So... Regarding the Spam

  • #1
    I'm sure this has been talked about a ton, either here or behind closed doors, but...

    What's the deal? I know when you register, there's a CAPTCHA. Let's say you delete/ban the spam username. How are the rest getting through? If they're implementing workaround scripts for the CAPTCHA, man, whoever's sending out the bots is trying really, really hard.
    Blizzard Entertainment - Diablo III Community MVP
  • #2
    Regarding CAPTCHA, it's not as straightforward as it seems. For example, there are programs that help you download stuff from file sharing websites, and they come with built-in captcha circumvention. They work pretty well, to say the least.

    On a side note, captchas are not just a bot prevention, but they are a tool to OCR books. Read more about it on Google's reCAPTCHA website. And I'd like to mention the name Louis van Ahn, the father of crowdsourcing and the guy who came up with this brilliant idea in the first place (and many others, like the ESP game). Whenever you see one of these reCAPTCHAs, what happens behind the scenes is that one of the words is known (i.e., the traditional captcha check), but the other is "unknown" and one of the OCR fails from Google Books, and you are helping them to get the OCR right. Of course you don't know which one is the captcha check and which one is the OCR task, but the important thing to consider for bots/captcha script writers is this: the captcha check is probably a word that was successfully OCR'ed by the system before; the word that created troubles for Google's OCR is the word you don't need to get right. Therefore, a captcha image recognizer might only have 50% success rate on the captcha from our point of view, but for the purpose of passing the test it's significantly higher (and given enough iterations, you can get close to 100% I guess).

    TL;DR: Captchas are not great as a bot prevention (anymore).

    So, what helps?

    What we did on several other forums I'm a member of is to add a question specific to users signing up on that site. For example, on a soccer forum we ask a question that every soccer fan should know, but bots don't (i.e., Google and see if the result is on the first page). Of course it shouldn't be too complicated, you don't want to keep potential members out. It's also not completely fail-safe, but we've made good experiences. To be honest, the simple question "what's the greatest club in the world" on a fan site of that club kept all bots out, whereas traditional captchas didn't... and fans can sign up without a problem. Plus, the question "what's the best ARPG in the world currently" might keep all the PoE trolls out of DFans as well ;-)

    But the problem DFans is dealing with, in my opinion, is of another dimension: DFans is so huge and a successful advertisement from a bot here is so valuable that bots (or their owners) will solve the captcha (or answer any question) personally and then just let the bot pots its 10 spam topics. You have literally zero protection against this, unless you enforce rules like "no URLs before your 10th post", but as we've seen, this is even more annoying for new users.

    In my personal opinion, what would help is if the first post of every member would have to be reviewed and unlocked by a mod. However, this would require 1) at least one mod online all the time, thus 24/7 mod coverage (and 80% of the mods on DFans are inactive), and 2) changes to the forum software.

    Yeah, it's annoying as hell, and as you can see it's not the first time I have thought about this issue...
  • #3
    i dont remember what site it was on but its captcha was to assemble like a 4 piece puzzle lmao
  • #4
    On a site I moderate at we are increasingly getting spam posts that look like they are from people from 3rd world countries that are paid peanuts to advertise in threads with posts that look like a human could have written them, and they even respond to accusations of them being spambots, they then have adverts for pipeline companies/steroids/video streams etc. in their signatures.
  • #5
    This spam can be done manually. They don't need bots for that. there is no way to prevent it. Maybe minimize it, but yeah...Bagstone pretty much already summed it up.

  • #6
    There's services like projecthoneypot.org as well as stopforumspam.com

    stopforumspam keeps a database of known spammers, each entry has a username, e-mail address used to sign up, and the IP address of the spammer. They have a few 3rd party modules/plugins for forum systems, CMS's such as Drupal/wordpress, which can check new registrations against the database, you can choose what to check (username/e-mail/ip or 1 or 2 or all of them, set minimum number of times reported to be regarded as a spammer etc), and you can also submit the spammers on your website to their database so all the other forums using their database get an updated list :) Although I must admit if you're using phpBB their 3rd party plugin is pretty lackluster. The SMF and Drupal plugins are pretty good.

    projecthoneypot works a bit differently, their honeypot can be implemented on any website regardless of whether it's a forum or a CMS. They give you all the files you need to put up on the website, as well as some hidden html tags that you need to drop into your template to attract spammers to follow the link. Once they follow the link to the honeypot page, they get a simple "Terms & conditions" page, but the page also generates a random "mailto:" link hidden from the display. Only bots who are reading the source code of the page can pick it up. So when that e-mail inbox receives an e-mail then that IP address is logged as a threat :)

    I use their services on the forums I run and they just reduce the spam by a lot. It is a sure fire way (if configured correctly) to stop even human spammers if their e-mail/IP matches. I never match usernames because it's just ... dumb. But matching by e-mail and IP combination, as well as reported twice or more = spammer, and with this setting you're sure to reduce spam by at least 80% (number pulled from ass).
  • #7
    A heads up on this - we will be updating Dfans at some point in the somewhat near futuer to the system curse uses on other sites. With this update will come our self made spam detection sytem - should help big time then
  • #8
    Quote from Molster

    A heads up on this - we will be updating Dfans at some point in the somewhat near futuer to the system curse uses on other sites. With this update will come our self made spam detection sytem - should help big time then
    My plans have been foiled!







    Just kidding!
    Bashiok - Blizzard Representative - 08/01/2011 -"So how many skill combinations are there now? Well taking into account 6 active skills, all the rune combinations, and 3 passives we currently expect each class to have roughly 2,285,814,795,264 different build combinations."

    "Hey, I thought you'd like the witty irony of grub-on-glowie violence!"
  • #9
    Quote from Molster

    A heads up on this - we will be updating Dfans at some point in the somewhat near futuer to the system curse uses on other sites. With this update will come our self made spam detection sytem - should help big time then

    Awesome stuff :Thumbs Up:
    Blizzard Entertainment - Diablo III Community MVP
  • #10
    Quote from Molster

    A heads up on this - we will be updating Dfans at some point in the somewhat near futuer to the system curse uses on other sites. With this update will come our self made spam detection sytem - should help big time then


    Awesome!

    Will this also be fixed then: http://www.diablofans.com/streams ?
  • #11
    Quote from Bagstone

    Quote from Molster

    A heads up on this - we will be updating Dfans at some point in the somewhat near futuer to the system curse uses on other sites. With this update will come our self made spam detection sytem - should help big time then


    Awesome!

    Will this also be fixed then: http://www.diablofans.com/streams ?


    The new system has a section just for streams (better than that system ever was) - We can def have it enabled if there is demand
  • To post a comment, please or register a new account.
Posts Quoted:
Reply
Clear All Quotes