[OT] serious spam issues

NOTICE: This forum is archived as read only.
Please use the Github Discussions at https://github.com/exult/exult/discussions
Forum rules
NOTICE: This forum is archived as read only.
Please use the Github Discussions at https://github.com/exult/exult/discussions
Locked
artaxerxes
Site Admin
Posts: 1310
Joined: Thu May 14, 2020 1:34 pm

[OT] serious spam issues

Post by artaxerxes »

Hey,

I visit Exult's forum several times a day. Having editor privileges I do a lot of cleanup but sometimes it's just too frustrating. Just today someone posted a spam comment with embedded porn pictures! It's really time to do something.

What about implementing the measures that were previously suggested, like changing the name of the page from which comments are added to the forum?

I would like to also suggest a couple more: you can only use and if you are registered and for at least 1 day, otherwise, it's only plain text.

Also adding a captcha would be nice. For instance, replace the post button by a list of randomly generated images, one of which is ultima-related and at the same time the only one that can successfully add the post to the forum.

What do you think?

Artaxerxes
wjp
Site Admin
Posts: 1708
Joined: Thu May 14, 2020 1:34 pm

Re: [OT] serious spam issues

Post by wjp »

I added some more tricks. Let's see for a while how those work out... The level of spam indeed starting increasing again lately after the last relatively quiet period.
Dominus
Site Admin
Posts: 5656
Joined: Thu May 14, 2020 1:34 pm

Re: [OT] serious spam issues

Post by Dominus »

What about implementing the measures that were previously suggested, like changing the name of the page from which comments are added to the forum?
While this is really a good idea generally and works great for guestbooks (thanks Dino for this idea, my guestbook has been spam free since then), it is not that great for a forum because internet searches would for a long while produce dead links to the old forum address.

a lot of help for us moderators would be if we had some of those forum admin buttons in normal view. Actually just the delete button would be enough. To open a post and then select delete is just a bit cumbersome especially with the slow loading times.

And we really should do something with the porno pictures. Probably somethng like all posts with img tags needing approval (if not posted by a moderator). I'd be quite willing to log into the forum admin every day to review posts awaiting approval.
--
Read the documentation and the FAQ! There is no excuse for not reading them! RTFM
Read the Rules!
We do not support Piracy/Abandonware/Warez!
keldorn
Posts: 22
Joined: Thu May 14, 2020 1:34 pm

Re: [OT] serious spam issues

Post by keldorn »

Not just this forum, the one over at TFL seems to be suffering from it too.:(
MV

Re: [OT] serious spam issues

Post by MV »

Well, Griffin over at ozformers solved his problem (was getting the same amount of stuff as you guys here, and was getting rediculous), by making registration a requirement (yea, I know, not the best), but, in registration general transformers questions are asked, which any real fan would know, and accounts are individually allowed/not allowed by the administrator.

Could work here with ultima type questions before allowing. Plus it would be pretty obvious who a spammer would be by their username. I notice a few validating members regularly on the list at ozformers, and you just know they are spam, and yep, no spam posts there ever since. Of course the forum is still read only to guests.

Have a think about it guys. I know I don't really like registration because of all the accounts I already have, but it's the only real way.
dino
Posts: 70
Joined: Thu May 14, 2020 1:34 pm

Re: [OT] serious spam issues

Post by dino »

While this is really a good idea generally and works great for guestbooks (thanks Dino for this idea, my guestbook has been spam free since then), it is not that great for a forum because internet searches would for a long while produce dead links to the old forum address.
I'd like to say something about this...

Well, the idea of renaming the posting page doesn't actually work for long. It seemed great when I first tried it, as it kept spam away from my guestbooks for a few weeks, but in the end the spambots still find your guestbook again. Then you can either keep renaming the posting page, or just give up.

So... ignore what I suggested earlier. It's not worth it.

Due to the sheer amount of spam my sites were getting (I had about 6 guestbooks and 3 fora), I simply decided to disable all posting scripts. I don't even have time to update my sites any more, let alone clean up spam.

The only way that seems able to keep out spammers is to use a visual captcha. However even this is fallible, and I have seen phpbb with such a captcha being spammed. I have even tried to develop my own ways of keeping spam out, but my efforts were laughable at best.
Dino the Dark Dragon
----====[url=http://www.udic.org/]UDIC[/url]====----
Webmaster of [url=http://dino.shiftedphase.com/ultima/]Dino's Ultima Page[/url]
Dominus
Site Admin
Posts: 5656
Joined: Thu May 14, 2020 1:34 pm

Re: [OT] serious spam issues

Post by Dominus »

we are losing the battle. Let's give up the Internet and play old games instead :)
--
Read the documentation and the FAQ! There is no excuse for not reading them! RTFM
Read the Rules!
We do not support Piracy/Abandonware/Warez!
Colourless
Site Admin
Posts: 731
Joined: Thu May 14, 2020 1:34 pm

Re: [OT] serious spam issues

Post by Colourless »

But if everyone left the internet... there would be no spam anymore...

such a paradox.
artaxerxes
Site Admin
Posts: 1310
Joined: Thu May 14, 2020 1:34 pm

Re: [OT] serious spam issues

Post by artaxerxes »

like I mentioned, I come to Exult's forum several times a day already (even if I've not been too vocal lately), so I could assist Dominus in his proposal.

