Forum Archive

Go Back   3D Realms Forums > General Topics > Programming Forum
Blogs FAQ Members List Social Groups Calendar Mark Forums Read

Notices

 
 
Thread Tools
Old 12-12-2006, 08:13 PM   #1
wayskobfssae

wayskobfssae's Avatar
forum spam...
Just out of curiosity, thought maybe some of you folks would have some experience in this. Not necessarily looking for a solution, but I'm at least curious to what others have seen/heard.

Over roughly the past year, heavy spam attacks have managed to infiltrate just about every popular piece of message board software out there. Admins and mods are unable to figure out how they're getting in, and the most they've been able to manage is hiring a healthy dose of moderators to kill them quickly and efficiently. But what the heck is going on? Where is this sudden surge coming from or what caused it? Have the bots learned how to interpret the graphical codes (the ones that users have to type in to prove that they're human)? Is anything being done to put a crackdown on it? Every single one of my boards (except 3DR) has been hit, and everyone feels pretty much helpless to do anything about it.
__________________
"A Nightingale in a Golden Cage... that's me locked inside Reality's Maze" -- Nightwish
wayskobfssae is offline  
Old 12-13-2006, 12:48 AM   #2
ADM

ADM's Avatar
Re: forum spam...
3DR has it as well.. the difference is the ones that you find that slip through all of those things aren't bots, but humans.

Also those "graphical codes" aka captcha suck. Most bots can go around them.. have a look at this test that some guys did:
http://www.cs.sfu.ca/~mori/research/gimpy/

Oh and some reasons not to use captcha:
http://www.bestkungfu.com/?p=445

Best things to do are email verification PLUS human verification.. so someone signs up and they are forced to approve their registration via email, then they are added to a mod queue to be approved by the admin.

That's how we have it here, that way you filter out the bots (who don't approve emails, though having said that some can) and then they still have to get past the human test (ie you manually approving accounts.. you can tell what is suspicious or not).
ADM is offline  
Old 12-13-2006, 04:14 AM   #3
Foxy
Re: forum spam...
There's a flood of the damned things at my home-forum. My guess is they queue up registrations in advance and pay lackies to defeat the verification in bulk. Then the bots go spam with the accounts.
Foxy is offline  
Old 12-13-2006, 05:54 AM   #4
jimbob

jimbob's Avatar
Re: forum spam...
is there a good way to secure a guesty book aswel? those need to be simple enough for any dimwit to leave a message but secure enough to keep spam bots out.

a site of a friend is being spammed with auto generated commercials ( with URL tags wich dont work ) but we want to stop it but preferably without an graphical code or other sign up stuff because its a guest book. thanks.
__________________
"Check out the polygons on jimbob's girlfriend!" killerbyte
"Jimbob, you're a god-damned genius" rollingbrass
"You are a god among men" Water12356
jimbob is offline  
Old 12-13-2006, 09:16 AM   #5
Iggy

Iggy's Avatar
Re: forum spam...
Quote:
Originally Posted by ADM View Post
Best things to do are email verification PLUS human verification.. so someone signs up and they are forced to approve their registration via email, then they are added to a mod queue to be approved by the admin.
Based on my personal experience with a board I run this is a very good solution. About 99% of the spambots get stopped before they can do any harm. I also advice this to other admins who are dealing with spambots signing up.

Of course next to this are forums where there is actually a section where admins/mods put the topics in that spambots created, like it actually has a value or something. Really silly if you ask me.

Quote:
Originally Posted by jimbob View Post
is there a good way to secure a guesty book aswel? those need to be simple enough for any dimwit to leave a message but secure enough to keep spam bots out.
Perhaps putting new entries on hold for approval could be an option but I doubt this will stop spambots.

I have a tagboard and a guestbook at almost all of my sites and the funny thing is that the guestbook gets haunted by spambots where the tagboard (which techically exactly the same) is being left competely unharmed. It's like spambots react on keywords such as 'guestbook' or something.
__________________
Duke4Ever || The Game Collector's Market - Forum for game collectors.
"That Nordbergian wench could be a handful! Several." - Gnarl (Overlord 2)
Last edited by Iggy; 12-13-2006 at 09:22 AM.
Iggy is offline  
Old 12-13-2006, 04:02 PM   #6
Usurper

Usurper's Avatar
Re: forum spam...
Had a problem with 3 or 4 spammers a week. On my forum, I put the following on the registration page:
Quote:
Attention New Members

This board requires email validation. Please keep the following in mind:
If you don't validate your registration within 24 hours, I am going to assume you are a spambot and delete the registration.
If you register with an AOL email address, AOL is likely to block the registration email, mistaking it for spam. Sorry, there's nothing I can do about that.
If you are using a hotmail, yahoo, or gmail account and you don't get the registration email within 20 minutes, make sure you check your bulk or junk messages folder in case it was sorted there.
Set validating entries to delete if not validated in 24 hours. Then, unfortunately, I was forced to block all *@*.ru email addresses, since most of the spammers were using Russian email addresses.

