On another Php board we're being eaten alive by spambots. It's gotten so bad that we've had to temporarily lock out new users until we've found a solution to the problem.

I haven't noticed that being an issue here on GiTP. Do you have any suggestions for solving this problem? PM or e-mail welcome if public discussion is too sensitive. Or do we just have the sleepless T-800 known as Roland who spends every hour of his life drilling spambots and trolls with his trusty two guns?

Is Roland even human anymore? Or is he some sort of immortal undead bound to this board forever, protecting it from dangers mere posters were not meant to wat of? If so, what's the ritual by which such are created ? We could use one.

Respectfully,

Brian P.

GitP asks a question during registration that requires a human to answer. A small forum I run has a similar mod installed, where we have a question during registration. We can set the question to anything ("What color is grass?," "What's the third word in the description of the Gaming forum?," etc).

CAPCHA is, more and more, becoming computer-decipherable. So while that used to be the answer, it's becoming less effective. (And, in my opinion, that's a good thing, because I find reading those damn images to be a major pain in the ass.)

The single most important requirement for a truly effective spambot filter is, I think, that it be unique to your site or at least used by very few sites. This site, for example, displays a picture of an OotS character and requires identifying the character by name in order to register. This would not be difficult for a spambot writer to beat, but it would be completely specific to only this one single web site and is therefore probably not worth the spambot writer's time and effort.

The key to this type of filter is to create an obvious and trivially easy to solve - for humans - mapping between a set of images and text responses, but make the mapping correspond to something unique to your site that any general purpose algorithm, such as text recognition, would fail to recognize.

I think some places automatically hide and mark for review any post that pings a Bayesian filter. While it takes time for the filter to 'learn' how to spot spam, it would presumably work pretty well as an incentive for spammers to leave the site alone.

We do depend to some extent on Roland St. Jude's badassery - any spam bot would have to be customised to its target site in any event, so even with a site-specific captcha, it's also important to get spam dealt with quickly, so that there's no real incentive to get a spam bot onto the site.

I've seen quite a few spam bots turn up here, but they get flagged and deleted pretty quickly. Orphaned posts might actually be a worse problem in our case.

Obviously you weren't around right before the new registration question. There were, typically, 2 or 3 spam threads in EVERY forum. They normally got cleaned out whenever a mod came online, which could be as much as a 4 hour wait, but it was pretty bad.

As mentioned, the key to stopping them is an incredibly easy question that requires parsing a fairly complicated set of instructions. That it is specific to GitP is simply a bonus. Roland can probably offer more insight into how effective the filter is. Just off the top of my head, you might want to commission some art relevant to your RPG discussion and make identifying it a requirement to join. Things like "Dragon," "Tentacle," or "dwarf" would probably work. Then again, those are probably too open ended to be of use.

Is Roland even human anymore?

:smallconfused:

:smallconfused:

We know he was human once. We've found him on a popular social networking site, though which one escapes me.

What exactly happened to him on that blustery autumn day that changed everything no man may know. And I for one pray we never find out.

You're saying Roland is no longer human?
But that's impossible! If that were so, then he would easily control us wi--

There is no mind control, citizen. I will go back to my fun.

According to wikipedia spambots can rarely bypass the requirement of email verification, but iIdo not know much about computers so I cannot say I'd know whether thats true or not. On a side note, what are orphaned posts?

Well, yesterday, day before (I forget), there existed a set of spam threads that were up for a few hours, at least.

I suspect he does sleep, rarely.

Well, yesterday, day before (I forget), there existed a set of spam threads that were up for a few hours, at least.

I suspect he does sleep, rarely.

BLASPHEMY!

It's a lie. :smallcool:

According to wikipedia spambots can rarely bypass the requirement of email verification, but iIdo not know much about computers so I cannot say I'd know whether thats true or not. On a side note, what are orphaned posts?

Wikipedia is pretty naive. Or so I should say, the person who added that particular bit of info is pretty ridiculously naive.

Given that most "email verification" simply entails clicking on a link in the email once, that's not exactly rocket science to do.

It's probably better to get this information on an actual internet security site, rather than a community edited wiki where any person with internet access can claim professional knowledge.

I suspect he does sleep, rarely.

Roland needs no sleep.

I suspect he does sleep, rarely.

DO NOT PROFANE THE ROLAND MYTHOS!!!

Phn'glui mglw'nafh Roland GITP not-wagn'nagl not-fhtagn!

On a side note, what are orphaned posts?Occasionally someone will get a post into a spam thread while it's original post is being deleted. Post #2 becomes the first post. Since it is (typically) a response to the statement that is no longer there, it is termed an "orphan".

