We have a spam problem

This is an archive of a topic from NESdev BBS, taken in mid-October 2019 before a server upgrade.
View original topic
We have a spam problem
by on (#181764)
I've been cleaning out a lot of spam today, both in new topics and in replies to existing topics. I see spam in English about medications and spam in Russian about what appear to be credit card copying tools. Even the "One Click Ban" MOD, which is installed here, doesn't help because the spammers keep registering new user accounts. Off the top of my head, I thought of some possible countermeasures:

  • Rotate the registration Q&A
  • Requiring approval of a new user's first post
  • Install a tool to detect and reject posts matching a regular expression, possibly analogous to AbuseFilter for MediaWiki

With the exception of changing the Q&A, I lack enough experience with phpBB3 MODs to recommend anything. What should we try?
Re: We have a spam problem
by on (#181797)
Start doing what I was doing back when I moderated? (Hint: it doesn't involve phpBB at all) (Again: I refuse to disclose the details publicly because the spammers will just use knowledge of the methodology to bypass it)
Re: We have a spam problem
by on (#181876)
Isn't there a Delete User command that also deletes all their posts?
Re: We have a spam problem
by on (#181878)
Dwedit wrote:
Isn't there a Delete User command that also deletes all their posts?

Deleting a user in phpBB does not delete all their posts. There's no such option. Maybe there's a mod/plugin for it, but not out of the box.
Re: We have a spam problem
by on (#181879)
Can you use SQL to delete all of a user's posts?

You may also temporarily disable new users registration
Re: We have a spam problem
by on (#181896)
We are a niche community, there is nothing wrong with that. The simplest way to stop spam is that new users have only access to a private forum where they need to explain why they want to post on nesdev. Once a moderator confirm that the reason is valid then you give them access to all the forums. If you want to be even more strict then once promoted to a temporary user, you limit to 1 post per day or something like that to see what will be posted.

It may be annoying for new users but once they have proven that they really want to participate respectfully with the community then all restrictions are removed. Any person with common sense will respect that.

In the bbs days with frontdoor I think you had to mail to the sysop before you could have access to the board. There is nothing wrong to put your feet on the ground when there is abuse of the system. I can give some of my time to check the messages of new users if required.
Re: We have a spam problem
by on (#181897)
When you delete a user, there is an option to delete/retain posts. It's under Manage Users, then Delete (and select option) is at the bottom (whether that's built-in or a mod, I don't know). The only downside is that afterwards you don't know what their IP address, but it's pretty much looking like IP blocking is pretty useless.. I don't think they're re-used much.

I guess what I'm wondering is how many legit users are using mail.ru, I swear something like 80% of the spammers are using emails from there. I don't want to screw over legit users. I did ban quite a few shady-looking email domains that were clearly being reused, but that's just a drop in the bucket.

Rotating the spam questions out seemed to help for a while last time. Though I think we should save the old questions and re-use them a while later, because we're gonna run out of stuff to ask pretty quickly (before going too obscure).

If I have some time tonight, I'll post some ideas I have in the admin forum (might as well not show all the cards where the offenders can see it).
Re: We have a spam problem
by on (#181899)
Memblers wrote:
I guess what I'm wondering is how many legit users are using mail.ru, I swear something like 80% of the spammers are using emails from there. I don't want to screw over legit users. I did ban quite a few shady-looking email domains that were clearly being reused, but that's just a drop in the bucket.


TCRF.net automatically rejects registration from users with mail.ru addresses, and out of all the registration attempts it has caused, I can't think of a single time it has affected a legitimate user.
Re: We have a spam problem
by on (#181904)
On my tiny message board, I block the IP, then the class C if there's another from a similar IP, then the class B if there's another from a similar IP. Yes, way too overreaching, but good enough.
But I haven't had to do much of that since adding the registration question.
Re: We have a spam problem
by on (#181909)
We have legitimate Russian users on this forum. I would be very wary of keying off of that.

And again: I refuse to publicly discuss the heuristics of what to key off of to ban/block someone. For Tepples and/or Memblers: just use the methodology I used when I moderated and things will clear up. It's more involved and requires manual effort + review of logs, but it holds up. (Unless, of course, after the server move, the methodology broke... which if so, would explain quite a lot)
Re: We have a spam problem
by on (#181910)
Memblers wrote:
When you delete a user, there is an option to delete/retain posts. It's under Manage Users, then Delete (and select option) is at the bottom (whether that's built-in or a mod, I don't know).

Don't remember seeing this checkbox before -- thank you for educating me!
Re: We have a spam problem
by on (#181948)
Thank you to the mods for your efforts in cleaning this up. I know I only saw a small part of the mess, and I appreciate the work being done to get rid of it.
Re: We have a spam problem
by on (#182052)
Man, this spam wave is getting really out of hand! I don't remember any other previous attack being this strong.
Re: We have a spam problem
by on (#182077)
Banshaku wrote:
The simplest way to stop spam is that new users have only access to a private forum where they need to explain why they want to post on nesdev. Once a moderator confirm that the reason is valid then you give them access to all the forums.

This seems like a decent solution. Whether it's technically feasible or whether it adds too much work for the moderators is another question. If something like this is implemented, it would be best if all registered users can read all forums, but can only post on the private verification forum, since I think some people register for the sole purpose of being able to track which threads/posts they have read.

Chances are this is not easily achievable in phpBB, though.
Re: We have a spam problem
by on (#182080)
They're baaaaaack!
Re: We have a spam problem
by on (#182127)
And again.

Spam, spam, spam, spamity, spam. (Monty Python).
I don't like Spam!
Re: We have a spam problem
by on (#182131)
I think manual approval of posts by new users is the only way to catch everything. Google Groups does something similar, or did when I last used it.
Re: We have a spam problem
by on (#182135)
How can that be set up from the Administration Control Panel?
Re: We have a spam problem
by on (#182138)
tepples wrote:
How can that be set up from the Administration Control Panel?


I was reading about this last night, the "Newly Registered Users Group".
https://www.phpbb.com/community/viewtop ... &t=1861645

I think we might get a little tired of it, once the spammers break through it's something like a 15:1 ratio of bots vs users. But it couldn't be worse than the current situation of banning accounts and deleting posts.
Re: We have a spam problem
by on (#182140)
People with post counts of 0 should just not be able to post links.
Re: We have a spam problem
by on (#182152)
Dwedit wrote:
People with post counts of 0 should just not be able to post links.

I disagree. The problem is not "posting links", the problem is the content as a whole, links or not.

My $0.02: you folks (tepples/Memblers/others recommending fixes) are going about solving this all wrong. Yes, a only-approved-registered-users-can-post would solve the problem (does anyone remember me telling everyone to do that, oh, YEARS ago? :P), but there's also solutions for the existing situation that don't require that (again: see the model I implemented when I was modding). For now I'll bow out of the forums for a while until this gets rectified.