It worked quite well. Out of the last 15 registrations, only 1 has been suspect, but with no spam in the sig, we've let it be so far.
__________________
Meadhall of the Comitatus | RTCM
Usurper is offline  
Old 12-13-2006, 04:41 PM   #7
Destroyer
Re: forum spam...
oh ya spam blows. we have forums for out local university ACM chapter and we get about 5 new spam accounts created everyday. and i have to go manually delete them. what sucks is we dont have acces to the server the forums are running from so we cant even really change anything.
Destroyer is offline  
Old 12-13-2006, 06:08 PM   #8
jimbob

jimbob's Avatar
Re: forum spam...
Quote:
Originally Posted by Iggy View Post
Perhaps putting new entries on hold for approval could be an option but I doubt this will stop spambots.

I have a tagboard and a guestbook at almost all of my sites and the funny thing is that the guestbook gets haunted by spambots where the tagboard (which techically exactly the same) is being left competely unharmed. It's like spambots react on keywords such as 'guestbook' or something.
that might work, i noticed that the spam is considerably less than what it used to be so maybe the admin got some filter working or something. i havent had the chance to speak to him about it.
__________________
"Check out the polygons on jimbob's girlfriend!" killerbyte
"Jimbob, you're a god-damned genius" rollingbrass
"You are a god among men" Water12356
jimbob is offline  
Old 12-13-2006, 09:09 PM   #9
Yatta

Yatta's Avatar
Re: forum spam...
Quote:
Originally Posted by ADM View Post
3DR has it as well.. the difference is the ones that you find that slip through all of those things aren't bots, but humans.
They can be bots as well. I was able to get rid of them on Duke4.net by adding a required custom profile field with heavily restricted input requirements.

Quote:
Best things to do are email verification PLUS human verification..
I've found human verification is not much better. Bots these days tend to use the same e-mail addresses as humans, so you really can't tell if the "person" signing up is a machine or not.
Yatta is offline  
Old 12-13-2006, 10:08 PM   #10
Jiminator

Jiminator's Avatar
Re: forum spam...
i have suggested it on other forums, but how about something that auto-kills bans users posting urls/images in their first few posts?
__________________
big badass nasty weapons here....
Jiminator is offline  
Old 12-13-2006, 10:32 PM   #11
Yatta

Yatta's Avatar
Re: forum spam...
Not a good idea at all. What if the URLs and images are sources of useful/relveant information that they registered just to share with other forum members, or if their first post confidentially contains something like that?
Yatta is offline  
Old 12-13-2006, 10:56 PM   #12
Mongorian
 

Mongorian's Avatar
Re: forum spam...
Having to manually type in a random code that is placed inside an image that only a human eye can see is a great way to get rid of bots.
Mongorian is offline  
Old 12-14-2006, 03:29 AM   #13
ADM

ADM's Avatar
Quote:
Originally Posted by jiminathare View Post
i have suggested it on other forums, but how about something that auto-kills bans users posting urls/images in their first few posts?
Something like this could work. I use something similar in my comments on brightfalls.com -- if someone posts more than 5 links in one post then it gets tagged automatically as spam and sent to a queue.

I think the best way to avoid getting spam is use the Akismet API.

Quote:
Originally Posted by Mongorian View Post
Having to manually type in a random code that is placed inside an image that only a human eye can see is a great way to get rid of bots.
See my second post. Captcha images are useless.
ADM is offline  
Old 12-14-2006, 07:29 AM   #14
Foxy
Re: forum spam...
Not if you don't use text. Maybe have a dozen different images of household objects, and ask 'what is this?' TopWebComics does a similar thing with comic characters when you vote.
Foxy is offline  
Old 12-14-2006, 10:41 AM   #15
ADM

ADM's Avatar
Re: forum spam...
Quote:
Originally Posted by Foxy View Post
Not if you don't use text. Maybe have a dozen different images of household objects, and ask 'what is this?' TopWebComics does a similar thing with comic characters when you vote.
In that case then yes it wouldn't be as useless as the current implementations are. The problem though then would be that the item you use would have to be visually accepted amongst many cultures.
ADM is offline  
Old 12-19-2006, 05:33 PM   #16
Hendricks266

Hendricks266's Avatar
Re: forum spam...
Quote:
Originally Posted by ADM View Post
Quote:
Originally Posted by Mongorian View Post
Having to manually type in a random code that is placed inside an image that only a human eye can see is a great way to get rid of bots.
See my second post. Captcha images are useless.
Correct. Ever heard of OCR (Optical Character Recognition)?
Hendricks266 is offline  
Old 12-20-2006, 06:43 AM   #17
Foxy
Re: forum spam...
Straight OCR only works on printed text. It won't beat obfuscated captchas.
Foxy is offline  
Old 01-03-2007, 04:38 AM   #18
PlayfulPuppy
Re: forum spam...
I saw a great CAPTCHA system a while ago that served a fantastic double-purpose.

When signing up, you had to read through the forum rules and take an 'entrance exam' that made sure that both:

a) You could understand and respond to english, and therefore are not a robot.
and b) That you understood (And were made to remember) the forum rules.

The system still leaves a few problems in its wake, however:

a) It takes a good 10 minutes or so to sign up, so it would only really work well for special interest sites. More general sites such as MySpace or Yahoo, that (Partially) depend on users joining quickly and without hassle wouldn't benefit. Those who are thinking that 10 minutes to join a site is far too long and annoying, remember you only have to register once.

b) While you could rotate through a selection of questions, a well-targeted bot could learn the responses in no time. Yet again, special interest sites are not affected as much, as most are only prone to drive-by spamming as opposed to focused, intentional attacks.

c) It still doesn't stop the low-pay sweatshop workers from breaking through. It can act as a deterrant, however, as these people probably get paid by the site or have to maintain a quota, so spending 10 minutes on a single page is a complete waste of their time when they could make about 100 other accounts on other pages during that period.

So, all up, this is probably my favorite unmoderated technique. It discourages spammers, drive-by trolls and also has the bonus of making sure new users fully understand at least a good section of the forum rules.

For larger sites, or sites that are still growing and need the user throughput, I'd probably recommend KittenAuth. It's quick and easy for users, almost impossible for a drive-by bot to decipher if implemented correctly, and it's darn cute. It doesn't stop the sweatshop workers, but paired with an email verification system and diligent moderation you should be as spam-free as you can possibly get.

[edit] As a note, I don't believe that the pictures that the KittenAuth testbed uses are chosen very well, as many of the pictures look startlingly similar (Such as those of foxes and dogs). However, the theory is sound.
Last edited by PlayfulPuppy; 01-03-2007 at 04:42 AM.
PlayfulPuppy is offline  
Old 02-24-2007, 11:58 AM   #19
ShadeEX

ShadeEX's Avatar
Re: forum spam...
I just ran into one of those spammers over at Ritualistics forum.. named Talk123 apparently they sell phones

Needles to say i told them to get lost and reported the user too the admins..

They just never learn do they
__________________
Quote: "In an infinite universe where reality is interpreted through our continuously fluxuating perception, providing absolute definitive proof of anything becomes a little more than speculation based on random data."

My Youtube Page-My Website(Not updated yet)-My Other Blog
ShadeEX is offline  
Old 02-24-2007, 02:30 PM   #20
Altered Reality

Altered Reality's Avatar
Re: forum spam...
Quote:
Originally Posted by Hendricks266 View Post
Correct. Ever heard of OCR (Optical Character Recognition)?
What about using a "reverse CAPTCHA"? I mean an algorithm which, instead of obfuscating a word, creates pictures with lots of useless characters among few characters that must be typed in? Something like this (in this case, you'd be supposed to type in "captcha"):
__________________
[...] We view customers as complete morons that will never catch on and [...] we're lying to them all the time. (Gabe Newell, Valve)
I'm the worst enemy in film-making and a completely talentless idiot. (Uwe Boll)
Faith is why you are wrong. (Crosma)
Last edited by Altered Reality; 02-24-2007 at 02:33 PM.
Altered Reality is offline  
Old 03-06-2007, 12:25 PM   #21
Little Conqueror

Little Conqueror's Avatar
Re: forum spam...
That's a very good idea.
__________________
If wishes were fishes, we'd smell like ladies' underwear.

"If you join the good fight, you get 72 domain names when you die." -- Wamplet
Little Conqueror is offline  
Old 03-12-2007, 12:27 PM   #22
Nacho

Nacho's Avatar
Re: forum spam...
Quote:
Originally Posted by Little Conqueror View Post
That's a very good idea.
I'm inclined to agree.
Nacho is offline  
Old 03-12-2007, 12:36 PM   #23
wayskobfssae

wayskobfssae's Avatar
Re: forum spam...
A logic test might even be better. Something that requires a certain degree of intelligence, such as finding the word that doesn't fit in with the others.

It would also be nice if Captcha required a form of user input OTHER than the keyboard, and something other than the most basic web form, which is the easiest for a bot to mimick.

A java applet or a flash movie of some kind could actually track mouse coordinates to determine if the cursor motion was linear or not.
__________________
"A Nightingale in a Golden Cage... that's me locked inside Reality's Maze" -- Nightwish
wayskobfssae is offline  
Old 03-26-2007, 12:17 AM   #24
Little Conqueror

Little Conqueror's Avatar
Re: forum spam...
Perhaps an animated captcha image could work, too. It has a bunch of slow frames, showing the letters one at a time with a bunch of excess letters in different colors.
__________________
If wishes were fishes, we'd smell like ladies' underwear.

"If you join the good fight, you get 72 domain names when you die." -- Wamplet
Little Conqueror is offline  
Old 03-26-2007, 02:30 AM   #25
theHunted
Re: forum spam...
yey, this is fun
Let me jump in with my idea:

An image that lists 10 words or random strings each with a different unique color. The first line in the image says something like "Please type the red string in the textbox". All of this could be written with an easy to read font and a layout that is easy to read, not like the current captchas where even humans can have a hard time to read the code at times. It features both, the need for intelligence (identifying the color from the instruction), as well as the confusion factor of having multiple strings in the same image. Yet it's still very simple and easy to understand.

Possible drawbacks I can think of right now: When using more than, say, 10 strings with different colors it might become hard to distinguish between colors (e.g. is it a light brown or an orange!?).
Other than that I cant think of drawbacks right now.

Props go out to wayskobfssae and Altered Reality . I think my idea is a fine blend of your suggestions.

edit: To make it even more secure, instead of simple strings one could put simple mathematic equations like (1+2, 5+10, 66-1). The user would have to type the correct number in the textbox. Note that I don't believe this to be 100% uncrackable, but all of this would add a lot to the complexity of a system to hack this I believe. (No bragging intended but I once had to write a little OCR application using neural nets for a class at university).
Attached Images
File Type: jpg captcha.JPG (10.3 KB, 20 views)
__________________
M:I - New Dawn
a Max Payne 2 modification
Last edited by theHunted; 03-26-2007 at 02:55 AM.
theHunted is offline  
Old 03-26-2007, 08:23 AM   #26
SonnyBonds

SonnyBonds's Avatar
Re: forum spam...
What about color blind people?
SonnyBonds is offline  
Old 03-26-2007, 08:39 AM   #27
theHunted
Re: forum spam...
Quote:
Originally Posted by SonnyBonds View Post
What about color blind people?
*starts to feel a little unconfortable*
Seriously I hope I didn't piss off anybody. I really didn't think about that option at all. There goes my concept down the drain. I guess there might be a reason why there's still the same old sort of captchas.
__________________
M:I - New Dawn
a Max Payne 2 modification
theHunted is offline  
Old 03-28-2007, 01:12 PM   #28
Nacho

Nacho's Avatar
Re: forum spam...
Altered Reality has the best idea yet.
Nacho is offline  
Old 03-30-2007, 12:18 PM   #29
Altered Reality

Altered Reality's Avatar
Re: forum spam...
Thanks.
__________________
[...] We view customers as complete morons that will never catch on and [...] we're lying to them all the time. (Gabe Newell, Valve)
I'm the worst enemy in film-making and a completely talentless idiot. (Uwe Boll)
Faith is why you are wrong. (Crosma)
Altered Reality is offline  
Old 03-30-2007, 08:26 PM   #30
wayskobfssae

wayskobfssae's Avatar
Re: forum spam...
Has 3d-rendered text been tried before? Might seem a bit outlandish, but I can't see any modern computer breathing too heavy having to make a low-detail graphic like that.

__________________
"A Nightingale in a Golden Cage... that's me locked inside Reality's Maze" -- Nightwish
wayskobfssae is offline  
Old 03-31-2007, 03:11 PM   #31
Hendricks266

Hendricks266's Avatar
Re: forum spam...
There's one problem with your example… it's really granular and hard to read.
Hendricks266 is offline  
Old 04-01-2007, 11:22 AM   #32
wayskobfssae

wayskobfssae's Avatar
Re: forum spam...
Well, most of what is already generated to thwart bots is hard to read.
__________________
"A Nightingale in a Golden Cage... that's me locked inside Reality's Maze" -- Nightwish
wayskobfssae is offline  
Old 04-02-2007, 04:33 AM   #33
IHerman
Re: forum spam...
How about this one.

It would automatically make it impossible for a lot of people to register altogether but it's fun and probably nearly impossible to break. (although I don't think it's impossible)
Attached Images
File Type: gif stereocode.gif (39.8 KB, 28 views)
__________________
Chances are I lost my point in this post after about two lines.
IHerman is offline  
Old 04-02-2007, 09:19 AM   #34
wayskobfssae

wayskobfssae's Avatar
Re: forum spam...
ABC

Not sure how hard it is for a computer to 'decrypt' that though..
__________________
"A Nightingale in a Golden Cage... that's me locked inside Reality's Maze" -- Nightwish
wayskobfssae is offline  
Old 04-05-2007, 08:34 AM   #35
NetNessie

NetNessie's Avatar
Re: forum spam...
Sure as hell I can't
__________________
Ink Grass LazyMoon Photography
"Say something wise, and your name will be remembered forever." - Anonymous
NetNessie is offline  
Old 04-05-2007, 12:04 PM   #36
Altered Reality

Altered Reality's Avatar
Re: forum spam...
Just like there are colorblind people, there are people who don't have stereovision (e.g. they are strabic, or blind from an eye). They will NEVER be able to see the hidden word in IHerman's example.
__________________
[...] We view customers as complete morons that will never catch on and [...] we're lying to them all the time. (Gabe Newell, Valve)
I'm the worst enemy in film-making and a completely talentless idiot. (Uwe Boll)
Faith is why you are wrong. (Crosma)
Altered Reality is offline  
Old 04-05-2007, 01:42 PM   #37
wayskobfssae

wayskobfssae's Avatar
Re: forum spam...
Quote:
Originally Posted by Altered Reality View Post
Just like there are colorblind people, there are people who don't have stereovision (e.g. they are strabic, or blind from an eye). They will NEVER be able to see the hidden word in IHerman's example.
There are blind people who surf the net too, and can't make use of ANY kind of graphical failsafe.
__________________
"A Nightingale in a Golden Cage... that's me locked inside Reality's Maze" -- Nightwish
wayskobfssae is offline  
Old 04-06-2007, 02:14 AM   #38
NetNessie

NetNessie's Avatar
Re: forum spam...
There are auditory captcha's, but I've only seen MSN and Google use them so far.
__________________
Ink Grass LazyMoon Photography
"Say something wise, and your name will be remembered forever." - Anonymous
NetNessie is offline  
Old 04-06-2007, 06:07 PM   #39
Killd a ton

Killd a ton's Avatar
Re: forum spam...
Quote:
Originally Posted by IHerman View Post
How about this one.

It would automatically make it impossible for a lot of people to register altogether but it's fun and probably nearly impossible to break. (although I don't think it's impossible)
he im usualy good at theas but right now im using a small (3.6") screen with a high dpi (640x480 you do the math), I think I 16 after som fighting x(

theres also speech recognition software out there so audio isn't bulid proof either.

how about writing something offensive and then asking if it hurt the users fealings as computers dosen't have thows :P

How abou having to answer yes now to a list of images "is this food?" showing a picture of a burger or boot.
ofcause the images should be passed threw a script with a url based on a md5 of the session id or something like that.

negated querys seams a good option too.
also how about seporating the text that the user has to enter from the input bux and having an invisible dummy input next to the text, then name the real input something runrelated like "nickname" (the real nickname input could be named "nick"), ofcause just about any methode get inefective once it gets populare or is chalanged by sweat shops.
only thing that I would think could work againt sweat shops is complex english gramma (lotso of spam is gramaticaly very incorrect), ofcause lots of humans would fail this one to (probably my self). And time consuming tasks.
__________________
hell-angel: "I would sig this if I had the room."

Duke 3D art to do list
New and improved.
Killd a ton is offline  
Old 04-07-2007, 01:33 PM   #40
ADM

ADM's Avatar
Re: forum spam...
Have a look at what you need to do to register to these forums now, it's called NoSpam! and it's basically custom questions that need to be answered to sign up.

Bots arn't intellegent enough to answer custom specific questions so it blocks out all spam (this tied in with captcha does a pretty good job).

I set this nospam mod up at the official Alan Wake forums and it's done pretty well, spam is still slipping through but the ones that do arn't bots but humans. We get a tonne of spam over there and it's cut away quite a bit of it, it's my ongoing attempt at fighting them and I'm always looking at ways to stop spam from humans more than bots.
ADM is offline  
 

Bookmarks

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 04:22 AM.

Page generated in 0.23080397 seconds (100.00% PHP - 0% MySQL) with 17 queries

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2019, vBulletin Solutions, Inc.

Website is 1987-2014 Apogee Software, Ltd.
Ideas and messages posted here become property of Apogee Software Ltd.