Possible anti-spammer tactics for consideration.

Discussion in 'Feedback and Suggestions' started by WBahn, Apr 19, 2012.

  1. WBahn

    Thread Starter Moderator

    Mar 31, 2012
    In the less than three weeks I have been a member, I have encountered two "people" that have joined and then started posting their crap to thread after thread after thread. I quickly reported them both times and, not surprisingly, the spammer continued making a lot of posts for some time afterward. That is NOT a criticism of the moderators since it simply takes time for any report to the moderators to actually reach a moderator and for the mod to review the situation and act. So, really, I am not complaining about any lack of response from the moderators at all.

    What I am suggesting, though, is that methods of further throttle this kind of activity be adopted, even though I know that achieving a balance so that legitimate users don't get caught up in the trap is going to be easier said than done. I'm sure that you have considered approaches before and I wouldn't be surprised if what I throw out hasn't already been considered and found wanting. But, who knows, maybe I will say something that will spark an idea that will work great.

    First off, why do I think it is a problem worth even addressing? In other words, isn't it reasonably easy to simply ignore two to five people a month doing this sort of stuff? Yes and no. Each spammer that does it contaminates a lot of threads, both ones that I monitor (am subscribed to) and ones that I've perhaps read but have not subscribed but am interested in how the discussion goes. I also regularly check to see which threads have recent activity in case a thread I've never looked pops up and is worth looking at. A spammer wreaks havoc with all of this and the effects last for a few days after the spammer is canned.

    Frankly, I don't know what these 'people' think they are accomplishing. Does this kind of crap actually produce enough business or traffic or whatever to be worthwhile? But that is neither here nor there.

    So what might be done about it?

    I don't know that I have a real good answer. I don't want to limit how many posts can be made per day, because any limit that would be effective would really hamper the more active folks. Limiting how many can be made per minute might be effective, but the spammer can slow down the rate to escape the filter and still throw a huge number of posts in an hour or so. I think the best thing would be to have a pretty quick throttle that might work something like this:

    If a person makes a third post within a minute time span, then they have to start dealing with the funky graphical letters on subsequent posts as long as they continue to post more than, say, one post every five minutes (and aren't allowed to make more than one post in a two minute window). If they continue at that rate for more than, say, ten minutes, then their posting access is blocked until a moderator reviews the situation and takes action. But if they go for an hour with at least five minutes between posts, then they are automatically reset to normal.

    Another way that would probably be effective is to compare the post that someone makes to the last post they made if that post was within the last hour and, if they are identical, then block further posts until a moderator reviews. Or perhaps you require three identical posts in an hour. You might only apply the rule to posters with fewer than a hundred posts.

    Someone that knows these rules could certainly craft a bot to skirt them and still be really annoying, but it would require that they research the rules and craft the bot, which is probably sufficiently bothersome to make the effort not worth it. They want easy targets and low hanging fruit.

    Another idea would be to use a "posting credits" that might work something like this: Each person has a posting credit balance that maxes out at, say, 1000. Each time a person makes a post, it costs them some credits to do so, with the cost being inversely proportional to the amount of time since their last post. Perhaps the cost is 100 credit-minutes so that someone that posts only a minute after making another posts loses 100 credits while someone that has waited ten minutes since their last post only loses 10 credits. On the other hand, someone that is using a bot to post every thirty seconds would lose 200 credits and exhaust their balance after just six posts (first one wouldn't have much, if any, cost) and no one would be allowed to post anything within 6 seconds of their prior post. It's hard to imagine a human attempting a second post in only six seconds or trying to make multiple legitimate posts with under a minute between them. Someone that is posting once every five minutes could make fifty posts without having a problem. To make the system recover, you can have it so that if they have waited more than 100 minutes since their last post, they now get credits at the flat rate of 1 credit/minute, meaning even someone that has exhausted their credit balance and can't make posts will have their full credit allowance restored in just under 17 hours.

    If someone attempts to post when they don't have any credits, you can give them a message telling them to attempt posting their message again two hours. If they have a positive balance, just not enough to make the post, you might go ahead and accept the post and give them a zero balance and throw up a message saying that, due to too many posts in too short a time, they will not be allowed to make another post for two hours.

    I don't know if the site has someone that is comfortable digging into the vBulletin code or not. I'm a member of another site where the forum founder was a big time PHP guy and he would add enhancements in an amazingly short time. I don't know how much control the standard code allows the admin.
  2. panic mode

    Senior Member

    Oct 10, 2011
    i was thinking about same thing but there is no easy way out.

    set quotas? (ie fresh account can post no more than one post a day, after week, bump it up etc.)

    use time limit? between posts? humans cannot type very fast so anyone posting 10-30 messages a minute must be spammer.

    automatic hold/freeze for account that was reported by N users?

    use capcha or similar verification?
  3. WBahn

    Thread Starter Moderator

    Mar 31, 2012
    Nope - no easy way. You want something that is not going to provide a noticeable limit or inconvienence to real users, including new users.

    I hate CAPTCHA. I'm willing to tolerate it as part of the registration process, but I'll be honest and say that when I had to jump through those hoops (which can be real annoying with my failing vision) for the first couple of posts I almost said screw it and went away because I assumed that I was going to have to do that for every post and that just isn't worth it to me.

    But, I have to admit that I admire the cleverness of the way spammers get around CAPTCHA. One trick is to set up a porn site where you have to solve a CAPTCHA for each image you want to see. Then they have there bot grab the puzzle from the site they are trying to access, use it on the porn site, and have the human solve it. Supposedly they can get enough traffic to sustain a moderately aggressive attack in real time.
  4. Georacer


    Nov 25, 2009
    Well... That was a really well thought first post. But sadly, all I can add to it, is "wouldn't it be nice if we could play with these options?".

