Forum vote for blocking

pwm

By pwm
in Forum Feedback

Recommended Posts

pwm Community Regular

pwm

Posted
Posted

The forum should have some form of function where x people could make a blocking vote to pause an account from making new posts until moderator or site owner has reviewed the situation.

 

That would better allow spam attacks to be mitigated during off hours where the normal staff isn't available.

 

With a rule that an account must have existed for 12+ months and be in good reputation, it would be hard for an attacker to use the feature for a denial-of-service attack.

  • Upvote 2
Link to comment
  • Replies 76
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

BRiT
BRiT

Who knew this place would turn into a haven to solve all your astrological or gem and gold medalist needs?   How about simply preventing new users from posting external links or auto-moderat

pwm
pwm

The forum should have some form of function where x people could make a blocking vote to pause an account from making new posts until moderator or site owner has reviewed the situation.   Th

digitalfixer
digitalfixer

Even simpler would be that all new members posts are moderated for the first few messages. That way the spam message would not be seen by the majority of members and a moderator or owner could just ma

Posted Images

jonp Mentor

jonp

Posted
Posted

Just a public update on this.  We are actively looking into this issue.  IPS does have forum spam prevention, so we're not sure why the sudden rush of spam bots (spam prevention has been working just fine for some time now).  We'll update everyone again once we have some more news.  For now we just have to play a bit of whackamole.

Link to comment
jonp Mentor

jonp

Posted
Posted

Ok, we believe we have identified the issue causing the spamming and have implemented fixes.  Part of these fixes includes changing to recaptcha 2 for human validation during account sign up and adding some manual question / answer work for the user to do.  These two things alone should heavily combat the spam issue, but we'll be monitoring closely to ensure all is working as intended.

  • Like 1
  • Upvote 1
Link to comment
saarg Mentor

saarg

Posted
Posted

This is getting mighty annoying!

It doesn't work to ignore the user either in the unread posts list. It still shows up.

Maybe you could have someone in the European timezone that can at least remove the posts? @jonp As far as I know it's only American moderators on this forum. 

  • Like 1
Link to comment
pwm Community Regular

pwm

Posted
  • Author
Posted

Yes, there is quite a number of hours with lots of spam before any of the moderators wakes up and takes care of the issue.

 

By the way - it tends to not work too well with moderation of first posts. There are multiple spam bots that has significant natural language support, and can auto-generate answers to existing threads that seem normal enough to not get caught by a moderator. And some spam bots also understands how to start new threads by duplicating questions from very old threads.

 

So moderation of the first posts after account generation has failed for other forums.

Link to comment
BRiT Mentor

BRiT

Posted
Posted

Who knew this place would turn into a haven to solve all your astrological or gem and gold medalist needs?

 

How about simply preventing new users from posting external links or auto-moderating posts from new users with external links? That single setting seems to deter enough of the spambots to make it a win-win on the forums I admin.

  • Like 2
  • Upvote 1
Link to comment
SSD Mentor

SSD

Posted
Posted

I also noted very slow forum performance during the spamming periods. Not sure if a symptom of the spamming or a symptom of IPS handling my marking users as spammers. Given to very moderate volume in the great scheme of things, I was surprised that bringing up unread lists was taking 30 seconds or more.

 

Was thinking you could implement some common sense protections against too many posts in a short period of time triggering auto-marking of users as spammers.

  • Like 1
Link to comment
pwm Community Regular

pwm

Posted
  • Author
Posted
14 minutes ago, SSD said:

Was thinking you could implement some common sense protections against too many posts in a short period of time triggering auto-marking of users as spammers.

 

But that could affect a number of legitimate posters on the forum.

 

It would be interesting to know what percentage of the spam that gets accepted - the slowness could be because the forum receives many more requests that gets blocked. But a problem with the spam robots is that they break the caching logic for the server so every page load requires the page to be built before being served.

Link to comment
SSD Mentor

SSD

Posted
Posted
51 minutes ago, pwm said:

 

But that could affect a number of legitimate posters on the forum.

 

 

I think a method could be devised that does not impact legitimate use. It may not catch all spammers, but could catch the kind of egregious spamming we saw over the past couple days.

Link to comment
pwm Community Regular

pwm

Posted
  • Author
Posted
20 minutes ago, SSD said:

 

I think a method could be devised that does not impact legitimate use. It may not catch all spammers, but could catch the kind of egregious spamming we saw over the past couple days.

I don't think I have ever seen so aggressive spamming - it looked more like a load test than normal spamming.

Link to comment
BRiT Mentor

BRiT

Posted
Posted
3 hours ago, pwm said:

I don't think I have ever seen so aggressive spamming - it looked more like a load test than normal spamming.

 

Oh, then you hadn't seen the old forums when there was THOUSANDS if not Tens of THOUSDANDS of Spam Posts in the span of an hour. That was obscene.

Link to comment
pwm Community Regular

pwm

Posted
  • Author
Posted
11 minutes ago, BRiT said:

 

Oh, then you hadn't seen the old forums when there was THOUSANDS if not Tens of THOUSDANDS of Spam Posts in the span of an hour. That was obscene.

The bad thing with spammers is that once they find a working way in, the forum server gets marked as a "good" server, so the amount of attacks will increase.

Link to comment
dalben Community Regular

dalben

Posted
Posted
14 hours ago, pwm said:

By the way - it tends to not work too well with moderation of first posts. There are multiple spam bots that has significant natural language support, and can auto-generate answers to existing threads that seem normal enough to not get caught by a moderator. And some spam bots also understands how to start new threads by duplicating questions from very old threads.

 

So moderation of the first posts after account generation has failed for other forums.

 

Yeah, which is why I said

15 hours ago, dalben said:

needing a mod to allow the first 2 or 3 posts

 

Link to comment
pwm Community Regular

pwm

Posted
  • Author
Posted

But if I write:

15 hours ago, pwm said:

So moderation of the first posts after account generation has failed for other forums.

So how do you then think the following will work?

39 minutes ago, dalben said:

needing a mod to allow the first 2 or 3 posts

 

It's just that some more complex spam bots can perform more than 2-3 posts that looks legitimate, by reusing text from older posts or by creating posts that looks like real answers to threads written by other users. The spam bots can do this specifically just to survive manual moderation for x initial posts, before the spam bots then switches over to starting to mass-spam.

 

Some spam bots can even use Google - so they pick up text from posts and insert into Google and then select text from the Google hits into thread responses. All just to make it seem that the account is owned by a real human. Some spam bots follows up with that tactic even after a while - just that initially they don't post any links. After a while they post Google-located answers together with one or two semi-camouflaged sentences with the payload links. All just to trick a human moderator - you basically need to check the post history to notice the pattern. That it isn't just a real user that is a tiny bit weak on English from having English as second or third language and a bit weak skills about the specific subject.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing