mahiinfobase
Sat 27 January 2007, 07:53 am GMT +0100
<snipped />
DON'T SPAM THIS FORUM!
DON'T SPAM THIS FORUM!
Nikolas
Sat 27 January 2007, 12:37 pm GMT +0100
Interesting. That spammer was not a bot, but a real person....
Banned :)
Banned :)
ventureskills
Sat 27 January 2007, 03:10 pm GMT +0100
It might be worth changing the title of the post, I was speaking with a friend who works for an anti spam company who was talking about trail blazers, where real people leave messages that are then used by bots to find sites. This apparently is becoming a real problem though I guess they would normally not be so blatant.
Nikolas
Sun 28 January 2007, 12:20 am GMT +0100
Done ;)
olaf
Sun 28 January 2007, 08:59 am GMT +0100
artcoder
Sat 3 February 2007, 07:31 pm GMT +0100
What about adding a captcha every time someone submits a post? Just a thought.
olaf
Sat 3 February 2007, 07:43 pm GMT +0100
What about adding a captcha every time someone submits a post? Just a thought.
please, the captcha is not very usefull for a forum, this guy above was btw. human...ventureskills
Sat 3 February 2007, 10:26 pm GMT +0100
captcha are useless sadly against forum spammers who on the whole are humans, and even then most well known captcha classes have been gotten around. Some of the best of this type of defence is the human readable question.
Question if I had three apples and one pear how many apples would I have if I eat one.
Now its pretty easy to program the answer to this question, but if the question keeps changing you need to reprogram the logic, much harder also much harder to program in the first place.
Question if I had three apples and one pear how many apples would I have if I eat one.
Now its pretty easy to program the answer to this question, but if the question keeps changing you need to reprogram the logic, much harder also much harder to program in the first place.
Nikolas
Sun 4 February 2007, 01:37 am GMT +0100
99,9% of spammers in this forum are humans.
The reasons are easy to find out :
1) The $_POST variables for registering at the forum are constantly changing (this stops more 30-100 new "users" per day)
2) The tag system is unique so there is no spam bot programmed to also post tags.
Hope this will keep us clean in the future, but I am sure I will have to code more antispam features as spam bots are getting more inteligent. For instance in one of my sites spam bots can even bypass CAPTCHA so I had to add a "bad word" list filter.....
Anyway this is a big war, and I guess there will be no end to it.
The reasons are easy to find out :
1) The $_POST variables for registering at the forum are constantly changing (this stops more 30-100 new "users" per day)
2) The tag system is unique so there is no spam bot programmed to also post tags.
Hope this will keep us clean in the future, but I am sure I will have to code more antispam features as spam bots are getting more inteligent. For instance in one of my sites spam bots can even bypass CAPTCHA so I had to add a "bad word" list filter.....
Anyway this is a big war, and I guess there will be no end to it.
olaf
Sun 4 February 2007, 10:04 am GMT +0100
Some of the best of this type of defence is the human readable question.
Question if I had three apples and one pear how many apples would I have if I eat one.
Now its pretty easy to program the answer to this question, but if the question keeps changing you need to reprogram the logic, much harder also much harder to program in the first place.
Question if I had three apples and one pear how many apples would I have if I eat one.
Now its pretty easy to program the answer to this question, but if the question keeps changing you need to reprogram the logic, much harder also much harder to program in the first place.
I use this type of validation on my WP blog:
(To test if you're a human) What is the sum of 1 and 4 ? (required)
the sum is random but the question is still the same, the result less spam and less work for akismet ;)
ventureskills
Sun 4 February 2007, 10:45 am GMT +0100
if you can convert numbers to full words it becomes even more effective, or rather takes spammers longer to work around, full sentences even generated ones are pretty simple to create but not so simple to crack, though once you work out the logic.
words + number1 +operator +number2 +falsenegative +sum = human
the flase negative is the real test, any computer can add 1 + 2 given enough thought but its a lot more difficult for it to rule out a false negative. So using the above
I have 3 apples plus two pears plus one lion how many fruit pieces do I have?
by creating subset of your questions
fruit ->apples, pears, oranges
animals ->lion, tiger, dear
cars -> BMW, audi, mazda
You now have the basis, select two from one subset and one or more from a second, use the title of the subset as your positive marker, how many [fruit/animals/cars] and your done
words + number1 +operator +number2 +falsenegative +sum = human
the flase negative is the real test, any computer can add 1 + 2 given enough thought but its a lot more difficult for it to rule out a false negative. So using the above
I have 3 apples plus two pears plus one lion how many fruit pieces do I have?
by creating subset of your questions
fruit ->apples, pears, oranges
animals ->lion, tiger, dear
cars -> BMW, audi, mazda
You now have the basis, select two from one subset and one or more from a second, use the title of the subset as your positive marker, how many [fruit/animals/cars] and your done
olaf
Sun 4 February 2007, 11:03 am GMT +0100
Quote
if you can convert numbers to full words it becomes even more effective, or rather takes spammers longer to work around, full sentences even generated ones are pretty simple to create but not so simple to crack, though once you work out the logic.
This is a good idea and not so hard to program, Thanks!
Nikolas
Sun 4 February 2007, 01:00 pm GMT +0100
The only problem is that you make legit users feel less comfortable.
For instance think how would you feel if you had to do this every time you posted something in this forum?
For instance think how would you feel if you had to do this every time you posted something in this forum?
olaf
Sun 4 February 2007, 01:14 pm GMT +0100
The only problem is that you make legit users feel less comfortable.
For instance think how would you feel if you had to do this every time you posted something in this forum?
yes that's true, for myself I accept that validation fro blog comments and contact forms but never for (favorite) forums...For instance think how would you feel if you had to do this every time you posted something in this forum?
I joined a forum today where my post with some external URL need to be approved by the admin and regular postings not, maybe this a good way to prevent spamming
ventureskills
Sun 4 February 2007, 03:20 pm GMT +0100
I whole heartedly agree and of course it won't stop a human spammer except those who don't speak the language of the forum, multi language captcha would be a bit of a nightmare.
However this may be a great for signup pages, an alternative to moderating url of first timers could be simply to not allow people with less than 10 posts/points from having active urls, or simply have first time posters have no follows on all URLs until x number of posts.
It might not deter anyone but it limits the damage so to speak
However this may be a great for signup pages, an alternative to moderating url of first timers could be simply to not allow people with less than 10 posts/points from having active urls, or simply have first time posters have no follows on all URLs until x number of posts.
It might not deter anyone but it limits the damage so to speak
olaf
Sun 4 February 2007, 03:26 pm GMT +0100
.. at the end there are not so much "visible" spam posts here at least not for a longer time :)
Nikolas
Sun 4 February 2007, 03:29 pm GMT +0100
That's not a solution. In fact I have already tried it, but they simply don't care as they are bots :)
BTW at this moment we have 4 bots trying to register....
BTW at this moment we have 4 bots trying to register....