attendant possible problems of false positives. Surely it takes just as much time to check reported spam as to pre-moderate new posters. The disadvantage of new users' posts being delayed by a few hours would, to my mind, be far offset by the advantage of not having the forums clogged up with spam.

Perhaps a moderator could comment on the amount of work currently involved in deleting spam and the number of posts per day by genuine new users.


Top
 Profile  
 
 Post subject: Re: Suggestion on the recent spam issue
PostPosted: Thu Aug 29, 2019 5:47 pm 
Offline
Member
Member
User avatar

Joined: Fri Oct 27, 2006 9:42 am
Posts: 1925
Location: Athens, GA, USA
While I can say for certain, I am guessing that this isn't a new problem at all, but rather than for some reason the majority of the mods are too otherwise occupied to deal with this with the pace and vigor we've gotten accustomed to. Life happens, so this is something that eventually becomes unavoidable on any smallish forum.

Keep in mind that for every legit post here, there are probably 100 spam posts - and that's a fairly conservative estimate, but this is a rather obscure group after all. Most larger and better-known fora have a signal-noise ratio closer to 100,000:1, but they also have more automation and more mods.

_________________
Rev. First Speaker Schol-R-LEA;2 LCF ELF JAM POEE KoR KCO PPWMTF
Ordo OS Project
Lisp programmers tend to seem very odd to outsiders, just like anyone else who has had a religious experience they can't quite explain to others.


Top
 Profile  
 
 Post subject: Re: Suggestion on the recent spam issue
PostPosted: Thu Aug 29, 2019 6:49 pm 
Offline
Member
Member

Joined: Wed Mar 30, 2011 12:31 am
Posts: 676
Schol-R-LEA wrote:
While I can say for certain, I am guessing that this isn't a new problem at all, but rather than for some reason the majority of the mods are too otherwise occupied to deal with this with the pace and vigor we've gotten accustomed to. Life happens, so this is something that eventually becomes unavoidable on any smallish forum.

Keep in mind that for every legit post here, there are probably 100 spam posts - and that's a fairly conservative estimate, but this is a rather obscure group after all. Most larger and better-known fora have a signal-noise ratio closer to 100,000:1, but they also have more automation and more mods.

No, it's a new problem, we've never been hit by spambots like this.

_________________
toaruos on github | toaruos.org | gitlab | twitter | bim - a text editor


Top
 Profile  
 
 Post subject: Re: Suggestion on the recent spam issue
PostPosted: Fri Aug 30, 2019 3:36 am 
Offline
Member
Member
User avatar

Joined: Thu Nov 16, 2006 12:01 pm
Posts: 7612
Location: Germany
I guess temporarily closing new user registration (after kicking the current offenders) is in order until a better spambot protection is in place; the forum is getting swamped... :shock:

_________________
Every good solution is obvious once you've found it.


Top
 Profile  
 
 Post subject: Re: Suggestion on the recent spam issue
PostPosted: Fri Aug 30, 2019 3:43 am 
Offline
Member
Member
User avatar

Joined: Tue Oct 17, 2006 11:33 pm
Posts: 3882
Location: Eindhoven
Yes please. Usually by the time I find spam posts, they're being deleted, this time I got a whole couple dozen spam posts still around.


Top
 Profile  
 
 Post subject: Re: Suggestion on the recent spam issue
PostPosted: Fri Aug 30, 2019 4:30 am 
Offline
Member
Member
User avatar

Joined: Sat Mar 31, 2012 3:07 am
Posts: 4591
Location: Chichester, UK
Solar wrote:
I guess temporarily closing new user registration (after kicking the current offenders) is in order until a better spambot protection is in place; the forum is getting swamped... :shock:

Temporarily implementing pre-moderation for new users would be a less harsh version of that. I'm wary of anything that might discourage genuine new users.

You could even create a number of new moderators from different parts of the world who only had the ability to act on the pre-moderation queue. (I don't know if phpbbs could enforce such a setup, but any abuse of privilege could be dealt with fairly easily.)


Top
 Profile  
 
 Post subject: Re: Suggestion on the recent spam issue
PostPosted: Fri Aug 30, 2019 5:14 am 
Offline
Member
Member
User avatar

Joined: Thu Nov 16, 2006 12:01 pm
Posts: 7612
Location: Germany
Right now it does not look like a forum where a genuine newcomer would WANT to register. Of course the other solutions are better; I just wanted to say that perhaps chase would be well-advised to close down the doors until better solutions are in place. To avoid the moderators getting over-saturated with spam removal, and to not scare away newcomers but put them on a hopefully short wait queue.

_________________
Every good solution is obvious once you've found it.


Top
 Profile  
 
 Post subject: Re: Suggestion on the recent spam issue
PostPosted: Fri Aug 30, 2019 10:21 am 
Offline
Member
Member
User avatar

Joined: Fri Aug 07, 2015 6:13 am
Posts: 1134
Maybe just add some sort of a plugin that blocks Cyrillic and everything that contains "sexual words"?

_________________
OS: Basic OS
About: 32 Bit Monolithic Kernel Written in C++ and Assembly, Custom FAT 32 Bootloader


Top
 Profile  
 
 Post subject: Re: Suggestion on the recent spam issue
PostPosted: Fri Aug 30, 2019 10:37 am 
Offline
Member
Member

Joined: Tue Mar 04, 2014 5:27 am
Posts: 1108
Octacone wrote:
Maybe just add some sort of a plugin that blocks Cyrillic and everything that contains "sexual words"?

Including this post of yours? :)
And some language/Unicode/font-related ones too?


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 79 posts ]  Go to page 1, 2, 3, 4, 5, 6  Next

All times are UTC - 6 hours


Who is online

Users browsing this forum: No registered users and 21 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group