But check out http://hotcaptcha.com/ (SFW). If we did something similar with this forum, making the images U7-related, it might help.

I've read several sites concerning spamming issues, and here is a list of suggestions I saw:

* copy a phrase: you leave a field blank and you require users to copy a random-generated phrase in it. To foil spammers, ask the user to remove all vowels. EX:

Copy the following phrase and remove all vowels and spaces into this form field: Ultima rulez
--> the user enters "ltmrlz"

* tripwire field: spambot tend to interpret fields to guess what data is expected. For instance, if a field is named "username", they will put something in there to that effect. You could make a hidden field, name it in a way that bots will think it's important and prevent any posts that contain a value for that field when the form is posted. It could happen the bot is smart not to fill hidden fields, in this case make it plain and instruct users not to fill it.

* javascript seal: similar to the tripwire field. A hidden field, but this time it gets filled with data thanks to javascript. Most bots are too dumb to interpret js. The seal should make sense (not just random blather). I happen to have some potent js script to do that kind of sealing.

* multiple submit buttons, but only one is ok to press, being decorated with css for instance as also bots are too dumb to interpret css properly. Clicking on the wrong one prevents the post from going through.

* multiple submit buttons version 2: use css to hide the wrong buttons so that the user can't get confused.

* javascript submit: the form action parameter () is blank or invalid, but javascript corrects it when the page is loaded in a browser.

* javascript turing test: ask the user to click on buttons in a sequence to restore the action="..." parameter of the form tag.



You could combine the above for a more effective protection.

Artaxerxes
dino
Posts: 70
Joined: Thu May 14, 2020 1:34 pm

Re: [OT] serious spam issues

Post by dino »

I don't mean to talk against your efforts, but a lot of the things you mentioned are tricks that bots can easily overcome and that can confuse humans in good faith.

Something I've tried, for example, is making the name of a field (e.g. username) as a random string instead of a fixed name. This random string would then be stored in a $_SESSION variable so that it could be retrieved for processing and yet spambots posting to the same field would not know the name of the field.

A friend of mine bypassed the security by simply writing a perl script that retrieved the HTML page, used regular expressions to get the name of the field from the HTML code, and posted to the form.

I could be wrong but in practice nothing's going to work because:
1.) If any information is written in the HTML code, hidden or otherwise, it can be harvested by the spambot and used to bypass security
2.) If there is a test that requires human judgement, the spammer can simply figure it out and tune the spambot to react to it
3.) Visual captchas can be bypassed by OCR

In my opinion if someone finds a perfect way of stopping spam, he deserves the Nobel Prize. ;)
Dino the Dark Dragon
----====[url=http://www.udic.org/]UDIC[/url]====----
Webmaster of [url=http://dino.shiftedphase.com/ultima/]Dino's Ultima Page[/url]
m4yh3m
Posts: 7
Joined: Thu May 14, 2020 1:34 pm

Re: [OT] serious spam issues

Post by m4yh3m »

As little as I've been on here for as long as I've been reading on here, I haven't come across very many threads with pics. I'd say... none? But it seems the need to post pics is somewhat important, so why not write a server script that checks for image tags, and checks to see how old the account is. If it's less than a week old, do not allow it. Maybe you could have a "safe list" of hosts (like photobucket, etc.) that users would be required to use for posting images. IIRC, photobucket checks for vulgarity in the pics anyways.
artaxerxes
Site Admin
Posts: 1310
Joined: Thu May 14, 2020 1:34 pm

Re: [OT] serious spam issues

Post by artaxerxes »

the reason why you don't see pix is because we remove them as soon as we find them. With about 8 people with moderator privileges, it's not surprising we could remove them that fast.

That said, OCR cannot decode images like those illustrated by hotcaptcha. It can only decode text, not photographs.

Artaxerxes
Skutarth

Re: [OT] serious spam issues

Post by Skutarth »

I totally support anti-spam measures. You may also look into disabling links for the same criteria as images.
marzo
Site Admin
Posts: 1925
Joined: Thu May 14, 2020 1:34 pm

Re: [OT] serious spam issues

Post by marzo »

Maybe require unregistered users to fill some Ultima-related captchas similar to those from hotcaptcha, as well as requiring these captchas for registration?
------
Marzo Sette Torres Junior
aka Geometrodynamic Dragon
[url=http://www.catb.org/~esr/faqs/smart-questions.html]How To Ask Questions The Smart Way[/url]
Crysta the Elf
Posts: 573
Joined: Thu May 14, 2020 1:34 pm

Re: [OT] serious spam issues

Post by Crysta the Elf »