Occasionally someone will get a post into a spam thread while it's original post is being deleted. Post #2 becomes the first post. Since it is (typically) a response to the statement that is no longer there, it is termed an "orphan".

Another reason not to reply to spam.

Another reason not to reply to spam.Yes, aside from the Forum Rules telling us not to do it. :smallcool:

It is not a good idea to leave your post as a poor orphan that spends its life in and out of foster threads and advice threads, and leading eventually to getting involved with the wrong kinds of threads and possibly one day even being incarcerated in the feared Secret Hidden Moderator Penitentiary Forum For Misbehaved Posts, never to be seen again. It's a sad, sad life for a post. Don't do that to it. Please?

:smalltongue:

Another nice trick I've seen in another forum is that you must post 5 or 10 posts before being allowed to post in most sections. Just about the only one section open is the "newbies introduce yourself here" section. Even if the spambot goes to the right section it seems like it would be easy to monitor for rapid deletion.

Phn'glui mglw'nafh Roland GITP not-wagn'nagl not-fhtagn!

my god ive not laughed like that for quite a while. i might sig this with permission... pweaaaaase?:smallredface:

Go ahead. Every time someone sigs one of my quotes the doors of my accursed prison weaken and I get that much closer to sweet sweet vengeance.

We know he was human once. We've found him on a popular social networking site, though which one escapes me.

What exactly happened to him on that blustery autumn day that changed everything no man may know. And I for one pray we never find out.

Wasn't he bitten by a radioactive mod, causing him to turn into Super Moderator?

Well, yesterday, day before (I forget), there existed a set of spam threads that were up for a few hours, at least.

I suspect he does sleep, rarely.

I still like the theory that there are 3 of him, one in America, France and Australia so he can be on at all times.

How did they accomplish this? They kidnapped two of the lost mods and reprogrammed them so that they were convinced they were both Roland.

On topic: How effective is requiring an admin to verify accounts before posting is allowed?

On topic: How effective is requiring an admin to verify accounts before posting is allowed?

I imagine that would be too much work for any single administrator, at least on forum as widely popular as GitP. So while it would probably be quite effective, but I also imagine it's just too much work.

But then, I'm not really tehnically savy when it comes to these things and I may be miles off the mark.

I still like the theory that there are 3 of him, one in America, France and Australia so he can be on at all times.

How did they accomplish this? They kidnapped two of the lost mods and reprogrammed them so that they were convinced they were both Roland.

On topic: How effective is requiring an admin to verify accounts before posting is allowed?

How, exactly, would one verify the account? Ask for a phone number and call them at home? Take them out to lunch? Short of actually talking to someone in person, you can't prove it's a legitimate poster and not the writer of a spambot, and all talking in person will verify is that you haven't talked to them before. (Repeat offenders)

And it would be quite a considerable amount of work.

A question or two, something unique, would be best. Spambots are all about being convenient for the people who use them. If one small forum has a unique question, it's usually not worth the trouble to program the bot to get past that.
It could be a question like "What color is grass?" or a DnD question like "A Fireball spell is resisted with what save" (Answer, Reflex).

How, exactly, would one verify the account? Ask for a phone number and call them at home? Take them out to lunch? Short of actually talking to someone in person, you can't prove it's a legitimate poster and not the writer of a spambot, and all talking in person will verify is that you haven't talked to them before. (Repeat offenders).
Ask some sort of trivial question in the registration process. One that would be too cumbersome/impossible for a computer to check, but that an Admin could tell fairly easily if it's a bot. Something like "Using between 10 and 15 words, describe your favorite type of pizza."

Ask some sort of trivial question in the registration process. One that would be too cumbersome/impossible for a computer to check, but that an Admin could tell fairly easily if it's a bot. Something like "Using between 10 and 15 words, describe your favorite type of pizza."

For some weird reason, I did not associate "verify" with that idea, that I already like. Workload might be high on popular sites, though. I take back my incredulity.

Thanks for the ideas!

Respectfully,

Brian P.

You are welcome.

Thanks guys. We went the question route and are now able to welcome new users once again. Yay!

Respectfully,

Brian P.

The question should note that it does or does not want lastnames (Roy vs. Roy Greenhilt, Haley vs. Haley Starshine, Durkon vs. Durkon Thundershield)

The question should note that it does or does not want lastnames (Roy vs. Roy Greenhilt, Haley vs. Haley Starshine, Durkon vs. Durkon Thundershield)

Either or. Both work.