General > General Technical Chat

Using VPNs for "privacy" on forums, and forum spammers

<< < (4/10) > >>

Whales:
If you can't stop them attacking you by building better walls, then perhaps getting rid of the gold in your castle could work better?   Eg: adding rel=nofollow to all links in posted content.  This informs search engines to treat the links as untrustworthy, dramatically (completely?) reducing the value of link spamming your site.  Many big sites do this, including Wikipedia.


--- Quote from: AntiProtonBoy on May 07, 2021, 12:57:52 am ---* Gatekeeping strategies that recruits members only via invites. Forum is either read only or inaccessible until the user is invited somehow.

--- End quote ---

Example of this: https://lobste.rs/u#Hales .  If a lot of spam users appear under someone they (and their whole tree) get banned.


--- Quote from: AntiProtonBoy on May 07, 2021, 12:57:52 am ---* Sandboxing new users into a "introduce yourself" sub-forum. Once the new users reached X amount of non-spam posts, they are granted full access to the rest of the forum.

--- End quote ---

A different variant of this is pre-moderating all content before it goes live.  I wonder if there is much of an effort difference for mods?


--- Quote ---* Roll your own captcha that has Q&A about specific interests that spammers are unable to answer. For example electronics questions that only electronics geeks could answer.

--- End quote ---

I highly recommend this, but you don't have to make the questions super hard.  Any custom captcha will make your site only spammable by extra human effort.  Ie you drag yourself out of the "lowest hanging fruit" pile where everyone using an off-the-shelf common system sits.

...which brings me onto...


--- Quote from: peter-h on May 06, 2021, 06:29:39 am ---These are not bots. We are using a hidden google catpcha which is pretty good at blocking bots. They are humans and they put a lot of time into this. They sign up and then go away for a week (because most forums don't let you post for a few days) and then come back and dump their stuff.

--- End quote ---

That's really interesting.  I don't know how successful Google's recaptcha is.

Maybe people run web-scrapers looking for specific forum software, then give these lists to the human work-force?  Making the registration a bit weird or different could help defeat this?

I've written up on my own experiences doing anti-spam, but only for a very small website's comment section.  Against automated attacks: even making your form fields slightly different to what is expected is very effective.  Of course against human attacks this is mostly naught.


peter-h:
The google recaptcha is very good. It works in a complex way, probably linked to other stuff they run e.g. gmail's antispam measures (which are way over-zealous and make gmail unusable for any "international" business, but that's another topic). While we don't know what we don't know, if one was getting a load of failed signups then eventually some % of people will click on the Contact link and tell you, and this isn't happening.

Yes, there are people who search for specific forum software, usually PHP-BB, which being open source gets attacked and hacked mercilessly - unless administered with a lot of expertise. So e.g. the Magento online shops are getting hacked a lot. The forum in question here was custom written in Ruby on Rails, by an expert in security, and so far it has not been obviously hacked, but Ruby is practically impossible to maintain (was a big fashion ~10-15 years ago).

"Organise a vigilant moderator team who are effective at cleaning up rubbish."

That's a funny one. Experience shows that you either have to pay them the going rate (which requires a big site with lots of adverts and traffic) or you end up with a bunch of controlling-personality weirdoes who eventually tend to do a Colonel Kurtz in Apocalypse Now, piss off a load of people, and the site disintegrates.

AntiProtonBoy:

--- Quote from: peter-h on May 07, 2021, 06:10:44 am ---"Organise a vigilant moderator team who are effective at cleaning up rubbish."

That's a funny one. Experience shows that you either have to pay them the going rate (which requires a big site with lots of adverts and traffic) or you end up with a bunch of controlling-personality weirdoes who eventually tend to do a Colonel Kurtz in Apocalypse Now, piss off a load of people, and the site disintegrates.

--- End quote ---
Depends on the community. If the forum is big enough and is respected, there will be plenty of volunteers who'd want to moderate. That said, moderation can be hard when it comes to social dynamics and community appeasement (i.e. you never win as a moderator, no matter what action you make). But cleaning up obvious spam bots, is really a no-brainer.

peter-h:
Modding a forum is a very difficult job. 10x more so on a site which doesn't carry adverts or is too small to make money out of ads, and then the chances of finding a volunteer mod who does a good job in the long run are IME zero. I have never seen it work, since web forums started to be popular c. 2000. Mods just go weird, sooner or later. If the forum is basically unmoderated (which is a viable formula, for a while, until you get sued a few times) then it can run for quite a while. But a forum which is modded to e.g. not allow personal attacks needs very skilful modding, and it is almost impossible as a volunteer effort.

Coming back to spammers, on every forum an admin can see all activity (obviously) and bots are fairly obvious in the pattern and the timing. Of course they could be humans... but probably not because most of these are widespread attacks, not a vengeful hit on one specific site.

I'd say the use of a VPN, particularly some of them, is a strong indicator of a spammer. Most "real" people have a life and just can't be bothered about "privacy" issues. Google has already got everything on you, but it doesn't sell it in personal detail - unlike FB and such which is a really nasty company.

Zero999:
Regarding moderation: just give most moderators the job of removing spam, pornography, copyrighted material etc. The personal stuff should be handled by a supermoderator, or the main site administrator.

I have moderated a site before and I just left the personal stuff alone. The trouble was, the administrator didn't give ordinary moderators the power to ban, so deleting spam was pointless, as it would just get reposted and is why I left, never to return. To be fair we did have a problem with a bad moderator before, which caused lots of people to leave, but that's only because the adminstrator too far too long to deal with it. Numberous people had complained about the bad moderator, over a long period, so there was no excuse!

If there was a need, which there isn't, I'd be happy to moderate here for free and I would stay out of the personal stuff, especialy if it involves me. If someone called me a cunt, I'd just report it and allow a supermoderator, or administrator to deal with it.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

There was an error while thanking
Thanking...
Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod