Spambots

Want to just shoot the breeze? Forum 42 is the place!

Moderator: Moderators

Post Reply
User avatar
jdmlight
Posts: 795
Joined: Thu Dec 27, 2007 11:17 pm
Steam ID: jdmlight
Location: A boring suburb of Chicago.

Spambots

Post by jdmlight » Sat Oct 22, 2011 1:32 pm

There seem to be a lot of spambots lately. I use the report button to report all spambots I see, but I'm curious if there's possibly a better way of preventing bots from creating accounts in the first place.
  • The current spambot prevention mechanism uses (as I counted) 11 different questions which are supposedly only human-answerable. Maybe this list of questions could be expanded/refreshed with new ones?
  • Something I noticed when figuring out what the current questions are: would it be possible to block a user who fails to enter the valid answer to one of these questions more than a certain number of times?
  • Maybe have more than one of the above questions?
  • Maybe block email addresses from typically-spam email addresses? (ones ending in .ru, .biz, etc)
  • Do captchas work? I think they're annoying (and I bet everyone else thinks they're annoying too), but you only have to go through it once. Then again, it's entirely possible that they've been hacked by now and aren't effective.
  • Is there a different way of activating user accounts that would reveal spammers better? Currently users are activated by sending an email to a valid email address, then clicking the link in that address.
  • Another method I've seen is based on the amount of time a user takes to type a reply to a topic or create a new topic. This type of thing would reject any posts that take less than five seconds or so to create, as a typical reply would take at least five seconds for a human to type, but much less time for a spambot to copy/paste.
If someone has an idea for an anti-spam method, but is unsure of how to implement it, I'd be happy to make a stab at it in PHP. I should be able to write a basic function in PHP, otherwise I'd be embarrassed to call myself a senior CS major. :lol:

Feel free to move this topic if it's in the wrong place/delete it if it's not appropriate.
--John (and please call me John, it's really weird to be called by my username)
Fight MS Paint abominations! If you don't have a camera, go here, and pick something 3 megapixels or higher.

User avatar
palmertech
Senior Member
Posts: 3225
Joined: Sat Feb 02, 2008 1:40 am
Location: California, land of the homeless and hippies
Contact:

Re: Spambots

Post by palmertech » Sat Oct 22, 2011 9:51 pm

The thing is, you don't actually need bots these days. A lot of spam is posted by low-paid workers in China or India, and getting through those spam prevention systems is no problem. Software can automate the entire process aside from the actual captcha/security question solving, so they can move pretty fast.

In fact, you can use humans to solve captchas the human even knowing! Suppose you run a video streaming site, hosting pirated anime. Now, say you require every single person who watches the video to solve a captcha before pressing play. If you have a pretty steady stream of visitors, you can actually sell captcha solving services! Basically, your client feeds you a continuous stream of captchas from sites they are spamming, and then you display them as your "captcha" on the video site. The viewer solves the captcha, and the answer is fed back to the client's software, allowing yet another spam account to be made.

#3 and #7 of your suggestions are the best.
Image

Excellent

User avatar
jdmlight
Posts: 795
Joined: Thu Dec 27, 2007 11:17 pm
Steam ID: jdmlight
Location: A boring suburb of Chicago.

Re: Spambots

Post by jdmlight » Sun Oct 23, 2011 10:20 am

Using low-paid workers instead of bots explains why so many of the spam posts are getting closer to http://xkcd.com/810/.

I'll keep that in mind if I happen to come across any more spam-prevention methods.
--John (and please call me John, it's really weird to be called by my username)
Fight MS Paint abominations! If you don't have a camera, go here, and pick something 3 megapixels or higher.

User avatar
weaponepsilon
Posts: 1090
Joined: Fri Jan 11, 2008 12:04 am

Re: Spambots

Post by weaponepsilon » Sun Oct 23, 2011 11:22 am

Maybe in an effort to stop the lowpaid international workers pandemic, perhaps we should use a simple method. I know I sound like a jerk saying this, but what if some of the questions involved American cultural references? I mean seriously, unless you were from around here, you wouldn't know simple things and it would make it harder for bots/foreign workers to make spam accounts. The only downsides I see are legit international users being stumped and spammers working harder on google...
http://www.xboxlc.com/profile/weapon_epsilon
Image
Trade thread!
http://forums.benheck.com/viewtopic.php?f=11&t=24425" onclick="window.open(this.href);return false;
Currently owned: (In response to Tibia)

52 platforms; 67 individual systems; 919 singular games (0 doubles!); 2 arcade cabs

User avatar
palmertech
Senior Member
Posts: 3225
Joined: Sat Feb 02, 2008 1:40 am
Location: California, land of the homeless and hippies
Contact:

Re: Spambots

Post by palmertech » Sun Oct 23, 2011 11:25 am

That is a solution, but a lot of the people here are from Europe, or other places in the world that would not get it, either.

The solution we used on my site (ModRetro) was to just ban all of India and China. Like, the entire countries. :P They get a message saying that if they would like to register, they need to email an administrator explaining that they are not a spammer. Thus far, we have not gotten a single email.
Image

Excellent

User avatar
weaponepsilon
Posts: 1090
Joined: Fri Jan 11, 2008 12:04 am

Re: Spambots

Post by weaponepsilon » Sun Oct 23, 2011 11:40 am

palmertech wrote:That is a solution, but a lot of the people here are from Europe, or other places in the world that would not get it, either.

The solution we used on my site (ModRetro) was to just ban all of India and China. Like, the entire countries. :P They get a message saying that if they would like to register, they need to email an administrator explaining that they are not a spammer. Thus far, we have not gotten a single email.
Didn't know that was possible. I was just thinking of inserting questions like "Who was president in '94?" "What show is Peter Griffin from?" "Whats a Red State?" Still us silly Americans probably wouldn't get half of them right....but it would keep the idiot quotient down...
http://www.xboxlc.com/profile/weapon_epsilon
Image
Trade thread!
http://forums.benheck.com/viewtopic.php?f=11&t=24425" onclick="window.open(this.href);return false;
Currently owned: (In response to Tibia)

52 platforms; 67 individual systems; 919 singular games (0 doubles!); 2 arcade cabs

User avatar
armarares
Posts: 69
Joined: Thu Jul 28, 2011 6:48 pm
Location: romania

Re: Spambots

Post by armarares » Mon Oct 24, 2011 2:10 am

Instead of asking American cultural questions,it would be better to ask simple gaming and electronics questions.
I never give up. But I always fail.

Haunted360
Posts: 1000
Joined: Sat Jan 30, 2010 12:22 am
PSN Username: Haunted360
360 GamerTag: Haunted 360
Location: Australia
Contact:

Re: Spambots

Post by Haunted360 » Mon Oct 24, 2011 7:27 am

Exactly. Ben Heck can just change the security questions to something a little better. Just saying.

User avatar
weaponepsilon
Posts: 1090
Joined: Fri Jan 11, 2008 12:04 am

Re: Spambots

Post by weaponepsilon » Tue Oct 25, 2011 7:16 pm

HAH! One should be all in 1337 and have it be a yes/no question....
http://www.xboxlc.com/profile/weapon_epsilon
Image
Trade thread!
http://forums.benheck.com/viewtopic.php?f=11&t=24425" onclick="window.open(this.href);return false;
Currently owned: (In response to Tibia)

52 platforms; 67 individual systems; 919 singular games (0 doubles!); 2 arcade cabs

User avatar
armarares
Posts: 69
Joined: Thu Jul 28, 2011 6:48 pm
Location: romania

Re: Spambots

Post by armarares » Fri Nov 04, 2011 5:45 am

Have you seen the"Hacking Videogame Consoles - The Book" sub-forum?
It is a mess!
I never give up. But I always fail.

User avatar
gannon
Moderator
Posts: 6974
Joined: Sun Apr 04, 2004 4:48 pm
Location: Near that one big lake
Contact:

Re: Spambots

Post by gannon » Fri Nov 04, 2011 8:45 am

I'd agree that the sheer amount of bots recently seems out of the norm, at least from when I was more active. In the past few days since I started coming here again I've deleted/banned at least 10 different bots.
That being said, the moderators / admins do get around to taking care of bots and reports when we are available. Unfortunately that's not 24/7. I'd welcome any suggestions for better ways to prevent bots from registering.

User avatar
jdmlight
Posts: 795
Joined: Thu Dec 27, 2007 11:17 pm
Steam ID: jdmlight
Location: A boring suburb of Chicago.

Re: Spambots

Post by jdmlight » Fri Nov 04, 2011 4:56 pm

gannon wrote:I'd agree that the sheer amount of bots recently seems out of the norm, at least from when I was more active. In the past few days since I started coming here again I've deleted/banned at least 10 different bots.
That being said, the moderators / admins do get around to taking care of bots and reports when we are available. Unfortunately that's not 24/7. I'd welcome any suggestions for better ways to prevent bots from registering.
An audio forum I just registered on has it so that a new member's first couple of posts have to pass moderator approval before they're put on the forum. Once the user is determined to not be a spambot, they can post as normal. This seems like it would be very effective to me. The only potential problem I see is that I'm not sure how much of an additional burden that would place on the mods.

Here's another potential idea, based around a pretty simple concept. Basically it changes the "register.php" page name to "register_something_else.php", which a bot isn't looking for. http://www.phpbb.com/community/viewtopi ... 5#p9330945
--John (and please call me John, it's really weird to be called by my username)
Fight MS Paint abominations! If you don't have a camera, go here, and pick something 3 megapixels or higher.

Post Reply