General > General Technical Chat
Using VPNs for "privacy" on forums, and forum spammers
(1/10) > >>
peter-h:
I run a community site (techy hobby but not electronics related) and one big issue is with spammers. Currently around 50% of new signups are spammers, and each time one of these manages to get in, one wakes up in the morning to find the forum covered in adverts for fake passports, fake IELTS, fake all sorts of certificates... so I put some effort into not allowing them posting rights (which is a manual permission).

These are not bots. We are using a hidden google catpcha which is pretty good at blocking bots. They are humans and they put a lot of time into this. They sign up and then go away for a week (because most forums don't let you post for a few days) and then come back and dump their stuff.

Various things give away a spammer. One is setting their country to one which does not match their IP (this isn't 100%; some genuine people are on a SIM card from another country, on holiday, etc) but if the IP is in say India and they put their country as the USA then it will be a spammer. Another one is that the IP or their email address is a hit on one of the many "stop forum spam" lists. We also filter against a list of about 2000 throwaway email domains; this is important because forum notifications bounce back and then your whole site gets an elevated spam rating. Another is that the signup uses a female name or email address; in any "tech" hobby women are extremely rare so while this isn't 100% it is a strong indicator especially if you get one like mentioned below. Genuine female posters always get a hugely enthusiastic reception on a techy site and "windup merchants" ("genuine" posters with a grudge, not spammers) often use a female identity :)

Currently I am seeing a lot of people join up via VPNs; usually one called VYPR VPN. These are usually obvious spammers from other indicators so I don't let them post, but notably they are taking a lot of trouble to sign up, even uploading an avatar (the last one is a woman in a keep fit class, not wearing a whole lot :) ) and selecting the right country to match the signup IP.

I have two questions:

Do "normal people" use a VPN routinely for forum browsing? If so, what is the point, for non illegal activities? I see the latest Firefox comes with a VPN but it isn't free. If your browser supports a "non tracking mode" that chucks away cookies which does most of the job. A VPN changes the IP but doesn't alter any of the dozens of other client browser parameters which get potentially published to the server. This site will demonstrate the futility: https://amiunique.org/fp

Do people who use these "privacy VPNs" know which country that particular session terminates in? Historically a lot of spammers (and other "windup merchants") used the TOR browser and AFAIK on that one you don't know the terminating country (often it is in Africa, because the TOR browser is used for a lot of illegal stuff).
ataradov:
Yes, people use VPNs normally. If you are only using VPN for "illegal activities", then you are telegraphing to the world that you are currently doing something illegal when using VPN.

Also, people don't want to be spied on by their ISPs.

Also, some countries are overly zealous with their blocking of stuff (China, Russia). So using VPN that terminates in another country is almost a must.

One of the best captachas are the ones unique to the site. Something basic. Like this forum might ask you to solve Ohm's law or something like that. Lichess.org asks you to solve "mate in 1" puzzle before posting to their forum. Spam farms are bad at solving that stuff.

Pre-moderation on first post may help too. Especially if certain trigger words are present in the messaage.
peter-h:
Captchas are a funny one.

I got someone to produce a captcha which asked to multiply two numbers. Both numbers were presented as graphics so a bot for this would need to do OCR. It took the guy a few days to code this (in Ruby but it could have been PHP). It then took another clever unix programmer about 10 mins to write a bot which did OCR and pasted in the answer :) I don't have the details to hand but there is a unix utility which does OCR on a specified region of the page, so you don't even have to write any "software". So if you want to create a custom bot which creates 100 new signups and posts 1000 adverts for fake IELTS or whatever, it's very easy.

And the standard google captcha ("identify all images containing a bus") is hated by everybody, and often is very hard to solve. Some research indicates that it drives away a large % of the audience.

The basic issue is that there are people dedicated to doing this and they aren't stupid like they always were in the past. So blocking them has to involve something which they are not aware you will be looking for.

Sure I see a VPN being handy in China etc but for most online communities in the Western world there is negligible participation from these countries.

Pre-modding of 1st post remains a very good method.

I have a lot of admiration for whoever runs EEVBLOG which does not exclude posters from China etc. In fact they can't, since they accept adverts from JLCPCB :) But at least having adverts means you can employ a paid person to do this job. I don't have that luxury.
ataradov:
That's why you need a captcha that involves basic knowledge of the forum's subject. You can't automate that.

Let's say you have a forum about gardening. Your captcha may ask what type of fertilizer is not compatible with tomatoes, or something like that. Even if they OCR the question, the answer still not solvable by the computer. And if the number of questions is large an they are updated from time to time, then bots may just give up.

I also don't believe EEvblog does anything special against spam, just the normal captcha and manual reporting by forum members when there is spam.
Zero999:
Whist I do agree with asking questions, we need to bear in mind that this forum has a beginners section, so they have to be easy enough for someone with minimal knowledge to answer.

Severely limiting the number of accounts from the same IP and new posts per day/hour/miniute for those with under 100 posts would help a lot.

Moderation of the first few posts is a good idea, but labour intensive. It also needs to be smart. Quite often we get people signing up and creating pointless posts, such as "Thanks for the info.", "Nice site.", "I like electronics" etc. which aren't spam and don't violete the rules, only to change the signiture to spam, or start spamming later. Fortunately the staff here are smart enough to spot this pattern and ban such accouts, before they spam. Many users here have also seen this pattern, including myself and will report pointless posters.
Navigation
Message Index
Next page
There was an error while thanking
Thanking...

Go to full version
Powered by SMFPacks Advanced Attachments Uploader Mod