    You see, the admins of AAC don't have that much time in their hands and the development of the site is stale at the moment.
    Also, to be fair, the site has thousands of users visiting daily. Would you risk annoying them in case the system didn't work as planned? What procedures would you undergo to ensure a smooth transition?

    I have a personal forum of some tens of users and my colleague won't tolerate minutes of downtime, let alone posting troubles.

    That said, you might have had an unlucky experience. Usually spammers get eradicated half a day at most after their first post and certainly a few hours after they are reported.
    I blame the Easter vacations and my absence for that.
  5. DumboFixer

    Active Member

    Feb 10, 2009
    The method I use on my forum is to check the username/IP against a database when they register. If their details are found in that database they csnnot continue with the registration. It's not perfect but it has cut down my spammer registrations by around 95%. Admittedly my site is nowhere near as busy as this one.

    The code to do this is only a few lines of PHP code.

    Personally I think the Mods here do a great job of dealing with the spammers.
  6. Georacer


    Nov 25, 2009
    I confirm that registrations in AAC are filtered by a couple of spammer lists. By username and mail.
  7. Wendy


    Mar 24, 2008
    Fact is, we are victims of our own success. This site gets huge numbers of hits, which makes us a target for spammers. This time they got lucky, it is going to happen.

    Other similar sites have been hacked. That hasn't happened here. It is all relative.

    Personally I share the pain. When I was a user all I could do was knash my teeth. Now I use stealth mode, and I have to admit it gives me great pleasure to catch them on the beginning of a run.
  8. #12


    Nov 30, 2010
    There is already a time limit in place that says I can't report 2 spammers without waiting a minute between reports...I suggest a time limit that says a spammer can't spam twice in less than a minute.

    Seriously...my average turn around time in an active thread is 15 minutes. A one minute limit wouldn't bother me at all.
  9. Markd77

    Senior Member

    Sep 7, 2009
    Going at it from another angle, and probably also not possible, if a post gets reported 3 times, lock the user. Limit the reporting to users with at least 10/100? posts so some idiot can't create 3 accounts and lock users up.
    strantor likes this.
  10. MrChips


    Oct 2, 2009
    Good idea, with some extra conditions:
    - if post gets reported by 3 different senior members
    - if the op has fewer than n posts ( n = 25?)
    justtrying likes this.
  11. Wendy


    Mar 24, 2008
    Or we can do what we have always done.

    Use automation to:
    Ban the spammer.
    Delete all his posts.

    In the end it doesn't matter. I do understand the aggravation, but over reaction to the problem is worse.

    This guy got lucky, and you guys have no clue how much spam we handle. As bad as you think it is, it is worse. These guys are numerous and persistent.

    We have some nifty tools to help, and all users are already screened through the lists as have been suggested. Most do not get through our filters. The fact is we are an irresistible target.

    In the end the advice is the same as always. Use the red triangle to report spam, and don't reply to the spammers (also known as feeding the trolls). Sometimes it may take longer than we like, but they will disappear as if they never existed.
  12. bertus


    Apr 5, 2008

    Always use the report button [​IMG] to report the spammer.
    This will send an email to all moderators and administrators.

    When a spammer is "decimated" the information in the post will be used to enhance the "automoderation" feature.
    This means the next try of the spammer will be taken "out of sight" to the normal users.
    We moderators still can see the posts and will react on them by "decimating" the spammer.
    During the "decimation" process the spammer is banned and his IP can be blocked.

  13. Wendy


    Mar 24, 2008
    I am pretty sure I decimated the same guy earlier this morning. You folks never saw him, as he could not post directly, and gave up after 3 tries.
  14. K7GUH


    Jan 28, 2011
    There is no easy way. I was a moderator on another board (before Vbulletin was invented) for nearly 20 years. We were repeatedly attacked by spammers, and worse yet, trolls looking to provoke a response. We had at least one moderator for each forum, and a forum just for moderators. Two things did work: (1) a new member had to provide a verifiable e-mail address, with sufficient information to establish that it was a real person, and (2) a new member had to provide a reference to an already established member who could vouch for their integrity. This, plus a zero tolerance for spammers, hijackers, and trolls, kept the moderators busy, but it took only a few gotchas to slow down the noise from each source. The moderators could and did delete troublesome posts and troublesome members without notice.
  15. Wendy


    Mar 24, 2008
    We do not require a recommendation, but other than that the other rules are in place. I have a little problem killing posts and banning members, but have done it and will do it when needed. Trolls are a bit harder, but over time they go away, one way or another.
  16. R!f@@

    AAC Fanatic!

    Apr 2, 2009
    This is interesting even thought I still have no idea why people spam.

    I like to know what actually means hacked.
    Cause forumW was one of my fav. Now google results show it is hacked and is down for good.
    Does hacking destroy a forum.
    If so how? I mean it can always comes back as long as the more active members are willing to continue, won't it ?
  17. bertus


    Apr 5, 2008
  18. Wendy


    Mar 24, 2008
    A site has some resemblance to a fortress. We offer a open service while trying to keep the tender parts out of harms way. Hackers try to find their way around the walls through hook or crook, so they can gain control of the computer hosting the site.

    This is where backups come in. If they succeed they usually start trashing the place, and making themselves at home. Eventually someone local takes back control of the computer though, and the walls are repaired, and hopefully made stronger. The repairs are done with the backups.