"Not just this forum, the one over at TFL seems to be suffering from it too.:("

Thats because due to a screwup or two noone other than Wiz has mod access, and things have been to hectic for him to change that. :\
m4yh3m
Posts: 7
Joined: Thu May 14, 2020 1:34 pm

Re: [OT] serious spam issues

Post by m4yh3m »

I think the simple solution is to just ban and . Not that my input carries much weight since I rarely visit, but to simplify things it's just easier. Just on the overall content of say 90% of the messages on here, none of them justify having embedded images. As for hyperlinks, what's wrong with cut-n-paste? I can understand the need for embedded images and links on another forum I am on which discusses electronics (where people need schematics and such). But if the only pictures that are being posted are porn, then just K.I.S.S. Remove images. If enough people can justify the need for them, bring them back and then worry about that issue when the time comes :P
drcode
Site Admin
Posts: 2267
Joined: Thu May 14, 2020 1:34 pm

Re: [OT] serious spam issues

Post by drcode »

Maybe an unregistered user should have to answer one of the U7 copy-protection questions before posting:-)
m4yh3m
Posts: 7
Joined: Thu May 14, 2020 1:34 pm

Re: [OT] serious spam issues

Post by m4yh3m »

Before posting a J-P-G, you must answer me these questions three!

What is your name?
What is your quest?
Why do you have a little brat with a sling shot in your party to help save the world?


And for fun: What is the air speed velocity of an unladen gargoyle?
artaxerxes
Site Admin
Posts: 1310
Joined: Thu May 14, 2020 1:34 pm

Re: [OT] serious spam issues

Post by artaxerxes »

what do you mean? an Underworld gargoyle or a Terfin gargoyle?
Dominus
Site Admin
Posts: 5656
Joined: Thu May 14, 2020 1:34 pm

Re: [OT] serious spam issues

Post by Dominus »

well, whatever wjp did, it kept the spam at bay since we started this thread :)
(and if anyone knows or guessed what he did, keep it to yourself, we don't want to tell the bots :))
--
Read the documentation and the FAQ! There is no excuse for not reading them! RTFM
Read the Rules!
We do not support Piracy/Abandonware/Warez!
artaxerxes
Site Admin
Posts: 1310
Joined: Thu May 14, 2020 1:34 pm

Re: [OT] serious spam issues

Post by artaxerxes »

I'd like to publicly thank wjp for his wonderful filter. I haven't seen one spam pass through in weeks.

Well done Willem!

Artaxerxes
Dominus
Site Admin
Posts: 5656
Joined: Thu May 14, 2020 1:34 pm

Re: [OT] serious spam issues

Post by Dominus »

two or three made it through the other day, but that seemed more like a scout mission.
--
Read the documentation and the FAQ! There is no excuse for not reading them! RTFM
Read the Rules!
We do not support Piracy/Abandonware/Warez!
m4yh3m
Posts: 7
Joined: Thu May 14, 2020 1:34 pm

Re: [OT] serious spam issues

Post by m4yh3m »

I found an interesting article about spam block improvements... don't know if it'll work with the forum software you're using, but what the hell -- couldn't hurt to try:

Spamblock Improvements (note: fixed by Artaxerxes)
m4yh3m
Posts: 7
Joined: Thu May 14, 2020 1:34 pm

Re: [OT] serious spam issues

Post by m4yh3m »

and i totally fudged that up. oh well. feel free to fix it.
Dominus
Site Admin
Posts: 5656
Joined: Thu May 14, 2020 1:34 pm

Re: [OT] serious spam issues

Post by Dominus »

wow


(edit, this was an exclamation after a spam post appeared in this very thread - still wanted to delete the spam post, but this way the posts make sense for anybody else :))
--
Read the documentation and the FAQ! There is no excuse for not reading them! RTFM
Read the Rules!
We do not support Piracy/Abandonware/Warez!
artaxerxes
Site Admin
Posts: 1310
Joined: Thu May 14, 2020 1:34 pm

Re: [OT] serious spam issues

Post by artaxerxes »

I keep deleting spam messages going, as if from spite, in this thread!

Artaxerxes
Dominus
Site Admin
Posts: 5656
Joined: Thu May 14, 2020 1:34 pm

Re: [OT] serious spam issues

Post by Dominus »

You do? I never saw one except for the one above I just deleted.
--
Read the documentation and the FAQ! There is no excuse for not reading them! RTFM
Read the Rules!
We do not support Piracy/Abandonware/Warez!
artaxerxes
Site Admin
Posts: 1310
Joined: Thu May 14, 2020 1:34 pm

Re: [OT] serious spam issues

Post by artaxerxes »

I have done it about 3 times this week alone!

Artaxerxes
Malignant Manor
Site Admin
Posts: 985
Joined: Thu May 14, 2020 1:34 pm

Re: [OT] serious spam issues

Post by Malignant Manor »

spam
spam
spam
humbug


Why don't you just lock the thread?
Locked